2019, Hacking and Surveillance - Cyber Security Informer

Latest on the SVR’s SolarWinds Hack

Schneier on Security

JANUARY 5, 2021

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). There is also no indication yet that any human intelligence alerted the United States to the hacking. The October files, distributed to customers on Oct.

Hacking

Hacking System Administration Software Surveillance

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. reads the court document.

Spyware

Spyware Hacking Surveillance Malware

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. ” reads the court document. ” The U.S.

Spyware

Spyware Surveillance Software Hacking

The FBI Identified a Tor User

Schneier on Security

JANUARY 17, 2023

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. There are lots of ways to de-anonymize Tor users. (I

Surveillance

Surveillance Media Hacking

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

AUGUST 15, 2024

We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida. In 2019, malicious hackers stole data on more than 1.5 In 2019, malicious hackers stole data on more than 1.5

Hacking

Hacking Data breaches Identity Theft Accountability

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware

Spyware Government Surveillance Hacking

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. SecurityAffairs – hacking, K-Electric). The post German authorities raid the offices of the FinFisher surveillance firm appeared first on Security Affairs.

Surveillance

Surveillance Spyware Advertising Software

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Surveillance

Surveillance Spyware Advertising Government

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims. Image: [link] On October 30, Canadian authorities arrested Alexander Moucka, a.k.a.

Cybercrime

Cybercrime Mobile Media Hacking

Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data

The Hacker News

MARCH 20, 2025

Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications

Spyware

Spyware Government Surveillance Hacking

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones.

Hacking

Hacking Surveillance Spyware Government

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. SecurityAffairs – hacking, RCS Labs). CVE-2020-9907 internally referred to as AveCesare.

Surveillance

Surveillance Mobile Spyware Telecommunications

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. Pierluigi Paganini.

Surveillance

Surveillance Software Spyware Hacking

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Security Affairs

MAY 20, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

Surveillance

Surveillance Spyware Software Government

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Software Architecture

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream.

Surveillance

Surveillance Spyware Government Hacking

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Security Affairs

NOVEMBER 19, 2019

Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. SecurityAffairs – Android, CVE-2019-2234). The post CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance appeared first on Security Affairs.

Surveillance

Surveillance Manufacturing Advertising IoT

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call. .

Surveillance

Surveillance Spyware Malware Mobile

Chinese Supply-Chain Attack on Computer Systems

Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. I wrote this in 2019: The other solution is to build a secure system, even though any of its parts can be subverted. It’s been going on since at least 2008. We need some fundamental security research here.

Surveillance

Surveillance Internet Internet Government

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

Security Affairs

APRIL 25, 2020

The legal dispute between Facebook and NSO group continues even after the Israeli surveillance firm filed a motion to dismiss the case earlier this month. Facebook advocates have challenged a plea from spyware maker NSO Group to dismiss the legal dispute over the hacking accusations, arguing it has immunity from prosecution.

Spyware

Spyware Surveillance Advertising Mobile

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. SecurityAffairs – Android, hacking).

Surveillance

Surveillance Advertising Marketing Encryption

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. The mobile version of the surveillance software in the first stage of the infection leverages the exploits to get root access. SecurityAffairs – hacking, FinSpy).

Spyware

Spyware Surveillance Advertising Mobile

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ExpressVPN published an official response that confirmed the accusation of the DoJ but that pointed out that the experts took part to the Project Raven before he joined to the company in 2019.

Surveillance

Surveillance VPN Hacking Cybersecurity

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. link] — Will Cathcart (@wcathcart) October 29, 2019.

Surveillance

Surveillance Technology Spyware Mobile

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

SEPTEMBER 15, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. SecurityAffairs – hacking, NSA employees). export control, computer fraud and access device fraud laws. “The story of Project Raven reveals how former U.S. organizations.”

Surveillance

Surveillance Hacking Government Cybersecurity

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

MAY 14, 2019

Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device. The bad news is that experts are aware of attacks exploiting the WhatsApp zero-day to deliver surveillance software. Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Advertising

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. ” reads the report published by Amnesty International.

Spyware

Spyware Surveillance Mobile Advertising

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware

Firmware Surveillance Manufacturing Advertising

Security Affairs newsletter Round 241

Security Affairs

NOVEMBER 24, 2019

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365. Tianfu Cup 2019 – 11 teams earned a total of 545,000 for their Zero-Day Exploits. CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance. A new round of the weekly newsletter arrived!

