Passwords, Surveillance, Technology and VPN

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

It is interesting to note that an active Keepass (password manager) process gets killed before starting the keylogger. This is likely intended to force the user to restart the program and enter a master password that is then stolen via the keylogger. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

Hangzhou Hikvision Digital Technology Co., Its business activities include the provision of services for hard disk recorders, video codes, video servers, surveillance cameras, monitoring of ball machine, road mounts and other products, as well as security services. engages in the development, production, and sale of security products.

Firmware

Firmware Surveillance Marketing VPN

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

This RAT allows an attacker to surveil and harvest sensitive data from a target computer. Cracked applications are one of the easiest ways for attackers to get malware onto people’s computers: to elevate their privileges, they only need to ask for the password, which usually arouses no suspicion during software installation.

Banking

Banking Malware Computers and Electronics Mobile

The Zero Click, Zero Day iMessage Attack Against Journalists

SecureWorld News

DECEMBER 23, 2020

Pegasus spyware is a phone surveillance solution that enables customers to remotely exploit and monitor devices. The company sells its surveillance technology to governments around the world. And watchdog groups say its products are often found to be used in surveillance abuses.

Spyware

Spyware Surveillance Hacking Media

A chink in the armor of China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

For initial access, the DCU noticed Nickel using older, and patched, vulnerabilities in Microsoft products like Microsoft Exchange and SharePoint, but also compromised VPN suppliers or obtained stolen credentials. For lateral movement the DCU saw Nickel actors using Mimikatz, WDigest, NTDSDump, and other password dumping tools during attacks.

Hacking

Hacking Malware Surveillance Data collection

Microsoft disrupts China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

For initial access, the DCU noticed Nickel using older, and patched, vulnerabilities in Microsoft products like Microsoft Exchange and SharePoint, but also compromised VPN suppliers or obtained stolen credentials. For lateral movement the DCU saw Nickel actors using Mimikatz, WDigest, NTDSDump, and other password dumping tools during attacks.

Hacking

Hacking Malware Surveillance Data collection

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. Image: APNIC.

DNS

DNS Internet Internet Government

Advanced threat predictions for 2022

SecureList

NOVEMBER 17, 2021

When we wrote this prediction, we were mainly thinking about a continuation of all the malicious activities targeting VPN appliances. We nevertheless observed some threat actors, such as APT10, who were exploiting these vulnerabilities to hijack VPN sessions. But this prediction also came true another way.

Mobile

Mobile Surveillance Ransomware Government

The Origins and History of the Dark Web

Identity IQ

FEBRUARY 8, 2024

The Future of the Dark Web The future of the dark web is uncertain as it continues to evolve and adapt to new technologies and law enforcement methods. Ultimately, the future of the dark web rests on the balance between technology, law enforcement, and societal attitudes toward privacy and online security.

Identity Theft

Identity Theft Cryptocurrency Government Engineering

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Accountability

Accountability Government Hacking Social Engineering

Best Wi-Fi Security & Performance Testing Tools for 2022

eSecurity Planet

MAY 20, 2022

With other vulnerabilities such as sharing devices and Wi-Fi access with family members or lax password hygiene, security becomes a real challenge. To catch them, administration policies on continuous surveillance and periodic assessments should be in place. Read next: Best Enterprise VPN Solutions.

Security Performance

Security Performance Wireless Encryption Penetration Testing

SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

The Last Watchdog

APRIL 27, 2020

Learning about how hackers were able to intercept drone feed video from CIA observation drones during the war in Iraq, for instance, tells us a lot about how tenuous sophisticated surveillance technology really can be, out in the Internet wild. LW: You’re not the first security expert to advocate eliminating passwords.

Passwords

Passwords VPN Digital transformation Cyber Attacks

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. APT targeting turns toward satellite technologies, producers and operators.

Firmware

Firmware Surveillance Mobile Telecommunications

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

As a leading VC, BVP offers budding companies plenty to consider, with a set of roadmaps and tools for today’s technologies and market complexities. Notable cybersecurity exits for the company include AVG Technologies, Cognitive Security, OpenDNS, and Carbon Black. Accel Investments. Evolution Equity Partners. EEP Investments.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Cyber Security Informer

Ferocious Kitten: 6 years of covert surveillance in Iran

Patch now! Insecure Hikvision security cameras can be taken over remotely

Trending Sources

IT threat evolution Q1 2024

The Zero Click, Zero Day iMessage Attack Against Journalists

A chink in the armor of China-based hacking group Nickel

Microsoft disrupts China-based hacking group Nickel

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Advanced threat predictions for 2022

The Origins and History of the Dark Web

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Best Wi-Fi Security & Performance Testing Tools for 2022

SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

Advanced threat predictions for 2023

Top VC Firms in Cybersecurity of 2022

Stay Connected