Schneier on Security

MAY 3, 2019

On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. Pervasive surveillance capitalism­ -- as practiced by the Internet companies that are already spying on everyone -- ­matters. The Crypto Wars have been waging off-and-on for a quarter-century.

Cybersecurity 277

Cybersecurity Technology Government Internet 277

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship.

Firewall 144

Firewall Surveillance Internet Internet 144

Security Affairs

JUNE 13, 2019

Encrypted messaging service Telegram was hit by a major DDoS attack apparently originated from China, likely linked to the ongoing political unrest in Hong Kong. Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland.

DDOS 111

DDOS Advertising Surveillance Encryption 111

CyberSecurity Insiders

AUGUST 27, 2021

Ragnarok Ransomware that was active since 2019 has made it official that it is going to shut its operations by this month’s end. The file encrypting malware group has also released a decryption key for zero cost to help victims clean up their databases.

Ransomware 103

Ransomware Healthcare Encryption Surveillance 103

Krebs on Security

FEBRUARY 18, 2019

Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. 25, 2019, when security firm CrowdStrike published a blog post listing virtually every Internet address known to be (ab)used by the espionage campaign to date. That changed on Jan. 29 and Jan.

DNS 279

DNS Internet Internet Government 279

Security Affairs

DECEMBER 30, 2019

Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them. The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents.

Cybercrime 94

Cybercrime Surveillance Spyware Government 94

Security Affairs

NOVEMBER 12, 2021

.” The iOS exploit chain used a framework based on Ironsquirrel to encrypt exploits delivered to the visitor’s browser. Evidence collected demonstrated that attackers exploited the CVE-2019-8506 flaw to execute malicious code in Safari. The macOS exploits were different from the iOS ones.

Malware 145

Malware Media Surveillance Encryption 145

The Last Watchdog

OCTOBER 3, 2019

We met at Black Hat 2019. They’ll take more manual steps to encrypt servers, exfiltrate data – or do both. And then, instead of encrypting one or two or ten machines, they’ll encrypt everything.” British antimalware and network security vendor Sophos refers to this new tactic as “automated, active attacks.”

Encryption 147

Encryption Malware Ransomware Cyber Attacks 147

Security Affairs

MARCH 10, 2019

pic.twitter.com/OgzUehZ1Bi — Ran L (@ranlocar) March 4, 2019. The availability of this data represents a serious threat to the privacy of the users, threat actors could use it for surveillance activity. At each call, the application logs the phone number, IP Address (internal and external). ” reported ZDNet.

Passwords 110

Passwords Advertising Surveillance Encryption 110

The Last Watchdog

MARCH 13, 2019

Another tech industry consultancy, IDC, forecasts worldwide IoT spending will hit a record $745 billion in 2019 , some 15.4% Mirai and Reaper are examples of a new generation of IoT botnets comprised of millions of infected home routers and surveillance cams. more than the $646 billion spent in 2018.

Internet 189

Internet Internet IoT Energy and Utilities 189

Security Affairs

AUGUST 4, 2019

Over 23 million stolen payment card data traded on the Dark Web in H1 2019. Android devices could be hacked by playing a video due to CVE-2019-2107 flaw. Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware. million fine for selling flawed surveillance technology to the US Gov.

Data breaches 94

Data breaches eCommerce Hacking Malware 94

Security Affairs

FEBRUARY 12, 2020

Swiss authorities are investigating into allegations the company Crypto AG, a Switzerland-based maker of encryption devices, was a front company for the CIA and German intelligence. The Swiss government declared that it was informed of the case only in N ovember 2019, then he decided to investigate into the case. They shut both eyes.”.

Advertising 116

Advertising Government Media Encryption 116

Security Affairs

DECEMBER 29, 2019

CVE-2019-19781 Citrix flaw exposes 80,000 companies at risk. Ryuk Ransomware evolution avoid encrypting Linux folders. NVIDIA patches CVE-2019-5702 high-severity flaw in GeForce Experience. Thai Officials confirmed the hack of prison surveillance cameras and the video broadcast. Top cybersecurity Predictions for 2020.

