Security Affairs

SEPTEMBER 28, 2021

Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Kaspersky experts shared the results of an 8-months investigation into FinSpy spyware at the Security Analyst Summit (SAS) 2021.

Spyware 112

Spyware Surveillance Firmware Malware 112

Security Boulevard

SEPTEMBER 30, 2021

Spyware found embedded in UEFI and MBR firmware - ran undetected for years. The post September Firmware Threat Report appeared first on Security Boulevard.

Threat Reports 52

Threat Reports Firmware Spyware 52

Troy Hunt

MARCH 23, 2019

I'm pretty damn frustrated with those Instamics right now between the flakey firmware upgrade process and the unexpected loss of recording today. So firstly, sorry for the audio quality. I'll make sure I get on top of it for next time. Elsevier looks like they logged a bunch of passwords in plain text (who would do that.

Data breaches 166

Data breaches Spyware Firmware Passwords 166

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware 145

Firmware Malware Spyware Surveillance 145

The Hacker News

SEPTEMBER 29, 2021

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit using a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis.

Spyware 103

Spyware Firmware Malware 103

Security Affairs

AUGUST 6, 2024

The TAG team investigates attacks carried out by nation-state actors and commercial spyware vendors. In June 2024, Google [link] of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” continues the advisory. reads the advisory.

Firmware 131

Firmware Spyware Hacking Technology 131

Security Affairs

OCTOBER 6, 2024

Baseband firmware can be affected by vulnerabilities, making it a significant attack vector. Zero-day brokers and commercial spyware vendors can exploit these vulnerabilities to target mobile users and deploy malware like Predator. .” reads Google’s announcement. Exploiting baseband bugs can lead to remote code execution.

Firmware 133

Firmware Mobile Spyware Software 133

Security Affairs

APRIL 3, 2024

CVE-2024-29745 CVE-2024-29748″ The company did not provide details about the attacks, but in the past such kind of bugs was actively exploited by nation-state actors or commercial spyware vendors. The 2024-04-01 security patch level addressed eight high-severity flaws in Framework and System.

Spyware 136

Spyware Firmware Hacking Information Security 136

SecureList

MAY 27, 2022

MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). One of the things you can do to protect yourself from advanced mobile spyware is to reboot your device on a daily basis.

Phishing 131

Phishing Spyware Firmware Malware 131

Security Boulevard

MARCH 24, 2025

Researchers name several countries as potential Paragon spyware customers TechCrunch The Citizen Lab, a group of academics and security researchers, recently published a report indicating the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are "likely" customers of Israeli spyware maker Paragon Solutions.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

eSecurity Planet

FEBRUARY 22, 2022

NSO Group’s Pegasus software has been routinely in the headlines in recent years for using zero-click attacks to install its spyware. Spyware and Zero-Days: A Troubling Market. It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation.

Spyware 125

Spyware Software Government Social Engineering 125

SiteLock

AUGUST 27, 2021

Most manufacturers of IoT enabled devices update their firmware frequently. Many companies are re-thinking BYOD policies in recent years in order to protect their business networks. It’s better to keep a barrier between home and work, at least in cyberspace. Update, Update, Update.

IoT 98

IoT Spyware VPN Passwords 98

SecureList

DECEMBER 27, 2023

The exploit obtains root privileges and proceeds to execute other stages, which load spyware. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it. Device tree files can be extracted from the firmware, and their contents can be viewed with the help of the dt utility.

Firmware 145

Firmware Engineering Spyware Retail 145

SecureList

MARCH 20, 2024

Instead, it is a full-fledged spyware application that collects SMS messages, keystrokes, etc. The same malware earlier had been found in the firmware of a kids’ smart watch by an Israeli manufacturer distributed mainly in Europe and the Middle East. Tambir Tambir is an Android backdoor that targets users in Turkey.

Malware 128

Malware Mobile Firmware Spyware 128

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches 124

Data breaches Computers and Electronics Spyware Cybercrime 124

Security Affairs

JUNE 5, 2022

Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited Microsoft blocked Polonium attacks against Israeli organizations LockBit ransomware attack impacted production in a Mexican Foxconn plant Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks An international police operation dismantled FluBot (..)

Spyware 106

Spyware Firmware Ransomware Scams 106

Security Boulevard

MARCH 17, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Telegram also implemented a detailed info page for users receiving a first-time message from outside their contacts list.

Surveillance 59

Surveillance Data breaches Spyware Malware 59

eSecurity Planet

FEBRUARY 26, 2021

The Unified Extensible Firmware Interface (UEFI) scanner is a valuable tool for protecting firmware. Capabilities for scanning firmware are not common in antimalware solutions, setting ESET ahead of the competition in this vertical. This tool can block suspicious emails that may contain spyware, ransomware and phishing websites.

Antivirus 85

Antivirus Firmware Encryption Spyware 85

Security Affairs

DECEMBER 28, 2023

In June, Kaspersky announced that after a six-month-long investigation, they completed the collection of all the components of the attack chain and the analysis of the spyware implant, tracked as TriangleDB. The spyware is directly deployed in memory, but if the victim reboots the device the malware doesn’t persist. .

Spyware 140

Spyware Firmware Mobile Malware 140

Security Affairs

APRIL 24, 2022

Phishing attacks using the topic “Azovstal” targets entities in Ukraine Conti ransomware claims responsibility for the attack on Costa Rica Cyber Insurance and the Changing Global Risk Environment A stored XSS flaw in RainLoop allows stealing users’ emails QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS Pwn2Own Miami hacking contest (..)

