2010 and Surveillance - Cyber Security Informer

On Chinese "Spy Trains"

Schneier on Security

SEPTEMBER 26, 2019

The reason these threats are so real is that it's not difficult to hide surveillance or control infrastructure in computer components, and if they're not turned on, they're very difficult to find. Even so, these examples illustrate an important point: there's no escaping the technology of inevitable surveillance.

Surveillance

Surveillance Wireless Government Internet

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Security Affairs

AUGUST 1, 2019

Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. Cisco finally addressed the flaws in 2013 and stopped selling Cisco Video Surveillance Manager (VSM) in 2014. Cisco is going to pay $8.6 Pierluigi Paganini.

Surveillance

Surveillance Technology Government Software

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call. .”

Surveillance

Surveillance Spyware Malware Mobile

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

NOVEMBER 15, 2022

Sources briefed on the investigation into Penchukov said that in 2010 — at a time when the Security Service of Ukraine (SBU) was preparing to serve search warrants on Tank and his crew — Tank received a tip that the SBU was coming to raid his home. “The Americans were unhappy, and a little surprised.

Banking

Banking Small Business Accountability Malware

US pharmacy Rite Aid banned from operating facial recognition systems

Malwarebytes

DECEMBER 21, 2023

The regulator found so many flaws in the retailer’s surveillance program that it concluded Rite Aid had failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores. The company also failed to inform consumers that it was using the technology in its stores.

Surveillance

Surveillance Technology Retail Artificial Intelligence

China using AI to develop robots that can hide in sea launch bombs and cyber attacks

CyberSecurity Insiders

JULY 8, 2021

Privacy advocates across the world say that such mass surveillance programs do more bad than good as they make the populace get a feeling that their government never trusts them. The plan was to use machine learning tools and learn about the citizen activities taking place in front of the cameras in an automated way.

Cyber Attacks

Cyber Attacks Artificial Intelligence Wireless Surveillance

NHS postpones patient data sharing with 3rd parties till September 2021

CyberSecurity Insiders

JUNE 8, 2021

colorado-based company named Palantir- known to supply data sets and analytical software to companies indulging in public surveillance. . At the end of May, a popular news resource from New York reported that UK NHS is planning to share its data with a .

Surveillance

Surveillance Healthcare Government Cybersecurity

Pegasus spyware and how it exploited a WebP vulnerability

Malwarebytes

SEPTEMBER 27, 2023

The company behind it launched in 2010, and it reportedly gained its first overseas customer just one year later. In 2018, Citizen Lab also identified 45 countries that were potentially relying on Pegasus to conduct surveillance. ” Pegasus is not new. ” Pegasus is not new. It is, he said, everywhere.

Spyware

Spyware Surveillance Mobile Software

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

” Privacy advocates are raising the alarm on surveillance activities operated by law enforcement by collecting data from connected systems in modern cars. “New cars are surveillance on wheels, sending sensitive passenger data to carmakers and police. ” continues Forbes.

Surveillance

Surveillance Technology Mobile Hacking

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups.

Penetration Testing

Penetration Testing Financial Services Surveillance Manufacturing

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

The APT group has been active since 2010, targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups. If APT27 focuses on cyberespionage, Winnti is known for its financial motivation.

Ransomware

Ransomware Malware Encryption Financial Services

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Security Affairs

JANUARY 26, 2022

The APT27 group (aka Emissary Panda , TG-3390 , Bronze Union , and Lucky Mouse ) has been active since 2010, it targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups.

Financial Services

Financial Services Surveillance Malware Cyber Attacks

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

Malwarebytes

JULY 12, 2024

This is the third known mSpy data breach since the company began in around 2010. Without getting consent from a child, these surveillance capabilities represent serious invasions of privacy.

Data breaches

Data breaches Mobile Surveillance Advertising

A chink in the armor of China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

The group’s activities have been traced back to 2010 when it performed a cyberespionage campaign directed at diplomatic organizations and missions in Europe. Others in the security community who have researched this group of actors refer to the group by other names, including KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon.

