Security Affairs

FEBRUARY 9, 2025

CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog Cisco addressed two critical flaws in its Identity Services Engine (ISE) Notorious hacker behind 40+ cyberattacks on strategic organizations arrested Lazarus APT targets crypto wallets using cross-platform JavaScript stealer U.S.

Spyware 63

Spyware Cybercrime Scams Social Engineering 63

Zero Day

JUNE 22, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Show more Have I Been Pwned is a search engine that you can use to see if your data has been breached.   Think you've been involved in a data breach?

Passwords 101

Passwords Data breaches Password Management Identity Theft 101

SecureList

NOVEMBER 28, 2024

The second, an article published in 2024 by the Google Threat Analysis Group, described the business model of various companies that provide commercial surveillance solutions. The first, published in 2021 by Motherboard and Citizen Lab, shared the first evidence and indicators related to the software.

Malware 115

Malware Government Software Spyware 115

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches 124

Data breaches Healthcare Cybercrime Hacking 124

Security Boulevard

APRIL 22, 2025

Your screen is shared throughout the exam, youre under near-continuous video surveillance, and you must perform a 360-degree scan of your workspace to confirm that no unauthorized devices or individuals are present. On a final note, its important to acknowledge that OffSec exams involve a high degree of monitoring.

Penetration Testing 52

Penetration Testing Engineering Risk Social Engineering 52

Jane Frankland

JANUARY 12, 2025

These groups are also shifting toward more human-centric exploits , like social engineering and insider assistance. These challenges include bias and discrimination embedded in algorithms, privacy violations due to enhanced surveillance capabilities, and the difficulty of assigning accountability for decisions made by AI systems.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130

Zero Day

JUNE 20, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Show more Have I Been Pwned is a search engine that you can use to see if your data has been breached.   Think you've been involved in a data breach?

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Security Affairs

JULY 21, 2025

The sample analyzed by the mobile security firm maintains its surveillance capabilities, takes control of the microphone and camera, collects data, encrypts it with a C2-sent password, then uploads it via SFTP after further C2 instructions. MuddyWater added features to steal WhatsApp data and scan files. ” concludes.

Spyware 71

Spyware Telecommunications Surveillance VPN 71

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms. What did Verkada do wrong?

Surveillance 129

Surveillance IoT Accountability Hacking 129

Joseph Steinberg

JULY 13, 2022

Additionally, keep in mind that while Lockdown Mode may make it more difficult for attackers to exploit social engineering in order to compromise devices, until Apple more strictly controls what apps it allows in its app store , potential government spying remains a major problem. Is that really true?

Cybersecurity 258

Cybersecurity Government Artificial Intelligence Social Engineering 258

Krebs on Security

AUGUST 5, 2019

This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint , Plaid , Yodlee , YNAB and others to surveil and drain consumer accounts online. “If the account is active, hackers then can go to the next stage for 2FA phishing or social engineering, or linking the accounts with another.”

Banking 279

Banking Passwords Risk Accountability 279

Security Affairs

NOVEMBER 10, 2021

Unlike other surveillance software that attempts to exploit vulnerabilities on the device, PhoneSpy disguised itself as a harmless application with purposes ranging from learning Yoga to watching TV and videos, or browsing photos. The malware already hit more than a thousand South Korean victims.

Spyware 145

Spyware Mobile Social Engineering Surveillance 145

Security Affairs

AUGUST 17, 2021

The identifier could be obtained via social engineering. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs. “The vulnerabilities described in this post affect a core component of the Kalay platform.

IoT 127

IoT Hacking Social Engineering Firmware 127

Security Affairs

DECEMBER 12, 2024

Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. PlainGnome acts as a dropper for a surveillance payload, stored within the dropper package, while BoneSpy was deployed as a standalone application. Armageddon , Primitive Bear, and ACTINIUM).

Mobile 100

Mobile Malware Surveillance Social Engineering 100

Security Affairs

SEPTEMBER 3, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Social Engineering 129

Social Engineering Spyware Data breaches Surveillance 129

Security Affairs

MARCH 25, 2021

Facebook has taken action against a series of accounts used by a China-linked cyber-espionage group, tracked as Earth Empusa or Evil Eye, to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.

Surveillance 118

Surveillance Social Engineering Malware Spyware 118

Schneier on Security

FEBRUARY 6, 2023

This is bulk surveillance and can easily operate on this massive scale. This includes writing vulnerability-free software, designing user interfaces that help resist social engineering, and building computer networks that aren’t full of holes. On the other hand, computer hacking has to be conducted one target computer at a time.

Encryption 271

Encryption Hacking Software Social Engineering 271

Security Boulevard

DECEMBER 20, 2021

Police all over the nation are using the infamous Stingray device to surveil suspects. For example, Boston police (despite Stingray use being effectively illegal in Massachusetts). The post Boston Cops buy Stingray Spy Stuff—Spending Secret Budget appeared first on Security Boulevard.

Surveillance 135

Surveillance Social Engineering Security Awareness Engineering 135

Security Affairs

SEPTEMBER 11, 2022

The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against individuals and organizations of strategic interest to Teheran. ” The surveillance operations conducted by the APT group involved the distribution of Android malware such as VINETHORN and PINEFLOWER.

