Information Security, Internet and Spyware

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. ” The report includes the names of CSVs of any size and information about their commercial spyware. Google hopes this report will serve as a call to action.

Spyware

Spyware Surveillance Government Software

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents.

Spyware

Spyware Surveillance Hacking Government

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet?

Spyware

Spyware Hacking Ransomware Surveillance

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Security Affairs

AUGUST 2, 2022

Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Spyware

Spyware Surveillance Banking Hacking

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. The exploit chains were used to install commercial spyware and malicious apps on targets’ devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Firmware Internet

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

APT C-23 group targets Middle East with an enhanced Android spyware variant

Security Affairs

NOVEMBER 26, 2021

A threat actor, tracked as APT C-23, is using new powerful Android spyware in attacks aimed at targets in the Middle East. The APT C-23 cyberespionage group (also known as GnatSpy, FrozenCell, or VAMP) continues to target entities in the Middle East with enhanced Android spyware masqueraded as seemingly harmless app updates (i.e.

Spyware

Spyware Social Engineering Surveillance Engineering

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. This attack scenario sees attackers monitoring and manipulating the Internet traffic of the target. reads the analysis published by Amnesty International in October.

Spyware

Spyware Surveillance Mobile Advertising

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware

Spyware Data breaches Hacking Ransomware

Regin spyware involved in attack against the Russian tech giant Yandex

Security Affairs

JUNE 28, 2019

Many experts linked the Regin malware to the Five Eyes alliance , they found alleged references to the super spyware in a number of presentations leaked by Edward Snowden and according to malware researchers, it has been used in targeted attacks against government agencies in the EU and the Belgian telecoms company Belgacom.

Spyware

Spyware Malware Advertising Authentication

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. This week, Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Surveillance

Surveillance Mobile Spyware Telecommunications

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs

OCTOBER 5, 2022

In the OnionPoison campaign, threat actors shared a link to a malicious Tor installer posting it on a popular Chinese-language YouTube channel providing info on the anonymity on the internet. The experts also discovered that the libraries bundled with the malicious Tor Browser is infected with spyware. “The file freebl3.dll

Spyware

Spyware Accountability Software Passwords

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches

Data breaches Social Engineering Malware Hacking

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

In June, researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance

Surveillance Spyware Mobile Hacking

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS

DDOS Hacking Spyware Surveillance

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Government’s Antitrust Case Against Apple Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Ramadan )

Malware

Malware Cybercrime Hacking Cyber threats

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Credential stuffing campaigns have become part of the fabric of the Internet.

Passwords

Passwords Password Management Antivirus Internet

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

Security experts have detected and analyzed some of the tools in its arsenals, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Cybercrime

Cybercrime Surveillance Spyware Government

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches

Data breaches DDOS Backups Firewall

Security Affairs newsletter Round 269

Security Affairs

JUNE 21, 2020

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP Ransomware attack disrupts operations at Australian beverage company Lion Tech firms suspend use of ‘biased facial recognition technology Accessories giant Claires is the victim of a Magecart attack, credit card data exposed Black Kingdom ransomware operators exploit Pulse VPN flaws (..)

DDOS

DDOS Spyware Mobile Advertising

Gamblers’ data compromised after casino giant Strendus fails to set password

Security Affairs

NOVEMBER 15, 2023

Source: Cybernews The exposed phone numbers can be exploited for spam, malware and spyware attacks, SIM swapping, and the discovery of user accounts on platforms like WhatsApp, Signal, and others. IP addresses are used to ensure that internet communications are sent and received by the intended device.

Passwords

Passwords Identity Theft Social Engineering Spyware

NoReboot persistence technique fakes iPhone shutdown

Security Affairs

JANUARY 6, 2022

The experts pointed out that the phone remains fully functional and is still connected to the Internet despite that all physical feedback have been disabled, this means that a spyware can still spy on the users. “Since iOS 15, Apple introduced a new feature allowing users to track their phone even when it’s been turned off.

Spyware

Spyware Malware Internet Internet

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Security Affairs

JANUARY 12, 2022

The main module performs the following operations: Validate network connection – Upon execution, the script waits for an active internet connection by making HTTP POST requests to google.com with the parameter hi=hi.

InfoSec

InfoSec Spyware Malware Internet

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

European ICS engineering organizations were mainly targeted by phishing campaigns attempting to deliver spyware and cryptominers. Experts reported that the majority of computers in the ICS engineering sector are represented by desktop systems, but laptops remain more exposed to attacks via the internet, removable media devices, and email.

Engineering

Engineering VPN Accountability Software

Anti-Debugging Techniques from a Complex Visual Basic Packer

Security Affairs

JULY 17, 2019

Hash 32951a56e3fcd8f5b006c0b64ec694ddf722eba71e2093f7ee90f57856941f3d Threat Hawkey Spyware Brief Description Hawkey Spyware inside a Visual Basic Packer Ssdeep 12288:GVwYvwrMkE9LfRUXkpW7zGidwY/rwxOp8mH:COrI9zRUJfGCfzw0. Table 1: Information about the PE file inside the ISO image. Figure 1: Fake.bat file inside the ISO archive.

Spyware

Spyware Malware Passwords Accountability

White hat, black hat, grey hat hackers: What’s the difference?

Malwarebytes

JUNE 7, 2021

Malicious hackers might use tools like computer viruses, spyware, ransomware, Trojan horses, and more to further their goals. A degree in computer science or information security and a background in military intelligence can be useful but isn’t necessary. Many people wonder what motivates hackers who have had intentions.

