Security Affairs

FEBRUARY 10, 2022

Spyware are powerful weapons in the arsenal of governments and cybercrime gangs. Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. The surveillance business is growing in the dark and is becoming very dangerous. Is the Pegasus spyware as a game-changer?

Spyware 94

Spyware Hacking Ransomware Surveillance 94

Security Affairs

JULY 30, 2023

Now Abyss Locker also targets VMware ESXi servers Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency Monitor Insider Threats but Build Trust First Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS DepositFiles exposed (..)

Surveillance 84

Surveillance Cryptocurrency Cyber Attacks Hacking 84

Security Affairs

APRIL 16, 2023

New Android malicious library Goldoson found in 60 apps +100M downloads Siemens Metaverse exposes sensitive corporate data CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog Volvo retailer leaks sensitive files A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays Google fixed (..)

Data breaches 79

Data breaches Spyware Retail Surveillance 79

Security Affairs

DECEMBER 24, 2019

According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. The report said US intelligence officials and a security researcher determined the app was being used by the UAE government for detailed surveillance. SecurityAffairs – ToTok, surveillence).

Government 65

Government Surveillance Advertising Mobile 65

Security Affairs

AUGUST 18, 2021

surveillance law to be incompatible with EU privacy rights.” SecurityAffairs – hacking, cybercrime). The post Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR appeared first on Security Affairs. Privacy Shield ), finding U.S. ” states Yahoo News. for processing purposes.

Surveillance 143

Surveillance Cybercrime Government Hacking 143

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS 94

DDOS Hacking Spyware Surveillance 94

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. Royal was then able to traverse the internal City infrastructure during the surveillance period using legitimate 3rd party remote management tools.”

Ransomware 111

Ransomware Surveillance Healthcare Accountability 111

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Identity Theft 78

Identity Theft Computers and Electronics Surveillance Hacking 78

Security Affairs

JULY 20, 2023

“After it’s installed and launched, WyrmSpy uses known rooting tools to gain escalated privileges to the device and perform surveillance activities specified by commands received from its C2 servers. ” DragonEgg is similar to WyrmSpy, it rely on additional payloads to implement sophisticated surveillance capabilities.

Spyware 88

Spyware Surveillance Mobile Malware 88

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 98

Artificial Intelligence Data breaches Scams Insurance 98

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance 144

Surveillance Authentication Telecommunications Manufacturing 144

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 95

Spyware Hacking Data breaches Mobile 95

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. “The adversary might be tied to Iran’s Islamic regime since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten, and Rampant Kitten.

Surveillance 95

Surveillance Social Engineering Cybercrime Phishing 95

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 89

Cyber Attacks Firewall Data breaches Telecommunications 89

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 97

Data breaches Malware Mobile Spyware 97

Security Affairs

APRIL 17, 2022

Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The unceasing action of Anonymous against Russia Threat actors target the Ukrainian gov with IcedID malware Threat actors use Zimbra exploits to target organizations in Ukraine Conti Ransomware Gang claims responsibility for the Nordex hack ZingoStealer crimeware released (..)

Wireless 82

Wireless Data breaches Hacking Surveillance 82

Security Affairs

SEPTEMBER 3, 2022

Google rolled out emergency fixes to address actively exploited Chrome zero-day Samsung discloses a second data breach this year The Prynt Stealer malware contains a secret backdoor. users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M

Data breaches 71

Data breaches Malware Surveillance Ransomware 71

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% If you want to also receive for free the newsletter with the international press subscribe here.

Spyware 128

Spyware Manufacturing Small Business Surveillance 128

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 94

Data breaches DDOS Artificial Intelligence Ransomware 94

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying.

Surveillance 129

Surveillance IoT Accountability Passwords 129

Security Affairs

MARCH 26, 2023

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days CISA announced the Pre-Ransomware Notifications initiative China-linked hackers target telecommunication providers in the Middle East City of Toronto is one of the victims hacked by Clop gang using GoAnywhere (..)

Data breaches 84

Data breaches DDOS Backups Ransomware 84

Security Affairs

JANUARY 14, 2022

Hensoldt AG focuses on sensor technologies for protection and surveillance missions in the defence, security and aerospace sectors. Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom.

