2019, Information Security and Surveillance

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. The post German authorities raid the offices of the FinFisher surveillance firm appeared first on Security Affairs. Pierluigi Paganini.

Surveillance

Surveillance Spyware Software Advertising

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Surveillance

Surveillance Spyware Advertising Government

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Security Affairs

NOVEMBER 19, 2019

Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. SecurityAffairs – Android, CVE-2019-2234). The post CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance appeared first on Security Affairs.

Surveillance

Surveillance Manufacturing Advertising IoT

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Then the attackers asked the victims to enable the installation of apps from unknown sources.

Surveillance

Surveillance Mobile Spyware Telecommunications

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Architecture Software

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Security Affairs

MAY 20, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

Surveillance

Surveillance Spyware Software Government

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. Pierluigi Paganini.

Surveillance

Surveillance Software Spyware Hacking

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream.

Surveillance

Surveillance Spyware Government Hacking

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:2015 and 27018:2019? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification.

Manufacturing

Manufacturing Surveillance CISO Information Security

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call. .

Surveillance

Surveillance Spyware Malware Mobile

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance

Surveillance Advertising Marketing Encryption

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. link] — Will Cathcart (@wcathcart) October 29, 2019.

Surveillance

Surveillance Technology Spyware Mobile

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

Security Affairs

MARCH 5, 2024

The surveillance software was also used to spy on U.S. Surveillance software was misused by foreign actors in attacks aimed at dissidents and journalists around the world. Predator spyware is known for its extensive data-stealing and surveillance capabilities. government officials, journalists, and policy experts.

Spyware

Spyware Surveillance Government Technology

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

NOVEMBER 16, 2024

Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Malware Hacking

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

Security Affairs

APRIL 25, 2020

The legal dispute between Facebook and NSO group continues even after the Israeli surveillance firm filed a motion to dismiss the case earlier this month. Now both companies are providing technical details requested by the cyber-security experts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Surveillance Advertising Mobile

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

As a result, The majority of businesses (55 percent) are using some sort of a tool to monitor for insider threats; including data leak prevention (DLP) software (54 percent), user behavior analytics (UBA) software (50 percent), and employee monitoring and surveillance (47 percent). Yes, they are cheap to apply. They can be dynamic.

Marketing

Marketing Software Surveillance Information Security

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. According to the Gazeta Wyborcza daily, the spyware was used to spy on the phone of Jacek Karnowski, mayor of the city of Sopot, in 2018-2019. In 2023, the Polish senate declared the use of Pegasus spyware unlawful.

Spyware

Spyware Government Surveillance Hacking

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Group. ” The KISMET exploit chain doesn’t work against iOS 14 and above because the new mobile iOS implements additional security protections.

Hacking

Hacking Surveillance Spyware Government

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. The mobile version of the surveillance software in the first stage of the infection leverages the exploits to get root access. ” reads the Amnesty’s report.

Spyware

Spyware Surveillance Advertising Mobile

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

MAY 14, 2019

Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device. The bad news is that experts are aware of attacks exploiting the WhatsApp zero-day to deliver surveillance software.

Spyware

Spyware Surveillance Mobile Advertising

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ExpressVPN published an official response that confirmed the accusation of the DoJ but that pointed out that the experts took part to the Project Raven before he joined to the company in 2019.

Surveillance

Surveillance VPN Hacking Cybersecurity

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. ” reads the report published by Amnesty International.

Spyware

Spyware Surveillance Mobile Advertising

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

SEPTEMBER 15, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ” DOJ also ordered the former intelligence employees to cooperate with the relevant department and FBI components; they are also condemned to a lifetime ban on future US security clearances.

Surveillance

Surveillance Hacking Government Cybersecurity

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:27017 and 27018:2019? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification.

Manufacturing

Manufacturing Surveillance Information Security

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

The experts speculate the HOMAGE exploit was used since the last months of 2019, and involved an iMessage zero-click component that launched a WebKit instance in the com.apple.mediastream.mstreamd process, following a com.apple.private.alloy.photostream lookup for a Pegasus email address. .