Hacking

Hacking Malware Surveillance Data collection

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

The APT group has been active since 2010, targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups. .

Healthcare

Healthcare Password Management Financial Services Surveillance

Microsoft disrupts China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

The group’s activities have been traced back to 2010 when it performed a cyberespionage campaign directed at diplomatic organizations and missions in Europe. Others in the security community who have researched this group of actors refer to the group by other names, including KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon.

Hacking

Hacking Malware Surveillance Data collection

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

The Emissary Panda APT (aka LuckyMouse , APT27, Threat Group 3390, and Bronze Union) has been active since 2010, targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups.

Malware

Malware Advertising Financial Services Surveillance

Together, we can make a difference

Scary Beasts Security

MARCH 21, 2014

A couple of weeks back, I released a popular spreadsheet which lists many of the Adobe Flash Player 0-days used to harm people in the wild since 2010. If you look at the data, you'll see 7 memory corruption 0-days in a year, starting mid-2010. I counted 18 and countless kind Twitterers pointed out some I may have missed.

Surveillance

Surveillance Software Internet Internet

Android 14 introduces first-of-its-kind cellular connectivity security features

Google Security

AUGUST 8, 2023

Attackers exploit this in a number of ways, ranging from traffic interception and malware sideloading, to sophisticated dragnet surveillance. Moreover, since 2010, security researchers have demonstrated trivial over-the-air interception and decryption of 2G traffic.

Mobile

Mobile Risk Wireless Surveillance

Twitter security under scrutiny after former executive turns whistleblower

Malwarebytes

AUGUST 24, 2022

In 2010, the Federal Trade Commission (FTC) filed a complaint against Twitter for its mishandling of users' private information and the issue of too many employees having access to Twitter's central controls.

Advertising

Advertising Accountability Engineering Surveillance

Facebook and Cambridge Analytica

Schneier on Security

MARCH 29, 2018

Harvard Business School professor Shoshana Zuboff calls it " surveillance capitalism." Surveillance capitalism takes this one step further. Google's surveillance isn't in the news, but it's startlingly intimate. That phone is probably the most intimate surveillance device ever invented. We never lie to our search engines.

Surveillance

Surveillance Artificial Intelligence Advertising Big data

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Beyond Identity Identity management 2020 Private Expel Managed security service 2016 Private Tigera Zero trust for K8s 2016 Private Intrinsic Application security 2016 Acquired: VMware HackerOne Penetration testing 2015 Private Virtru Data encryption 2014 Private Cloudflare Cloud infrastructure 2010 NYSE: NET.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Pegasus spyware has been here for years. We must stop ignoring it

Malwarebytes

JULY 22, 2021

When weaponized by authoritarian governments, surveillance chills free speech, scares away dissent, and robs an innocent public of a life lived unwatched, for no crime committed other than speaking truth to power, conducting public health research, or simply loving another person. This is surveillance. This is not security work.

Spyware

Spyware Surveillance Mobile Government

The Belgacom hack was the work of the UK GCHQ intelligence agency

Security Affairs

OCTOBER 28, 2018

The attack between 2000 and early 2010, the hackers targeted company admins with spear-phishing attacks aimed at infecting their machines. If confirmed the situation is disconcerting, the UK was spying, along with other members of the FiveEyes, on a telco company belonging to a member of the NATO alliance. ” wrote The Intercept.

Hacking

Hacking Spyware Telecommunications Advertising

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

The Emissary Panda APT group has been active since 2010, targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups.

Government

Government Advertising Financial Services Surveillance

Russia’s SolarWinds Attack

Schneier on Security

DECEMBER 28, 2020

In the interests of surveillance, the NSA has pushed for an insecure cell phone encryption standard and a backdoor in random number generators (important for secure encryption). In 2010, the US and Israel attacked the Iranian nuclear program. If anything, the US’s prioritization of offense over defense makes us less safe.

