Hacking, Information Security, Internet and Surveillance

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. Pierluigi Paganini.

Surveillance

Surveillance Spyware Mobile Hacking

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Internet

Internet Internet Surveillance Government

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. SecurityAffairs – hacking, RCS Labs). Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The exploits were used to install commercial spyware and malicious apps on targets’ devices. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware

Spyware Surveillance Mobile Education

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? Anyway, it is not the only one.

Spyware

Spyware Hacking Ransomware Surveillance

Internet disruption in Russia coincided with the introduction of restrictions

Security Affairs

MARCH 12, 2021

Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom.

Internet

Internet Internet Mobile Hacking

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

The latest report published by Google Threat Analysis Group (TAG), titled “ Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs )”, warns of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet. ” concludes Google. .

Spyware

Spyware Surveillance Government Software

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware

Spyware Surveillance Hacking Government

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Security Affairs

AUGUST 2, 2022

At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. SecurityAffairs – hacking, DSIRF). Pierluigi Paganini.

Spyware

Spyware Surveillance Banking Hacking

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Reading about the NSA’s hacking abilities will do that to you. Could agents take control of my computer over the Internet if they wanted to? I wrote the essay below in September 2013.

Surveillance

Surveillance Computers and Electronics Encryption Government

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. ” reads the analysis published by Awake Security. The domains were found hosting several browser-based surveillance tools and malware. SecurityAffairs – hacking, Chrome).

Surveillance

Surveillance Internet Internet Advertising

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. SecurityAffairs – hacking, Variston). ” TAG concludes. Pierluigi Paganini.

Spyware

Spyware Surveillance Risk Internet

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

His talk was nostalgic, reflecting on the 40+ years of computer hacking. Moss also said that all hacking is not infosec and that all infosec is not hacking. “Hacking can provide a lot of joy and absolutely no income. But hacking, not so much. Where with infosec the goal is to produce income. It’s a job.

Hacking

Hacking InfoSec Internet Internet

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. and Yandex.ru

Internet

Internet Internet DNS Cyber Attacks

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. SecurityAffairs – Kazakhstan, surveillance). ” states Tele2. Pierluigi Paganini.

Internet

Internet Internet Encryption Government

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data. SecurityAffairs – hacking, CVE-2021-28372). The attacker could also use RPC (remote procedure call) functionality to completely take over the device.

IoT

IoT Hacking Social Engineering Firmware

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS

DDOS Hacking Spyware Surveillance

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The threat actors gathered personal information on minority groups and potential political dissents. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Reduce the number of systems that can be reached over internet using SSH.

Media

Media Accountability Telecommunications Government

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence

Artificial Intelligence Data breaches Scams Insurance

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser engine. “We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors. . Pierluigi Paganini.

Surveillance

Surveillance Government Internet Internet

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.” Pierluigi Paganini.

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” ” The second campaign was spotted in December 2022 when the researchers discovered an exploit chain targeting the latest version of the Samsung Internet Browser using multiple zero-days and n-days. ” concludes the report.

Spyware

Spyware Surveillance Firmware Internet

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. Pierluigi Paganini.

Passwords

Passwords Surveillance Manufacturing Accountability

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship.

Firewall

Firewall Surveillance Internet Internet

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” SecurityAffairs – hacking, NAS). and QTS 4.4.1.

Ransomware

Ransomware Internet Internet Firmware

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. Despite the Cable & Wireless bought by Vodafone in July 2012, the Nigella surveillance access point remained active as of April 2013. Source [link].

Wireless

Wireless Surveillance Telecommunications Advertising

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Security Affairs

SEPTEMBER 28, 2019

Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. Pierluigi Paganini.

Hacking

Hacking Mobile Risk Advertising

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs

FEBRUARY 22, 2021

Representatives of the Stanford Internet Observatory declared that users should assume all conversations are being recorded by the company, a circumstance that raises concerns because they have no information on how the conversations are stored. Lets talk about the Clubhouse 'hack' which wasn't. Pierluigi Paganini.

CSO

CSO Internet Internet Surveillance

Security Affairs newsletter Round 305

Security Affairs

MARCH 14, 2021

If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 305 appeared first on Security Affairs. Pierluigi Paganini.