Surveillance 101

Surveillance Social Engineering Phishing Government 101

SecureWorld News

NOVEMBER 6, 2023

As more personal and organizational data ends up online—whether through social media oversharing, high-profile breaches, or surveillance capitalism—the OSINT surface area continues to grow. OSINT threats should be considered alongside network and social engineering threats when evaluating your overall security posture."

Social Engineering 108

Social Engineering Surveillance Media Cyber threats 108

eSecurity Planet

OCTOBER 8, 2024

Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance. law enforcement for surveillance purposes. The hackers, identified by U.S.

Surveillance 108

Surveillance Government Phishing Cybersecurity 108

Security Boulevard

JANUARY 28, 2022

It should be worth pointing out that on the vast majority of occasions the majority of IM-based encryption protocols are perfectly suited to respond and actually protect against a large portion of modern eavesdropping and surveillance campaigns. Possible physical security and network-based attack scenarios: - physical device compromise .

Encryption 103

Encryption Cybercrime Social Engineering Mobile 103

Security Boulevard

SEPTEMBER 2, 2021

The Australian government has given itself an enormous surveillance tool. Five Eyes means that rules in Oz can be used here, too. The post Secret Govt. Spy Powers Coming Here—via Australia appeared first on Security Boulevard.

Surveillance 117

Surveillance Government Social Engineering IoT 117

Security Affairs

JUNE 9, 2023

Stealth Soldier is surveillance software that allows operators to spy on the victims and exfiltrate collected data. “Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.”

Surveillance 98

Surveillance Malware Social Engineering Phishing 98

Security Affairs

NOVEMBER 26, 2021

Upon opening the app, it requests that the user grant the app permissions to perform surveillance actions such as to access to the microphone to record audio and all files stored on the device. The malicious apps use social engineering to ask the user to grant advanced permissions.

Spyware 123

Spyware Social Engineering Surveillance Malware 123

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. The cyber espionage campaigns were carried out by Iran-linked Chafer APT (also known as APT39 or Remix Kitten). ” continues the report.

Government 130

Government Social Engineering Hacking Telecommunications 130

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. “The adversary might be tied to Iran’s Islamic regime since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten, and Rampant Kitten. fn= hxxp://hr.dedyn.io/upload2.aspx

Surveillance 114

Surveillance Social Engineering Cybercrime Phishing 114

Security Boulevard

NOVEMBER 14, 2021

Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage. ** Links mentioned on the show ** Robinhood Trading App Suffers Data Breach Exposing 7 Million (..)

Data breaches 57

Data breaches Social Engineering Surveillance Engineering 57

Malwarebytes

AUGUST 26, 2021

The Bahrain government and groups linked to them—such as LULU , a known operator of Pegasus, and others like them who are associated with a separate government—were tagged as culprits of the surveillance activity. Dubbed by Citizen Lab as FORCEDENTRY, this iMessage exploit is said to have been in use since February 2021.

Spyware 104

Spyware Surveillance Social Engineering Government 104

CyberSecurity Insiders

DECEMBER 18, 2021

Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organizational data. Information on individual employees should be anonymized and unmasked only on a strict “need to know” basis.

Risk 134

Risk Social Engineering Surveillance Data collection 134

SecureWorld News

AUGUST 24, 2022

The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The attack may attack video surveillance, closed-circuit TV, or IP camera positioned in a location with a line of sight with the transmitting computer. ".

Firmware 98

Firmware Social Engineering Surveillance Malware 98

Malwarebytes

MARCH 4, 2022

There are rootkits, Trojans, worms, viruses, ransomware, phishing, identity theft, and social engineering to worry about. If you are concerned about surveillance or censorship, use privacy-first software like the Tails operating system , Tor browser , and Signal messenger. And that’s not a comprehensive list.

Backups 102

Backups Password Management Identity Theft Passwords 102

Hacker's King

MAY 20, 2023

However, if hackers gain access to these tokens through social engineering, phishing attacks, or other means, they can bypass 2FA by directly entering the codes, granting them unauthorized access. Social Engineering: Guarding Against Manipulation Social engineering remains a potent tool in hackers’ arsenal.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

Penetration Testing

JUNE 11, 2025

CyberEye, a modular.NET RAT, offers widespread data theft and surveillance using a builder, Telegram C2, and anti-analysis features, making it a new threat.

Surveillance 67

Surveillance Malware Social Engineering Engineering 67

Google Security

MAY 15, 2024

Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Our commitment to user safety is a top priority for Android. We’ve been consistently working to stay ahead of the world’s scammers, fraudsters and bad actors. These features require device OEM integration and compatible hardware.

Scams 78

Scams Threat Detection Social Engineering Surveillance 78

eSecurity Planet

FEBRUARY 22, 2022

There is no need for social engineering , as the program can implant backdoors directly without forced consent. Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle.

Spyware 124

Spyware Software Government Social Engineering 124

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. FinSpy is an infamous, commercial surveillance toolset that is used for “legal surveillance” purposes.

Malware 138

Malware Mobile Spyware Surveillance 138