Cyber Attacks 86

Cyber Attacks Advertising Surveillance Ransomware 86

SecureList

FEBRUARY 26, 2021

The Coalition Against Stalkerware warns that stalkerware “may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” In 2019, we created a special alert that notifies users if stalkerware is installed on their phones. Read messages on any messenger, regardless of whether encryption is used.

Mobile 129

Mobile Surveillance Software Passwords 129

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

Vulnerable devices could be used to spread malware within the enterprise, used for corporate espionage, surveillance of personnel, or plan whaling phishing campaigns. Organizations can accomplish this task by using a sophisticated security platform to encrypt data handled by IoT devices. Choose your partners wisely.

IoT 122

IoT Risk Energy and Utilities Healthcare 122

The Last Watchdog

APRIL 17, 2019

Related: Why government encryption backdoors should never be normalized. For a full drill down on our most recent conversation, at RSA 2019 , give a listen to the accompanying podcast. it’s a full package of how to go steal stuff, or lock up computers, or encrypt data and get ransom.

Marketing 133

Marketing Digital transformation CSO Internet 133

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government 109

Government VPN Telecommunications Advertising 109

Malwarebytes

SEPTEMBER 8, 2022

Originally, ransomware encrypted files and its operators demanded a ransom in return for a decryption tool. It was all but impossible to decrypt the files without the decryption tool, but victims could avoid paying a ransom by restoring encrypted files from backups. Triple extortion. New groups.

Ransomware 88

Ransomware DDOS Encryption Backups 88

Hot for Security

FEBRUARY 2, 2021

One major allegation brought forth by the FTC is that, since at least 2016, Zoom misled users by claiming it offered ‘end-to-end, 256-bit encryption’ when in fact it provided a lower level of security. Due to the COVID-19 pandemic, Zoom’s install base has ballooned from 10 million in December 2019 to 300 million in April 2020.

Encryption 86

Encryption Consumer Protection Surveillance Data breaches 86

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. Andreessen Horowitz (a16z).

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

Security Affairs

JANUARY 10, 2021

It is a great question, particularly when you consider that $167 Billion was spent on Cybersecurity in 2019 and this is predicted to increase to $248 Billion by 2023 [Source: Forbes ]. The Cyber-attack resulted in a large volume of data to be encrypted including database servers and backup data. 4securitas.com ).

Cyber Attacks 125

Cyber Attacks Government Software Surveillance 125

SecureList

MAY 31, 2021

A41APT is a long-running campaign, active from March 2019 to the end of December 2020, that has targeted multiple industries, including Japanese manufacturing and its overseas bases. Ransomware encrypting virtual hard disks. The first vulnerability ( CVE-2019-5544 ) can be used to carry out heap overflow attacks.

Malware 139

Malware Adware Encryption Architecture 139

The Last Watchdog

OCTOBER 14, 2019

In one case, ExtraHop tracked a made-in-China surveillance cam sending UDP traffic logs , every 30 minutes, to a known malicious IP address with ties to China. But ExtraHop noticed that the tool also opening encrypted connections to vendor-owned cloud storage, a major HIPAA violation. We met at Black Hat 2019.

Cyber Attacks 133

Cyber Attacks Cloud Migration Digital transformation Surveillance 133

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. Both the IP and the server directory path are encrypted with AES-128 using a base64 encoded key stored in the backdoor’s image.

Firmware 145

Firmware Malware Encryption Passwords 145

Security Affairs

FEBRUARY 2, 2020

This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. This email service was used by cybercriminals both in 2019 and especially actively in January 2020 to send false messages under the guise of reliable information about mass mining of objects in the Russian Federation,”.