Data breaches

Data breaches Wireless Banking Advertising

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. ” reads the press release published by DoJ. ” continues the DoJ.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

The experts speculate the HOMAGE exploit was used since the last months of 2019, and involved an iMessage zero-click component that launched a WebKit instance in the com.apple.mediastream.mstreamd process, following a com.apple.private.alloy.photostream lookup for a Pegasus email address. . To nominate, please visit:?

Spyware

Spyware Surveillance Government Software

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SEPTEMBER 12, 2019

The scary part of the story is that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries. The researchers plan to disclose technical details of the attack at the VB2019 London conference , in October 2019.

Hacking

Hacking Mobile Spyware Manufacturing

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware

Spyware Surveillance Hacking Government

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

The attacks on the Togolese activists started in December 2019 and lasted two months. Their devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 Togolese presidential election.” SecurityAffairs – hacking, Donot Team APT). Pierluigi Paganini.

Spyware

Spyware Surveillance Accountability Mobile

Data Privacy threat to Americans from Biden government

CyberSecurity Insiders

MAY 3, 2021

As per the report on CNN, this public surveillance program will be carried out by Department of Homeland Security and will be done by collaborating with private companies, mainly those belonging to technology sector. Both the stories were later proved to be true, making Snowden and Assange take asylum in Russia till 2019.

Data privacy

Data privacy Government Surveillance Media

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

Security Affairs

OCTOBER 18, 2019

A researcher has published a proof-of-concept (PoC) exploit code for the CVE-2019-2215 zero-day flaw in Android recently addressed by Google. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215, in Android. SecurityAffairs – CVE-2019-2215, zero-day).

Advertising

Advertising Surveillance Security Defenses Marketing

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

SEPTEMBER 20, 2024

German law enforcement agencies have been surveilling Tor network by operating their own servers for months. Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. ” reported the NDR.

Surveillance

Surveillance Data collection Media Hacking

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. SecurityAffairs – hacking, China). ” reads the paper published by the experts. and earlier) could bypass the firewall.

Firewall

Firewall Surveillance Internet Internet

Security Affairs newsletter Round 225 and Important Update

Security Affairs

AUGUST 4, 2019

Crooks used rare Steganography technique to hack fully patched websites in Latin America. Jessica Alba ‘s Twitter account hacked, it posted racist and homophobic messages. Over 23 million stolen payment card data traded on the Dark Web in H1 2019. Android devices could be hacked by playing a video due to CVE-2019-2107 flaw.

Data breaches

Data breaches eCommerce Hacking Malware

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? The latter knows how to carry out a DLL injection hack — to cheat the game score. I had the chance to visit with Willy Leichter, Virsec’s vice president of marketing, at Black Hat 2019.

Firmware

Firmware Hacking Software Surveillance

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

. “Court documents and government contracting records show the agencies tasked with monitoring the Mexican border have spent record sums on car hacking tools, while talking up the extraordinary amount of valuable evidence that can be reaped from onboard computers.” SecurityAffairs – hacking, infotainment systems).

Surveillance

Surveillance Technology Mobile Hacking

Latest on the SVR’s SolarWinds Hack

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Trending Sources

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

The FBI Identified a Tor User

NationalPublicData.com Hack Exposes a Nation’s Data

Poland probes Pegasus spyware abuse under the PiS government

German authorities raid the offices of the FinFisher surveillance firm

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Canadian Man Arrested in Snowflake Data Extortions

Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data

Zero-day exploit used to hack iPhones of Al Jazeera employees

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

EU officials were targeted with Israeli surveillance software

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Israeli surveillance firm QuaDream emerges from the dark

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Chinese Supply-Chain Attack on Computer Systems

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Unknown FinSpy Mac and Linux versions found in Egypt

Why Edward Snowden is urging users to stop using ExpressVPN?

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Second-ever UEFI rootkit used in North Korea-themed attacks

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs newsletter Round 241

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

SimJacker attack allows hacking any phone with just an SMS

Pegasus spyware used to spy on a Polish mayor

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Donot Team targets a Togo prominent activist with Indian-made spyware

Data Privacy threat to Americans from Biden government

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs newsletter Round 225 and Important Update

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Stay Connected