Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 69

Cybercrime Artificial Intelligence Hacking VPN 69

Security Affairs

FEBRUARY 26, 2025

” LightSpy now targets social media platforms like Facebook and Instagram from Android, extracting messages, contacts, and metadata, enhancing surveillance and exploitation potential. Additionally, the list references “Enigma,” which may correspond to the secure messaging platform of the same name.”

Data collection 101

Data collection Spyware Media Surveillance 101

Security Affairs

FEBRUARY 9, 2025

US Justice Department says cybercrime forum allegedly affected 17 million Americans Cybercrime is increasingly complex.

Spyware 59

Spyware Cybercrime Scams Social Engineering 59

Security Affairs

DECEMBER 24, 2019

According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. The report said US intelligence officials and a security researcher determined the app was being used by the UAE government for detailed surveillance. SecurityAffairs – ToTok, surveillence).

Government 94

Government Surveillance Advertising Mobile 94

Security Affairs

AUGUST 18, 2021

surveillance law to be incompatible with EU privacy rights.” SecurityAffairs – hacking, cybercrime). The post Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR appeared first on Security Affairs. Privacy Shield ), finding U.S. ” states Yahoo News. for processing purposes.

Surveillance 145

Surveillance Cybercrime Hacking Government 145

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 123

Social Engineering Data breaches Spyware Malware 123

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Identity Theft 105

Identity Theft Computers and Electronics Surveillance Hacking 105

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Data breaches 127

Data breaches Surveillance Ransomware Cryptocurrency 127

Security Affairs

JUNE 23, 2022

The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region.

Spyware 108

Spyware Surveillance Software Media 108

Security Affairs

SEPTEMBER 14, 2023

A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, was infected with the surveillance software. However, there is no public evidence that the Russian government is a client of the Israeli surveillance firm NSO Group. ” states Access Now.

Spyware 129

Spyware Surveillance Media Government 129

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 123

Spyware Surveillance DDOS Identity Theft 123

Security Affairs

MARCH 27, 2025

.” Arkana exposes victims and publishes sensitive personal information about the breached organizations executives on its leak site. At this time, the group also listed the company Oregon Surveillance Network on the leak site. Arkana claimed to have breached WOW!s

Hacking 75

Hacking Telecommunications Data breaches Internet 75

Security Affairs

FEBRUARY 10, 2022

Spyware are powerful weapons in the arsenal of governments and cybercrime gangs. Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. The surveillance business is growing in the dark and is becoming very dangerous. Is the Pegasus spyware as a game-changer?

Spyware 98

Spyware Hacking Ransomware Surveillance 98

Security Affairs

SEPTEMBER 1, 2024

Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong EU investigating Telegram over user numbers Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Malware 117

Malware Surveillance Firewall Phishing 117

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance 145

Surveillance Authentication Telecommunications Manufacturing 145

Security Affairs

MARCH 29, 2025

Camera Access: Starts front camera streaming for potential identity theft or surveillance. Hidden RAT Mode: Can enable “hidden” remote access while muting the phone and displaying a black overlay to conceal activities. Data Theft: Captures Google Authenticator screen content to steal OTP codes.

Banking 66

Banking Mobile Identity Theft Malware 66

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. “The adversary might be tied to Iran’s Islamic regime since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten, and Rampant Kitten.

Surveillance 109

Surveillance Social Engineering Ransomware Cybercrime 109

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. Royal was then able to traverse the internal City infrastructure during the surveillance period using legitimate 3rd party remote management tools.”

Ransomware 131

Ransomware Surveillance Healthcare Accountability 131

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc. .

Accountability 108

Accountability Data breaches Passwords Advertising 108

Security Affairs

MARCH 28, 2024

In 2023, the researchers attributed a combined total of 48 out of 58 zero-day vulnerabilities to commercial surveillance vendors (CSVs) and government espionage actors, while 10 zero-day flaws were attributed to financially motivated actors.

Government 137

Government Surveillance Ransomware Cybercrime 137

Security Affairs

APRIL 16, 2023

New Android malicious library Goldoson found in 60 apps +100M downloads Siemens Metaverse exposes sensitive corporate data CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog Volvo retailer leaks sensitive files A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays Google fixed (..)

Data breaches 98

Data breaches Spyware Surveillance Retail 98

Security Affairs

JULY 30, 2023

Now Abyss Locker also targets VMware ESXi servers Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency Monitor Insider Threats but Build Trust First Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS DepositFiles exposed (..)

Surveillance 98

Surveillance Cryptocurrency Cyber Attacks Hacking 98

Security Affairs

DECEMBER 4, 2022

” Privacy advocates are raising the alarm on surveillance activities operated by law enforcement by collecting data from connected systems in modern cars. “New cars are surveillance on wheels, sending sensitive passenger data to carmakers and police.

Surveillance 108

Surveillance Technology Hacking Mobile 108

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 121

Artificial Intelligence Data breaches Scams Insurance 121

Security Affairs

APRIL 17, 2022

Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The unceasing action of Anonymous against Russia Threat actors target the Ukrainian gov with IcedID malware Threat actors use Zimbra exploits to target organizations in Ukraine Conti Ransomware Gang claims responsibility for the Nordex hack ZingoStealer crimeware released (..)

Wireless 100

Wireless Data breaches Hacking Surveillance 100

Security Affairs

JANUARY 14, 2022

Hensoldt AG focuses on sensor technologies for protection and surveillance missions in the defence, security and aerospace sectors. Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom.

Ransomware 138

Ransomware Surveillance Mobile Encryption 138

Security Affairs

MAY 9, 2022

Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums.

Cybercrime 100

Cybercrime Malware Surveillance DDOS 100

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% If you want to also receive for free the newsletter with the international press subscribe here.

Spyware 140

Spyware Manufacturing Small Business Surveillance 140

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 119

Cyber Attacks Firewall Data breaches Telecommunications 119

Security Affairs

SEPTEMBER 3, 2022

Google rolled out emergency fixes to address actively exploited Chrome zero-day Samsung discloses a second data breach this year The Prynt Stealer malware contains a secret backdoor. users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M

Data breaches 97

Data breaches Malware Ransomware Surveillance 97

Security Affairs

APRIL 19, 2020

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. April 17 – Syria-linked APT group SEA targets Android users with COVID19 lures. April 18 – Trickbot is the most prolific malware operation using COVID-19 themed lures.

Scams 140

Scams Malware Phishing Surveillance 140

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Ransomware 124

Ransomware Data breaches Hacking Financial Services 124

Security Affairs

JULY 20, 2023

“After it’s installed and launched, WyrmSpy uses known rooting tools to gain escalated privileges to the device and perform surveillance activities specified by commands received from its C2 servers. ” DragonEgg is similar to WyrmSpy, it rely on additional payloads to implement sophisticated surveillance capabilities.

Spyware 98

Spyware Surveillance Mobile Malware 98

Security Affairs

JANUARY 9, 2022

“In future, the army will forbid its relatives from exchanging information with one another via Whats app, signal or telegram and from disseminating official instructions via these channels.” ” states the U.S.

Computers and Electronics 120

Computers and Electronics Encryption Surveillance Cybercrime 120

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 98

Spyware Hacking Data breaches Mobile 98

Security Affairs

MARCH 19, 2021

The malware would provide Kriuchkov and co-conspirators, the malicious code was specifically designed to steal information from Tesla. The employee had more meetings with Kriuchkov that were surveilled by the FBI. The employee decided to warn Tesla and the company reported the attempt to the FBI.

Malware 144

Malware Surveillance Hacking Technology 144

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98