Telecommunications 71

Telecommunications VPN Advertising Government 71

BH Consulting

DECEMBER 11, 2023

per cent) from 2022 and a huge leap since 2019, when there were an estimated 2.8 Sounds like excessive surveillance? Meta is rolling out end-to-end encryption across its Facebook and Messenger platforms, used by more than a billion people. ISC2 figures estimate the global workforce in the field is 5.5 It’s up 440,000 (8.7

Surveillance 52

Surveillance Cybersecurity DDOS Data breaches 52

Privacy and Cybersecurity Law

MAY 29, 2019

Date and time: Start: June 11, 2019, 9:00 AM EST End: June 11, 2019, 4:30 PM EST. Location: Shopify 150 Elgin Street 14th floor Ottawa, Ontario K2P 1L4 Canada. CPD accreditation. This program is eligible for 5 substantive hours required by the Law Society of Ontario.

Internet 40

Internet Internet Surveillance Encryption 40

McAfee

MAY 26, 2020

EU Exit) Regulations 2019 amends the DPA 2018 and merges it with the requirements of the EU GDPR to form a data protection regime that will work in a UK context after Brexit, and with insignificant differences between the EU GDPR and the proposed UK GDPR. The EU GDPR will no longer apply directly in the UK at the end of the transition period.

Antivirus 52

Antivirus VPN Risk Software 52

SecureList

NOVEMBER 26, 2021

At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists. FinSpy: analysis of current capabilities.

Malware 134

Malware Banking Energy and Utilities Accountability 134

SecureList

NOVEMBER 29, 2021

The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months. The script compares the given encrypted string with a second string to get an index of matched characters. Description. up: Upload file. seconds.

Surveillance 144

Surveillance Malware Phishing Encryption 144

Malwarebytes

JULY 22, 2021

When weaponized by authoritarian governments, surveillance chills free speech, scares away dissent, and robs an innocent public of a life lived unwatched, for no crime committed other than speaking truth to power, conducting public health research, or simply loving another person. This is surveillance. This is not security work.

Spyware 127

Spyware Surveillance Mobile Government 127

Spinone

NOVEMBER 21, 2019

” ― Stephane Nappo The amount of compromised data in August 2019 composed 114,686,290 breached records. The course consists of four modules: Hackers Exposed: You will find out methods that stop hackers, block tracking, and prevent government surveillance. “Cyber Security is so much more than a matter of IT.”

Social Engineering 40

Social Engineering Accountability Phishing Cybersecurity 40

Malwarebytes

JANUARY 19, 2022

The many issues surrounding end-to-end encryption (E2EE) are ever-present. “We want social media companies to confirm they will not implement end-to-end encryption until they have the technology in place to ensure children will not be put at greater risk as a result,” No Place To Hide’s campaign website states.

Media 97

Media Encryption Internet Internet 97

SecureList

SEPTEMBER 28, 2021

FinSpy, also known as FinFisher or Wingbird , is an infamous surveillance toolset. We were unable to cluster those packages until the middle of 2019 when we found a host that served these installers among FinSpy Mobile implants for Android. Both of them are encrypted with RC4. The encrypted VFS file. The Initial Loader.

Encryption 145

Encryption Malware Spyware Architecture 145

SecureList

APRIL 27, 2021

One of the suspected FinFly Web servers was active for more than a year between October 2019 and December 2020. We investigated a long-running espionage campaign, dubbed A41APT, targeting multiple industries, including the Japanese manufacturing industry and its overseas bases, which has been active since March 2019.

Malware 145

Malware Government Spyware Social Engineering 145

SecureList

OCTOBER 17, 2023

The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption. This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets.

Malware 141

Malware Government VPN Manufacturing 141

ForAllSecure

MAY 26, 2022

So I'm an activist, security researcher or even whistleblower, we recently came across some stuff where there were leaks of personally identifiable information or some sort of previously unknown surveillance of people or employees. And in 2018, I bought five hover 100 of them on sticker mule, and took them to DEF CON.

Hacking 52

Hacking Technology InfoSec Media 52