Hot for Security

APRIL 5, 2021

But regular consumers are equally affected by cybercrime, directly or indirectly. A key stat: cybercrime in 2020 was marked by a visible and aggressive targeting of the human layer. A key stat: cybercrime in 2020 was marked by a visible and aggressive targeting of the human layer. Aligned efforts to capitalize on COVID-19.

Cybercrime 116

Cybercrime Ransomware Cyber threats Malware 116

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. SecurityAffairs – hacking, cybercrime). ” concludes the DoJ. Pierluigi Paganini.

Identity Theft 106

Identity Theft Computers and Electronics Surveillance Hacking 106

Security Affairs

MARCH 28, 2024

In 2023, the researchers attributed a combined total of 48 out of 58 zero-day vulnerabilities to commercial surveillance vendors (CSVs) and government espionage actors, while 10 zero-day flaws were attributed to financially motivated actors. The researchers also tracked at least four ransomware groups exploiting four zero-day vulnerabilities.

Government 139

Government Surveillance Ransomware Cybercrime 139

Security Affairs

OCTOBER 12, 2021

Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. The POC exploit code for this vulnerability is publicly available since July 2021. CVE-2021-2900 – Genexis PLATINUM 4410 2.1 P4410-V2-1.28

DDOS 117

DDOS Surveillance Hacking Internet 117

Security Affairs

JANUARY 9, 2022

” Recently media shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The above document, dated to January 7, 2021, was obtained through a FOIA request filed by the US nonprofit organization Property of the People.

Computers and Electronics 122

Computers and Electronics Encryption Surveillance Cybercrime 122

Security Affairs

APRIL 17, 2022

Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The unceasing action of Anonymous against Russia Threat actors target the Ukrainian gov with IcedID malware Threat actors use Zimbra exploits to target organizations in Ukraine Conti Ransomware Gang claims responsibility for the Nordex hack ZingoStealer crimeware released (..)

Wireless 100

Wireless Data breaches Hacking Surveillance 100

SecureWorld News

JULY 20, 2023

Commerce Department's Bureau of Industry and Security (BIS) has taken significant action to address the escalating concern surrounding the misuse of surveillance technology by foreign entities. government's growing concern about the role of surveillance technology in enabling campaigns of repression and human rights abuses.

Spyware 98

Spyware Surveillance Government Technology 98

Security Affairs

JUNE 10, 2022

The attack impacted the municipal police, surveillance cameras and ZTL traffic control systems, the authorities confirmed that the problems can last for days. Municipal Administration announced that demographic services are guaranteed. ” reads a statement issued by the Municipal Administration.

Ransomware 134

Ransomware Data breaches Cyber Attacks Surveillance 134

Security Affairs

JULY 20, 2023

Lookout first detected WyrmSpy as early as 2017, while it first discovered DragonEgg at the start of 2021. “After it’s installed and launched, WyrmSpy uses known rooting tools to gain escalated privileges to the device and perform surveillance activities specified by commands received from its C2 servers.

Spyware 98

Spyware Surveillance Mobile Malware 98

Security Affairs

APRIL 2, 2022

The Beastmode botnet also includes exploits for the following issues: CVE-2021-45382 targets D-Link products (DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L and DIR-836L) CVE-2021-4045 targets TP-Link Tapo C200 IP camera. CVE-2016-5674 targets NUUO NVRmini2, NVRsolo, Crystal Devices, and NETGEAR ReadyNAS Surveillance products.

DDOS 98

DDOS Firmware Surveillance IoT 98

Malwarebytes

SEPTEMBER 27, 2021

Uber scam lures victims with alert from a real Uber number Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18.

Phishing 70

Phishing Surveillance Malware Backups 70

Security Affairs

JULY 24, 2022

ransom and sued its insurance firm for refusing to cover this payment Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Google is going to remove App Permissions List from the Play Store Security Affairs newsletter Round 374 by Pierluigi Paganini APT groups target journalists and media organizations since 2021.

Spyware 107

Spyware Surveillance Malware Insurance 107

Security Affairs

JULY 31, 2022

and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop?

Malware 98

Malware Firmware Surveillance DDOS 98

SecureWorld News

MAY 3, 2022

In a press conference earlier this week, Félix Bolaños, the minister for the presidency, said Sánchez's phone was targeted in May and June 2021, while Robles was also targeted in June 2021. Pegasus spyware remains problematic around the world. Could Spain be spying on its own people?