Cyber Insurance 100

Cyber Insurance Spyware Firmware Hacking 100

SecureList

NOVEMBER 30, 2021

In November, Apple announced that it was taking legal action against NSO Group for developing software that targets its users with “malicious malware and spyware” Detecting infection traces from Pegasus and other advanced mobile malware is very tricky, and complicated by the security features of modern OSs such as iOS and Android.

Malware 138

Malware Mobile Spyware Surveillance 138

SecureList

NOVEMBER 14, 2022

In 2022, the GReAT team tracked several threat actors leveraging SilentBreak’s toolset as well as a commercial Android spyware we named MagicKarakurt. In both cases, we described new UEFI firmware bootkits that managed to propagate malicious components from the deepest layers of the machine up to Windows’ user-land.

Firmware 127

Firmware Surveillance Mobile Telecommunications 127

Security Boulevard

FEBRUARY 17, 2025

Google's reCAPTCHA is not only useless, it's also basically spyware Techspot This study demonstrates Google's reCAPTCHA v2 and v3 are flawed and don't actually keep out bots. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw).

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Affairs

AUGUST 25, 2019

Intel addresses High-Severity flaws in NUC Firmware and other tools. App tainted with Ahmyst Open-source spyware appeared on Google Play Store twice. Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds. Capital One hacker suspected to have breached other 30 companies. 5 Common Phishing Attacks and How to Avoid Them?

Small Business 79

Small Business Advertising Data breaches Spyware 79

eSecurity Planet

FEBRUARY 26, 2021

The Unified Extensible Firmware Interface (UEFI) scanner is a valuable tool for protecting firmware. Capabilities for scanning firmware are not common in antimalware solutions, setting ESET ahead of the competition in this vertical. This tool can block suspicious emails that may contain spyware, ransomware and phishing websites.

Antivirus 57

Antivirus Firmware Encryption Spyware 57

eSecurity Planet

AUGUST 20, 2024

Third-Party Application Package Installed on Pixel Devices Type of vulnerability: Third-party application package installed on Pixel device firmware, with insufficient security controls. Researchers investigating the threat found an Android application package, Showcase.apk, that’s part of the device firmware.

Authentication 106

Authentication Firmware Technology Software 106

SecureWorld News

AUGUST 8, 2022

Cybercriminals often use malware to gain access to a computer or mobile device to deploy viruses, worms, Trojans, ransomware, spyware, and rootkits. For the top malware strains, the advisory provides six mitigations: Update software, including operating systems, applications, and firmware, on IT network assets. Enforce MFA.

Malware 98

Malware Banking Penetration Testing Healthcare 98

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 117

Banking Malware Computers and Electronics Mobile 117

Pen Test Partners

JANUARY 14, 2025

This tool allows attackers to leverage the weaknesses in the MediaTek chipsets to perform firmware alterations on the device. This means they can potentially alter the firmware on the device. From a technical perspective, altering the IMEI requires access to certain low-level functions of the phone’s hardware and firmware.

Firmware 75

Firmware Malware Manufacturing Mobile 75

Security Boulevard

FEBRUARY 10, 2025

Spyware maker Paragon terminates contract with Italian government: media reports TechCrunch This campaign was included in Week 5 of the Privacy Roundup , where Meta disrupted a campaign on WhatsApp targeting approximately 100 users with Paragon Spyware. this is certainly a news item worth paying attention to.

Spyware 52

Spyware Surveillance Government Data breaches 52

Responsible Cyber

APRIL 8, 2020

Ransomware is a type of malware, but others exist, including spyware, adware, bots and Trojans. Additionally, operating systems, firewalls and firmware must be hardened and updated with vendor provided patches regularly and timely, and previously mentioned anti-virus software must be kept up to date.

Cybersecurity 98

Cybersecurity DDOS Small Business Phishing 98

eSecurity Planet

OCTOBER 18, 2022

For example, the reputable Kaspersky anti-malware company might offer legitimate anti-ransomware tools suitable for many organizations, but their Russian headquarters may cause hesitation over concerns related to the invasion of Ukraine or concerns of spyware. For-pay ransomware recovery tool. Full disconnect recommendation.

Ransomware 145

Ransomware Encryption Insurance Backups 145

eSecurity Planet

MAY 2, 2024

Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices. 60% of all mobile and browser zero-days are exploited by spyware vendors. 20% increase accesses of specific organizations advertised. and software libraries to attack the supply chain.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

SecureList

MARCH 1, 2021

The word “covid” in various combinations was typically used in the names of packages hiding spyware and banking Trojans, adware or Trojan droppers. The manufacturer of the mobile device preloads an adware application or a component with the firmware. Pandemic theme in mobile threats. apk and coviddetect.apk.

Mobile 145

Mobile Malware Adware Banking 145

SecureList

NOVEMBER 18, 2022

In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Mobile statistics. Targeted attacks. CosmicStrand: discovery of a sophisticated UEFI rootkit.

Malware 121

Malware Computers and Electronics Adware Cryptocurrency 121

SecureList

NOVEMBER 14, 2023

In May, Ars Technica reported that BootGuard private keys had been stolen following a ransomware attack on Micro-Star International (MSI) in March this year (firmware on PCs with Intel chips and BootGuard enabled will only run if it is digitally signed using the appropriate keys).

Hacking 140

Hacking Energy and Utilities Malware Media 140

eSecurity Planet

MARCH 22, 2023

Endpoint Security: Antivirus , anti-spyware , endpoint detection and response (EDR), and other controls should be deployed to secure the endpoint against compromise. Enterprise Mobile Management (EMM) or Mobile Device Management (MDM): Restrict applications and connections with portable (laptops, etc.) and mobile (phones, tablets, etc.)

Firewall 109

Firewall Network Security Penetration Testing Encryption 109