Surveillance

Surveillance DDOS Cryptocurrency Ransomware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie.

Authentication

Authentication Retail Surveillance Education

Security Affairs newsletter Round 246

Security Affairs

DECEMBER 29, 2019

The best news of the week with Security Affairs. Former contractor sentenced to 10 months in prison for hacking airline Jet2. RuNet – Russia successfully concluded tests on its Internet infrastructure. Thai Officials confirmed the hack of prison surveillance cameras and the video broadcast.

Cyber Attacks

Cyber Attacks Surveillance Advertising Ransomware

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. reads the analysis published by Amnesty International in October. .

Spyware

Spyware Surveillance Mobile Advertising

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Security Affairs

JUNE 18, 2019

The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. Pegasus is a perfect tool for surveillance, it is able to steal any kind of data from smartphones and use them to spy on the surrounding environment through their camera and microphone.

Surveillance

Surveillance Spyware Software Advertising

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. One of those interests that took off was computer security. For bored and smart teenagers, this was the perfect way to learn how to hack. It’s about challenging our expectations about people who hack for a living.

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. One of those interests that took off was computer security. For bored and smart teenagers, this was the perfect way to learn how to hack. It’s about challenging our expectations about people who hack for a living.

Media

Media Hacking InfoSec Marketing

APT C-23 group targets Middle East with an enhanced Android spyware variant

Security Affairs

NOVEMBER 26, 2021

Upon opening the app, it requests that the user grant the app permissions to perform surveillance actions such as to access to the microphone to record audio and all files stored on the device. The app asks the user to Enable the device admin permission or “system won’t secure your internet connection.”. Pierluigi Paganini.

Spyware

Spyware Social Engineering Surveillance Engineering

Podcast Episode 128: Do Security and Privacy have a Booth at CES?

The Security Ledger

JANUARY 8, 2019

And do security and privacy have a seat at the table at the world's largest electronics event? » Related Stories Spotlight: as Attacks Mount, how to secure the Industrial Internet Die Hard is a Movie About Building Automation Insecurity. But is it getting any more secure as it grows? Read the whole entry. »

Computers and Electronics

Computers and Electronics IoT Surveillance Internet

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Security Affairs

JUNE 22, 2021

Uniquely, the attack is a black-box attack that was developed without any detailed knowledge of the algorithms used by the search engine, and the exploit is transferable to any AI application dealing with faces for internet services, biometric security, surveillance, law enforcement, and any other scenarios. .

Engineering

Engineering Internet Internet Surveillance

Slovak police found wiretapping devices connected to the Govnet government network

Security Affairs

JUNE 10, 2020

” Investigators speculate wiretapping devices were used to spy on internet and telephony communications. the Head of the NASES Surveillance Center Ján K., Security Section of the Office of the Deputy Prime Minister for investment and informatization Jan M. The news site Aktuality.sk the Director of the Cyber ??Security

Government

Government Surveillance Advertising Internet

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying. It is deeply invasive for anyone who’s captured on film.”.

Surveillance

Surveillance IoT Accountability Passwords

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

NSA buys internet browsing records from data brokers without a warrant

Webinars

Trending Sources

An RCE in Annke video surveillance product allows hacking the device

Webinars

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Internet disruption in Russia coincided with the introduction of restrictions

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

3.5m IP cameras exposed, with US in the lead

Pegasus spyware used to spy on a Polish mayor

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Snowden Ten Years Later

Hundreds of malicious Chrome browser extensions used to spy on you!

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Jeff Moss on the Evolution of Hacking at SecTor 2021

Russia is going to disconnect from the internet as part of a planned test

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Google: four zero-day flaws have been exploited in the wild

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

A flaw in Dahua IP Cameras allows full take over of the devices

Google TAG shares details about exploit chains used to install commercial spyware

FBI warns swatting attacks on owners of smart devices

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Russian spies are attempting to tap transatlantic undersea cables

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs newsletter Round 305

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs newsletter Round 246

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Social Media

APT C-23 group targets Middle East with an enhanced Android spyware variant

Podcast Episode 128: Do Security and Privacy have a Booth at CES?

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Slovak police found wiretapping devices connected to the Govnet government network

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Stay Connected