Social Engineering

Social Engineering Hacking Spyware Antivirus

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

In the latest campaign uncovered by Kaspersky, the APT group, used a modular framework dubbed CloudWizard that supports spyware capabilities, including taking screenshots, microphone recording, harvesting Gmail inboxes, and keylogging.

Malware

Malware Spyware Encryption Phishing

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Microsoft released Patch Tuesday security updates for July 2019. Parents Guide for Safe YouTube and Internet Streaming for Kids. New FinFisher spyware used to spy on iOS and Android users in 20 countries. Adobe Patch Tuesday updates for July 2019 address only 5 minor flaws. Kali Linux is now available for Raspberry Pi 4.

Data breaches

Data breaches Spyware Advertising Government

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Security Affairs

JUNE 18, 2019

The traces collected by Amnesty International was corroborated by the findings of the investigation conducted by researchers at the internet watchdog Citizen Lab. Citizen Lab collected evidence of attacks against 175 targets worldwide carried on with the NSO spyware.

Surveillance

Surveillance Spyware Software Advertising

Australian man charged with creating and selling the Imminent Monitor spyware

Security Affairs

AUGUST 1, 2022

An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes. The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development and sale of spyware known as Imminent Monitor (IM). Pierluigi Paganini.

Spyware

Spyware Malware Cybercrime Hacking

Experts detailed new StrongPity cyberespionage campaigns

Security Affairs

JULY 18, 2019

The malware operates similarly to previously reported variants, it implements spyware capabilities and allows the attacker to get remote access to the compromised machine. The APT group used also newer versions of tainted WinRAR software, as well as a tool called Internet Download Manager (IDM).

Malware

Malware Software Spyware Advertising

Security Affairs newsletter Round 231

Security Affairs

SEPTEMBER 15, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Experts found Joker Spyware in 24 apps in the Google Play store. Once again thank you! Toyota Boshoku Corporation lost over $37 Million following BEC attack. WordPress 5.2.3

Spyware

Spyware Advertising Hacking IoT

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

” A new wave of attacks could exploit the vulnerability to spread more dangerous and destructive malware, like ransomware or spyware. “These attacks were likely initiated as port scans for machines with vulnerable internet-facing RDP services. ” concludes Microsoft.

Penetration Testing

Penetration Testing Malware Advertising Spyware

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Security Affairs

SEPTEMBER 28, 2019

Following the disclosure of the Simjacker attack, the researcher Lakatos from Ginno Security Lab discovered that another dynamic SIM toolkit, called Wireless Internet Browser (WIB), can be exploited in a similar way. ” reads a blog post published by the researcher.

Hacking

Hacking Mobile Risk Advertising

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

For instance, we see a new trend emerging in the criminal ecosystem of spyware-based authentication data theft, with each individual attack being directed at a very small number of targets (from single digits to several dozen). Known vulnerabilities in internet-facing hardware are also sure to remain a popular penetration vector.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

Apple last week announced new security features specifically intended to offer “specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.”.

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware

Malware Computers and Electronics Adware Spyware

Phishers turning hard-working: CERT-GIB records upsurge of phishing resource blockages as duration of attacks grows

Security Affairs

MAY 8, 2020

It should be noted that some of the tech companies provide a wide range of Internet-related services and some of them, like cloud storages and email services, form separate categories. They, in turn, let spyware and backdoors move ahead and become the second most popular malware with a 35-percent share.

Phishing

Phishing Spyware Banking Malware

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections.” ” reads the guidance.

Surveillance

Surveillance Mobile Spyware Malware

MI5 seized Boris Johnson’s phone over security risk fears

Security Affairs

JUNE 21, 2021

The British Security Service, also known as MI5, has seized the mobile devices used by PM Boris Johnson over concerns that were raised after the discovery of the availability of its number online for the last 15 years. ” reported the DailyMail.

Risk

Risk Mobile Spyware Hacking

Security Affairs newsletter Round 343

Security Affairs

DECEMBER 5, 2021

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users German BSI agency warns of ransomware attacks over Christmas holidays Cuba ransomware gang hacked 49 US critical infrastructure organizations CISA warns of vulnerabilities in Hitachi Energy products NSO Group spyware used to compromise iPhones of 9 US State Dept officials (..)

Spyware

Spyware Ransomware Hacking VPN

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

JANUARY 21, 2022

“The purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet;” reads the analysis published by Kaspersky. A UEFI bootkit implanted in the firmware could not be detected by AVs and any defense solution running on the OS level.

Firmware

Firmware Malware Spyware Surveillance

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Pegasus spyware used to spy on a Polish mayor

Webinars

Trending Sources

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Webinars

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Google TAG shares details about exploit chains used to install commercial spyware

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

APT C-23 group targets Middle East with an enhanced Android spyware variant

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Regin spyware involved in attack against the Russian tech giant Yandex

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 269

Gamblers’ data compromised after casino giant Strendus fails to set password

NoReboot persistence technique fakes iPhone shutdown

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Which is the Threat landscape for the ICS sector in 2020?

Anti-Debugging Techniques from a Complex Visual Basic Packer

White hat, black hat, grey hat hackers: What’s the difference?

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs newsletter Round 222 – News of the week

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Australian man charged with creating and selling the Imminent Monitor spyware

Experts detailed new StrongPity cyberespionage campaigns

Security Affairs newsletter Round 231

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Threats to ICS and industrial enterprises in 2022

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

The Most Common Types of Malware in 2021

Phishers turning hard-working: CERT-GIB records upsurge of phishing resource blockages as duration of attacks grows

US NCSC and DoS share best practices against surveillance tools

MI5 seized Boris Johnson’s phone over security risk fears

Security Affairs newsletter Round 343

MoonBounce UEFI implant spotted in a targeted APT41 attack

Stay Connected