Information Security, Internet and Surveillance

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Internet

Internet Internet Surveillance Government

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. appeared first on Security Affairs.

Surveillance

Surveillance Spyware Mobile Hacking

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

The Real Internet of Things, January 2017. Just yesterday I tweeted that the COVID-19 situation was going to finally make large-scale video surveillance endemic to our society. New: AI/surveillance company claims it's deploying 'coronavirus-detecting' cameras in the United States.

Surveillance

Surveillance Government Education Engineering

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The exploits were used to install commercial spyware and malicious apps on targets’ devices. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware

Spyware Surveillance Mobile Education

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

.” These searches are legal when conducted for the purpose of foreign surveillance, but the worry about using them domestically is that they are unconstitutionally broad. The very nature of these searches requires mass surveillance. The FBI does not conduct mass surveillance. The FBI does not conduct mass surveillance.

Surveillance

Surveillance Wireless Accountability Architecture

Internet disruption in Russia coincided with the introduction of restrictions

Security Affairs

MARCH 12, 2021

Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom.

Internet

Internet Internet Mobile Hacking

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

The latest report published by Google Threat Analysis Group (TAG), titled “ Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs )”, warns of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet. ” concludes Google.

Spyware

Spyware Surveillance Government Software

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. and Yandex.ru

Internet

Internet Internet DNS Cyber Attacks

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. SecurityAffairs – Kazakhstan, surveillance). ” states Tele2. Pierluigi Paganini.

Internet

Internet Internet Encryption Government

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this.

Surveillance

Surveillance Computers and Electronics Encryption Government

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. ” reads the analysis published by Awake Security. The domains were found hosting several browser-based surveillance tools and malware. “Browsers have replaced Windows, MacOS, etc.

Surveillance

Surveillance Internet Internet Advertising

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption

Encryption Government Artificial Intelligence Surveillance

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. “We The politicians who inspired and commissioned these activities belong in prison.”

Spyware

Spyware Surveillance Hacking Government

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Security Affairs

AUGUST 2, 2022

At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits.

Spyware

Spyware Surveillance Banking Hacking

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. Anyway, it is not the only one.

Spyware

Spyware Hacking Ransomware Surveillance

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The threat actors gathered personal information on minority groups and potential political dissents. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Reduce the number of systems that can be reached over internet using SSH.

Media

Media Accountability Telecommunications Government

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser engine. “We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors. .

Surveillance

Surveillance Government Internet Internet

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” ” The second campaign was spotted in December 2022 when the researchers discovered an exploit chain targeting the latest version of the Samsung Internet Browser using multiple zero-days and n-days. ” concludes the report.

Spyware

Spyware Surveillance Firmware Internet

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. Despite the Cable & Wireless bought by Vodafone in July 2012, the Nigella surveillance access point remained active as of April 2013. Source [link].

Wireless

Wireless Surveillance Telecommunications Advertising

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” and QTS 4.4.1. “QNAP® Systems, Inc.

Ransomware

Ransomware Internet Internet Firmware

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them. The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents.

Cybercrime

Cybercrime Surveillance Spyware Government

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship.

Firewall

Firewall Surveillance Internet Internet

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS

DDOS Hacking Spyware Surveillance

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords

Passwords Surveillance Manufacturing Accountability

Breaking Down User Activity Monitoring Tools: Security and HR Perspectives

SecureWorld News

JANUARY 4, 2024

This agent gathers data about the user's actions, such as keystrokes, mouse clicks, application usage, and internet activity. The information is sent to a server for analysis. From an information security department's perspective, the more data collected on employee actions, the more effectively potential incidents can be investigated.

Data collection

Data collection Artificial Intelligence Surveillance Risk

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Security Affairs

JUNE 18, 2019

The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. Pegasus is a perfect tool for surveillance, it is able to steal any kind of data from smartphones and use them to spy on the surrounding environment through their camera and microphone.