Spyware

Spyware Surveillance Government Software

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

Security Affairs

OCTOBER 18, 2019

A researcher has published a proof-of-concept (PoC) exploit code for the CVE-2019-2215 zero-day flaw in Android recently addressed by Google. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215, in Android. SecurityAffairs – CVE-2019-2215, zero-day).

Advertising

Advertising Surveillance Security Defenses Marketing

Security Affairs newsletter Round 241

Security Affairs

NOVEMBER 24, 2019

The best news of the week with Security Affairs. Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365. Tianfu Cup 2019 – 11 teams earned a total of 545,000 for their Zero-Day Exploits. CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance.

Data breaches

Data breaches Wireless Banking Advertising

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

The attacks on the Togolese activists started in December 2019 and lasted two months. “The Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil society organizations and is an essential voice for human rights in the country. ” reads the post published by Amnesty.

Spyware

Spyware Surveillance Accountability Mobile

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

SEPTEMBER 20, 2024

German law enforcement agencies have been surveilling Tor network by operating their own servers for months. Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. ” reported the NDR.

Surveillance

Surveillance Data collection Media Encryption

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. ” reads the press release published by DoJ.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. According to the Gazeta Wyborcza daily, the spyware was used to spy on the phone of Jacek Karnowski, mayor of the city of Sopot, in 2018-2019.

Spyware

Spyware Surveillance Hacking Government

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

In 2015, the hacker who breached the systems of the Italian surveillance firm Hacking Team leaked a 400GB package containing hacking tools and exploits codes. Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019.

Firmware

Firmware Spyware Surveillance Hacking

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:2015 and 27018:2019? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification.

Manufacturing

Manufacturing Surveillance CISO Information Security

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. ” reads the paper published by the experts. Great Firewall Report experts revealed that recent versions of Shadowsocks (3.3.1

Firewall

Firewall Surveillance Internet Internet

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them. The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents.

Cybercrime

Cybercrime Surveillance Spyware Government

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox). The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox.

Spyware

Spyware Surveillance Media Malware

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

” Privacy advocates are raising the alarm on surveillance activities operated by law enforcement by collecting data from connected systems in modern cars. “New cars are surveillance on wheels, sending sensitive passenger data to carmakers and police.

Surveillance

Surveillance Technology Mobile Hacking

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media

Media Accountability Telecommunications Government

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against individuals and organizations of strategic interest to Teheran. ” The surveillance operations conducted by the APT group involved the distribution of Android malware such as VINETHORN and PINEFLOWER.

Surveillance

Surveillance Social Engineering Phishing Government

Massive DDos attack hit Telegram, company says most of junk traffic is from China

Security Affairs

JUNE 13, 2019

Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland. — Telegram Messenger (@telegram) June 12, 2019. — Pavel Durov (@durov) June 12, 2019. IP addresses coming mostly from China.

DDOS

DDOS Advertising Surveillance Encryption

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Evidence collected demonstrated that attackers exploited the CVE-2019-8506 flaw to execute malicious code in Safari. .” The iOS exploit chain used a framework based on Ironsquirrel to encrypt exploits delivered to the visitor’s browser. Google researchers pointed out that they were not able to retrieve the complete iOS chain.

Malware

Malware Media Surveillance Encryption

Security Affairs newsletter Round 301

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B

Phishing

Phishing Spyware Data breaches Surveillance

German authorities raid the offices of the FinFisher surveillance firm

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Trending Sources

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

EU officials were targeted with Israeli surveillance software

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Israeli surveillance firm QuaDream emerges from the dark

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

Poland probes Pegasus spyware abuse under the PiS government

Zero-day exploit used to hack iPhones of Al Jazeera employees

Unknown FinSpy Mac and Linux versions found in Egypt

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Why Edward Snowden is urging users to stop using ExpressVPN?

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

Security Affairs newsletter Round 241

Donot Team targets a Togo prominent activist with Indian-made spyware

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Pegasus spyware used to spy on a Polish mayor

Second-ever UEFI rootkit used in North Korea-themed attacks

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Researchers analyzed the PREDATOR spyware and its loader Alien

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Iran-linked APT42 is behind over 30 espionage attacks

Massive DDos attack hit Telegram, company says most of junk traffic is from China

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs newsletter Round 301

Stay Connected