Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG.

Government 117

Government Surveillance Cybercrime Ransomware 117

The Hacker News

MARCH 29, 2023

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed.

Spyware 92

Spyware 92

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Leaked documents details the purchase of an iOS Remote Code Execution zero-day exploit for $8,000,000. The exploits should work against the Android 12 update and iOS 15.4.1, Pierluigi Paganini.

Surveillance 129

Surveillance Spyware Mobile Hacking 129

Schneier on Security

SEPTEMBER 3, 2019

The vulnerabilities were patched in iOS 12.1.4, Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.

Hacking 228

Hacking Surveillance Malware Government 228

Bleeping Computer

JUNE 23, 2022

Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. [.].

Spyware 98

Spyware Surveillance Internet Internet 98

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The researchers discovered that attackers deployed on the sites hosted two iframes that were used to serve iOS and macOS exploits to the visitors.

Malware 137

Malware Media Surveillance Encryption 137

Security Affairs

NOVEMBER 30, 2023

“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.” The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm. Apple addressed the flaws with the release of iOS 17.1.2,

Surveillance 125

Surveillance Engineering Hacking Information Security 125

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome.

Spyware 93

Spyware Surveillance Firmware Internet 93

CSO Magazine

MARCH 31, 2023

Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches.

Spyware 117

Spyware Mobile Surveillance Manufacturing 117

Heimadal Security

JUNE 24, 2022

For many years, Google has been monitoring the activity of commercial spyware sellers and in conjunction with Google’s Project Zero, discovered the fact that RCS Labs, an Italian vendor, utilizes unusual drive-by downloads as first infection vectors to target iOS and Android mobile users. What Happened?

Spyware 110

Spyware Mobile Cybersecurity 110

Security Affairs

OCTOBER 4, 2023

Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.” The flaw was discovered by security researcher Clément Lecigne from Google’s Threat Analysis Group (TAG). “A local attacker may be able to elevate their privileges.

Hacking 118

Hacking Mobile Information Security 118

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing 94

Phishing Education Accountability Telecommunications 94

CyberSecurity Insiders

MARCH 15, 2022

The feature will be released in the iOS 15.4 Along with a facial identity update, a neutral SIRI voice dubbed as “Voice 5” will also be rolled out via the iOS 15.4 update along with some new set of emojis and technically blocks illegal tracking of Air Tag users. What’s disappointing is that the iOS 15.4 Install iOS 15.4

Mobile 109

Mobile Authentication Cybersecurity 109

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware 89

Spyware Surveillance Mobile Education 89

Krebs on Security

DECEMBER 4, 2019

13, KrebsOnSecurity contacted Apple to report this as a possible privacy bug in the new iPhone Pro and/or in iOS 13.x, The behavior appears to persist in the latest iPhone operating system (iOS 13.2.3) I was not able replicate this behavior on an older model iPhone 8 with the latest iOS. on iPhone 11 Pro devices.

Engineering 196

Engineering Encryption 196

CyberSecurity Insiders

NOVEMBER 8, 2021

And Douyin, a successor to the above stated Chinese short video app is also tagged as a global hit, as it has found a second place in the list with over 55.8 The post Blacklisted apps in corporate companies on Android and iOS devices appeared first on Cybersecurity Insiders.

Data privacy 117

Data privacy Internet Internet Cybersecurity 117

Security Boulevard

NOVEMBER 13, 2023

Let's say you're like me, an avid Omnifocus user, but you've been hearing great things about Reminders on MacOS/iOS/iPadOS, and you want to give it a shot. I wanted to implement "tags" from Omnifocus over to the "tags" feature in Reminders, however Apple doesn't have "tags" as a Reminders dictionary item in AppleScript.

Accountability 64

Accountability 64

Security Affairs

JANUARY 25, 2022

The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Malware 93

Malware Media Authentication Hacking 93

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. ” Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!). Also thoughts on why we are seeing so many 0day in 2021.

Surveillance 144

Surveillance Government Internet Internet 144

Malwarebytes

MAY 6, 2023

The basic principle of these tags is that anyone with the matching app and permissions on their device (usually a phone) contributes to find the last location where the tag was detected. Examples of these accessories are the Apple AirTag, Tile Mate and Pro, Samsung SmartTag, and Google’s expected Grogu. Get a free trial below.