Hacking

Hacking Government Internet Internet

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security

JANUARY 18, 2019

In 2010, China successfully hacked the back-door mechanism Google put in place to meet law-enforcement requests. I have long maintained that we need to adopt a defense-dominant strategy : We should prioritize our need for security over our need for surveillance. Again, this is nothing new.

Encryption

Encryption Government Surveillance Hacking

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

The malicious payload was then used to upload additional malware, usually the Quarian backdoor that has been seen in use by Chinese-speaking actors since around 2010. FinSpy is a notorious surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists.

Malware

Malware Government Surveillance Spyware

Hungarian official confirms Hungary used NSO Group Pegasus spyware

Security Affairs

NOVEMBER 8, 2021

Lajos Kosa, chair of the Parliament’s Defense and Law Enforcement Committee, confirmed that Hungary is one of the clients of the Israeli surveillance firm NSO Group and that it bought and used the controversial Pegasus spyware. According to Kosa, the use of surveillance software was authorized by a judge or the Minister of Justice.

Spyware

Spyware Surveillance Media Government

Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23

Malwarebytes

NOVEMBER 6, 2023

But the type of surveillance we’re talking about today is different. Little Brother isn’t just surveillance. It is increasingly popular, normalized, and accessible surveillance. It isn’t so much “Big Brother”—a concept introduced in the socio-dystopian novel 1984 by author George Orwell.

Surveillance

Surveillance Spyware Media Internet

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

All sites incorporated the archaic FCKeditor plug-in, which stopped receiving support in 2010. The problem: HikVision’s HikCentral Professional security management system controls related surveillance equipment and contains both a high (CVSS 7.5) and a medium (CVSS 4.3) level vulnerability.

IoT

IoT Internet Internet Ransomware

Iran announced to have foiled a second cyber-attack in a week

Security Affairs

DECEMBER 15, 2019

The APT27 cyber espionage group (aka Emissary Panda , TG-3390 , Bronze Union , and Lucky Mouse ) has been active since 2010, it targeted organizations worldwide, including U.S. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups.

Cyber Attacks

Cyber Attacks Telecommunications Government Advertising

Iran denies attack against its infrastructure has ever succeeded

Security Affairs

JUNE 25, 2019

Last week, media reported that the United States has launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. surveillance drone, according to people familiar with the matter.” reported The Washington Post.

Surveillance

Surveillance Cyber Attacks Telecommunications Media

Trump secretly ordered cyber attacks against Iran missile systems

Security Affairs

JUNE 23, 2019

The United States launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. The military response to Iran, after the Iranian army has downed an American surveillance drone, started from the cyberspace. surveillance drone, according to people familiar with the matter.”

Cyber Attacks

Cyber Attacks Surveillance Advertising Hacking

Cyber Security Informer

On Chinese "Spy Trains"

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Trending Sources

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

US pharmacy Rite Aid banned from operating facial recognition systems

China using AI to develop robots that can hide in sea launch bombs and cyber attacks

NHS postpones patient data sharing with 3rd parties till September 2021

Pegasus spyware and how it exploited a WebP vulnerability

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

China-linked Budworm APT returns to target a US entity

Experts linked ransomware attacks to China-linked APT27

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

A chink in the armor of China-based hacking group Nickel

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Microsoft disrupts China-based hacking group Nickel

Emissary Panda updated its weapons for attacks in the past 2 years

Together, we can make a difference

Android 14 introduces first-of-its-kind cellular connectivity security features

Twitter security under scrutiny after former executive turns whistleblower

Facebook and Cambridge Analytica

Top VC Firms in Cybersecurity of 2022

Pegasus spyware has been here for years. We must stop ignoring it

The Belgacom hack was the work of the UK GCHQ intelligence agency

Emissary Panda APT group hit Government Organizations in the Middle East

Russia’s SolarWinds Attack

Evaluating the GCHQ Exceptional Access Proposal

APT trends report Q3 2021

Hungarian official confirms Hungary used NSO Group Pegasus spyware

Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Iran announced to have foiled a second cyber-attack in a week

Iran denies attack against its infrastructure has ever succeeded

Trump secretly ordered cyber attacks against Iran missile systems

Stay Connected