Surveillance

Surveillance Spyware Software Advertising

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence

Artificial Intelligence Data breaches Scams Insurance

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs

FEBRUARY 22, 2021

Representatives of the Stanford Internet Observatory declared that users should assume all conversations are being recorded by the company, a circumstance that raises concerns because they have no information on how the conversations are stored. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

CSO

CSO Internet Internet Surveillance

Slovak police found wiretapping devices connected to the Govnet government network

Security Affairs

JUNE 10, 2020

” Investigators speculate wiretapping devices were used to spy on internet and telephony communications. the Head of the NASES Surveillance Center Ján K., Security Section of the Office of the Deputy Prime Minister for investment and informatization Jan M. The news site Aktuality.sk the Director of the Cyber ??Security

Government

Government Surveillance Advertising Internet

Cybersecurity Report: August 11, 2015

SiteLock

AUGUST 27, 2021

Cybersecurity Bill Could ‘Sweep Away’ Internet Users’ Privacy, Agency Warns. Last Monday, the Department of Homeland Security (DHS) claimed that the controversial new surveillance bill Cybersecurity Information Sharing Act (CISA) could sweep away important privacy protections. China to Embed Internet Police in Tech Firms.

Cybersecurity

Cybersecurity Internet Internet Banking

Security Affairs newsletter Round 305

Security Affairs

MARCH 14, 2021

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA Microsoft updated MSERT (..)

Surveillance

Surveillance DDOS Cryptocurrency Ransomware

Podcast Episode 128: Do Security and Privacy have a Booth at CES?

The Security Ledger

JANUARY 8, 2019

And do security and privacy have a seat at the table at the world's largest electronics event? » Related Stories Spotlight: as Attacks Mount, how to secure the Industrial Internet Die Hard is a Movie About Building Automation Insecurity. But is it getting any more secure as it grows? Read the whole entry. »

Computers and Electronics

Computers and Electronics IoT Surveillance Internet

Information risk and security for professional services

Notice Bored

APRIL 20, 2022

Professional services are information-centric: information is the work product , the purpose, the key deliverable. Through assignments, jobs, projects or tasks, professional services clients and providers exchange, generate and utilize information. Guess whose interests they are most likely to protect!

Risk

Risk Energy and Utilities Computers and Electronics Telecommunications

Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

Security Affairs

FEBRUARY 7, 2023

The popular collective Anonymous has leaked 128 GB of data allegedly stolen from the Russian Internet Service Provider Convex. The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. ” reads a statement sent by Caxxii to the Kyiv Post.”

Surveillance

Surveillance Internet Internet Government

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying. Thought leaders advise reducing or eliminating the use of these skeleton key-like accounts.

Surveillance

Surveillance IoT Accountability Passwords

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. reads the analysis published by Amnesty International in October. .

Spyware

Spyware Surveillance Mobile Advertising

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

FEBRUARY 13, 2020

The United States continues to highlight the risks to national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei. Chinese equipment is broadly adopted in many allied countries, including Germany, Italy, and Japan.

Manufacturing

Manufacturing Advertising Surveillance Architecture

NSA buys internet browsing records from data brokers without a warrant

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Trending Sources

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

An RCE in Annke video surveillance product allows hacking the device

Google Responds to Warrants for “About” Searches

Internet disruption in Russia coincided with the introduction of restrictions

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

3.5m IP cameras exposed, with US in the lead

Russia is going to disconnect from the internet as part of a planned test

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Snowden Ten Years Later

Hundreds of malicious Chrome browser extensions used to spy on you!

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Pegasus spyware used to spy on a Polish mayor

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Google: four zero-day flaws have been exploited in the wild

Google TAG shares details about exploit chains used to install commercial spyware

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Russian spies are attempting to tap transatlantic undersea cables

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

A flaw in Dahua IP Cameras allows full take over of the devices

FBI warns swatting attacks on owners of smart devices

Breaking Down User Activity Monitoring Tools: Security and HR Perspectives

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Slovak police found wiretapping devices connected to the Govnet government network

Cybersecurity Report: August 11, 2015

Security Affairs newsletter Round 305

Podcast Episode 128: Do Security and Privacy have a Booth at CES?

Information risk and security for professional services

Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

US officials claim Huawei Equipment has secret backdoor for spying

Stay Connected