Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware 192

Spyware Mobile Advertising Software 192

Security Affairs

NOVEMBER 24, 2020

The two apps were discovered by Palo Alto Networks, which identify them, along with other apps leaking data, using a machine learning (ML)-based spyware detection system. The data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps. SecurityAffairs – hacking, Android).

Data collection 108

Data collection Mobile Spyware Surveillance 108

Malwarebytes

FEBRUARY 13, 2024

In 2022, tech publication TechCrunch discovered that TheTruthSpy and other spyware apps share a common Insecure Direct Object Reference (IDOR) vulnerability, CVE-2022-0732. The publications described the bug as “extremely easy to exploit, and grants unfettered remote access to all of the data collected from a victim’s Android device.”

Spyware 127

Spyware Data collection Malware Hacking 127

Security Affairs

SEPTEMBER 18, 2020

Every third email, meanwhile, contained spyware , which is used by threat actors to steal payment data or other sensitive info to then put it on sale in the darknet or blackmail its owner. SecurityAffairs – hacking, ransomware). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Phishing 106

Phishing Ransomware Spyware Banking 106

Security Affairs

MARCH 14, 2019

The domain name used for the sniffer’s codes storage and as a gate for stolen data collection was registered on May 7, 2018. We dubbed this JS Sniffer family GMO because the malware uses gmo[.]li li host.”. GMO can detect Firebug and Google Developer Tools, which allows the sniffer to remain undetected.

eCommerce 90

eCommerce Marketing Data breaches Advertising 90

SecureList

FEBRUARY 16, 2023

Scammers sent a link to that page from hacked accounts, asking users to vote for their friends’ kids’ works. Both can be used to steal user data, collect information about the corporate network, and spread additional malware, such as ransomware. Scammers created a page on the telegra.ph

Phishing 103

Phishing Scams Accountability Energy and Utilities 103

Security Affairs

JULY 21, 2019

Experts spotted a rare Linux Desktop spyware dubbed EvilGnome. Israel surveillance firm NSO group can mine data from major social media. Poland and Lithuania fear that data collected via FaceApp could be misused. Scraping the TOR for rare contents. The Problem With the Small Business Cybersecurity Assistance Act.

Small Business 57

Small Business Media Spyware DNS 57