Ransomware 125

Ransomware Surveillance Mobile Encryption 125

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 79

Spyware Ransomware Malware Data breaches 79

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc. .

Accountability 86

Accountability Data breaches Passwords Advertising 86

Security Affairs

APRIL 16, 2023

Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported.

Accountability 94

Accountability Phishing Financial Services Surveillance 94

Security Affairs

JULY 24, 2022

ransom and sued its insurance firm for refusing to cover this payment Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Google is going to remove App Permissions List from the Play Store Security Affairs newsletter Round 374 by Pierluigi Paganini APT groups target journalists and media organizations since 2021.

Spyware 97

Spyware Surveillance Insurance Malware 97

Security Affairs

JULY 31, 2022

and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop?

Firmware 78

Firmware Surveillance Malware DDOS 78

Security Affairs

APRIL 2, 2022

CVE-2016-5674 targets NUUO NVRmini2, NVRsolo, Crystal Devices, and NETGEAR ReadyNAS Surveillance products. The Beastmode botnet also includes exploits for the following issues: CVE-2021-45382 targets D-Link products (DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L and DIR-836L) CVE-2021-4045 targets TP-Link Tapo C200 IP camera.

DDOS 91

DDOS Firmware Surveillance IoT 91

Security Affairs

AUGUST 29, 2021

EskyFun data leak, over 1 million Android gamers impacted Boffins show PIN bypass attack Mastercard and Maestro contactless payments Phorpiex botnet shuts down and authors put source code for sale Atlassian released security patches to fix a critical flaw in Confluence An RCE in Annke video surveillance product allows hacking the device ChaosDB, a (..)

Spyware 103

Spyware Data breaches Surveillance Hacking 103

Security Affairs

JANUARY 16, 2022

US NCSC and DoS share best practices against surveillance tools Swiss army asks its personnel to use the Threema instant-messaging app Russian submarines threatening undersea cables, UK defence chief warns. Threat actors stole $18.7M Follow me on Twitter: @securityaffairs and Facebook.

Surveillance 81

Surveillance Ransomware Malware Hacking 81

Security Affairs

OCTOBER 12, 2021

Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR.

DDOS 102

DDOS Surveillance Hacking Internet 102

Security Affairs

FEBRUARY 13, 2022

to replace Chinese equipment Hackers breached a server of National Games of China days before the event Russian Gamaredon APT is targeting Ukraine since October Israeli surveillance firm QuaDream emerges from the dark Argo CD flaw could allow stealing sensitive data from Kubernetes Apps. US seizes $3.6 Pierluigi Paganini.

Spyware 79

Spyware Surveillance Ransomware Hacking 79

Security Affairs

MARCH 19, 2021

The malware would provide Kriuchkov and co-conspirators, the malicious code was specifically designed to steal information from Tesla. The employee had more meetings with Kriuchkov that were surveilled by the FBI. The employee decided to warn Tesla and the company reported the attempt to the FBI.

Malware 133

Malware Surveillance Hacking Technology 133

Security Affairs

APRIL 19, 2020

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. April 17 – Syria-linked APT group SEA targets Android users with COVID19 lures. April 18 – Trickbot is the most prolific malware operation using COVID-19 themed lures.

Scams 109

Scams Malware Phishing Surveillance 109

Security Affairs

NOVEMBER 2, 2019

The contribution of the cyber security community could help the company to solve real-world privacy challenges, making popular privacy-focused applications safer and more robust. In May, the email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement.

Technology 49

Technology Mobile Advertising Surveillance 49

Security Affairs

JUNE 10, 2022

The attack impacted the municipal police, surveillance cameras and ZTL traffic control systems, the authorities confirmed that the problems can last for days. “An order of priority was then drawn up for the reactivation of the services and platforms that are ordinarily managed through the information systems.

Ransomware 115

Ransomware Data breaches Cyber Attacks Surveillance 115

Security Affairs

DECEMBER 10, 2019

The attackers once compromised the target network log into the domain controller (DC) machine using the same admin account and maintain access, monitor the activity on the network and exfiltrate information. Experts found surveillance software on around 5% of all machines on the network (roughly 200 computers).

Ransomware 70

Ransomware Encryption Malware Advertising 70