Manufacturing 93

Manufacturing Technology Ransomware 93

Malwarebytes

MAY 17, 2022

Most recently, it’s reported that Ohio has proposed a new bill in relation to electronic tagging devices. She only became aware of what was happening because her phone alerted her to the tag’s presence. Smart stalkers will place tags on items or in places victims won’t suspect.

Mobile 117

Mobile Technology 117

CyberSecurity Insiders

SEPTEMBER 13, 2021

Researchers state the flaw was a ‘zero-click’ exploit that was discovered on September 2021 by experts who tagged it as an iMessage exploit dubbed ‘ForcedEntry’ that could also infect other Apple iOS, Mac OD and iWatchOS devices.

Spyware 139

Spyware Manufacturing Engineering Malware 139

Security Affairs

APRIL 7, 2023

Today, Apple published an emergency update for all iPhones to patch an exploit chain which we, together with @_clem1 (Google TAG) discovered in the wild. In February, the company released emergency security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2023-23529 , that impacts iOS, iPadOS, and macOS.

Education 93

Education Media Hacking Accountability 93

Security Affairs

AUGUST 30, 2019

Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited number of hacked websites used in watering hole attacks against iPhone users. “Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites.

Spyware 94

Spyware Hacking Advertising Encryption 94

Malwarebytes

FEBRUARY 19, 2023

Apple patches vulnerabilities in MacOS and iOS Update now! Android 14 developer preview highlights multiple security improvements One in nine online stores are leaking your data, says study New ESXiArgs encryption routine outmaneuvers recovery methods TrickBot gang members sanctioned after pandemic ransomware attacks Update now!

Adware 63

Adware Ransomware Scams Passwords 63

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. ” reads the report published by Google TAG.

Firewall 93

Firewall Software Hacking Internet 93

SecureWorld News

JANUARY 26, 2021

Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations. Google's TAG team discovery: cyberattack motive.

Social Engineering 87

Social Engineering Engineering Accountability Malware 87

Security Affairs

SEPTEMBER 4, 2019

Zero-day broker Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time. For the first time, the price for Android exploits is higher than the iOS ones, this is what has emerged from the updated price list published by the zero-day broker Zerodium.

Advertising 91

Advertising Architecture Mobile Marketing 91

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Media 88

Media Social Engineering Engineering Accountability 88

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Malware 130

Malware Phishing Antivirus Hacking 130

Malwarebytes

AUGUST 26, 2021

The Bahrain government and groups linked to them—such as LULU , a known operator of Pegasus, and others like them who are associated with a separate government—were tagged as culprits of the surveillance activity. We saw the FORCEDENTRY exploit successfully deployed against iOS versions 14.4 No real protection in sight?

Spyware 93

Spyware Surveillance Social Engineering Government 93

Malwarebytes

JUNE 29, 2022

Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices. Hermit affects Android and iOS devices and is described as a modular spyware. Italian vendor RCS Labs developed Hermit.

Spyware 103

Spyware Government Social Engineering Mobile 103

Malwarebytes

MARCH 15, 2021

The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden, physical surveillance of their location. According to 9to5Mac , the latest beta version for iOS 14.5 If someone secretly hides a tag in your possessions, your phone will notice and warn you about it.

Surveillance 102

Surveillance Accountability Cybersecurity Technology 102

Krebs on Security

DECEMBER 14, 2022

The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.

Social Engineering 186

Social Engineering Ransomware Software Engineering 186

Security Affairs

JUNE 7, 2023

In March, Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. This vulnerability grants the attacker system access.

Spyware 92

Spyware Surveillance Firmware Hacking 92

Security Affairs

SEPTEMBER 7, 2019

Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited number of hacked websites used in watering hole attacks against iPhone users. Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. ” Sainz wrote.”Google’s

Hacking 83

Hacking Spyware Advertising Mobile 83

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. ” This week, Google Threat Analysis Group (TAG) also warned of North Korea-linked hackers targeting security researchers through social media.

Malware 119

Malware Antivirus Hacking Accountability 119