Spyware 98

Spyware Government Surveillance Mobile 98

Security Affairs

AUGUST 29, 2021

EskyFun data leak, over 1 million Android gamers impacted Boffins show PIN bypass attack Mastercard and Maestro contactless payments Phorpiex botnet shuts down and authors put source code for sale Atlassian released security patches to fix a critical flaw in Confluence An RCE in Annke video surveillance product allows hacking the device ChaosDB, a (..)

Data breaches 107

Data breaches Spyware Hacking Ransomware 107

Malwarebytes

MAY 10, 2022

A majority of the Members of the European Parliament adopted the chat control regulation on July 6, 2021, allowing providers to scan communications voluntarily. Privacy advocates argue it brings the EU closer to the surveillance state that many see in other countries and that is a frightful image. I’m asking for me.

Encryption 101

Encryption Surveillance Artificial Intelligence Spyware 101

Security Affairs

FEBRUARY 13, 2022

to replace Chinese equipment Hackers breached a server of National Games of China days before the event Russian Gamaredon APT is targeting Ukraine since October Israeli surveillance firm QuaDream emerges from the dark Argo CD flaw could allow stealing sensitive data from Kubernetes Apps. US seizes $3.6 Pierluigi Paganini.

Ransomware 98

Ransomware Spyware Surveillance Hacking 98

Security Affairs

APRIL 16, 2023

Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals.

Accountability 98

Accountability Phishing Financial Services Surveillance 98

SecureList

FEBRUARY 26, 2021

The Coalition Against Stalkerware warns that stalkerware “may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” They still need physical access to the phone to jailbreak it, so iPhone users who fear surveillance should always keep an eye on their device.

Mobile 133

Mobile Surveillance Software Passwords 133

SecureWorld News

NOVEMBER 23, 2021

The opening lines of the lawsuit say it all: "Defendants are notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.". November 23, 2021. Cybercrime mercenary group tracked around the world. link] — Ivan Krsti?

Spyware 97

Spyware Surveillance Engineering Software 97

SecureWorld News

AUGUST 25, 2022

In 2021, NSO was blacklisted by the United States government as it knowingly provided spyware to foreign governments who used the tool maliciously. Its spyware product, Pegasus, has been used by various criminals and nation states to target individuals of interest, such as activists, politicians, and business leaders.

Spyware 98

Spyware Government Marketing Surveillance 98

SecureList

NOVEMBER 14, 2022

In another publication , Google also followed up on the activities of a similar vendor named Cytrox that had leveraged four 0-day vulnerabilities in a 2021 campaign. A recent leak has put it in the hands of cybercrime actors and it is very likely that by the end of the year we will see it involved in APT cases too. Drone hacking!

Firmware 128

Firmware Surveillance Mobile Telecommunications 128

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. com) and that StealthMutant was observed in this campaign only from February, 2021. What happened? ns.glbaitech[.]com) Loader MD5. 92.38.178[.]246.

Firmware 145

Firmware Malware Encryption Passwords 145

SecureList

NOVEMBER 14, 2023

The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026). As we look ahead, we might anticipate more occasional cases of advanced attacks to leverage consumer devices and smart home technology.

Hacking 141

Hacking Energy and Utilities Media Malware 141

Krebs on Security

NOVEMBER 5, 2024

Judische would repeat that claim in Star Chat on May 13 — the day before Santander publicly disclosed a data breach — and would periodically blurt out the names of other Snowflake victims before their data even went up for sale on the cybercrime forums. prosecutors and federal law enforcement agencies. million customers.

Cybercrime 275

Cybercrime Mobile Media Hacking 275

SecureList

OCTOBER 26, 2021

This is our latest installment, focusing on activities that we observed during Q3 2021. This activity seems to have continued and stretched into 2021, when we spotted a set of recent attacks using the same techniques and malware to gain a foothold in diplomatic organizations based in Central Asia. The most remarkable findings.

Malware 145

Malware Government Surveillance Spyware 145

SecureList

JULY 29, 2021

This is our latest installment, focusing on activities that we observed during Q2 2021. For further surveillance of the victim, the malware operator may also deploy additional tools. Interestingly, the exploit was found in the wild as part of a separate framework, alongside CVE-2021-1732 as well as other previously patched exploits.

Malware 145

Malware Phishing Password Management Social Engineering 145

Krebs on Security

MARCH 31, 2022

That was in March 2021, but there are similar fake EDR services on offer today. 30, Bug posted a sales thread to the cybercrime forum Breached[.]co In July 2021, Sen. And it tracked the activities of a teenage hacker from the United Kingdom who was reportedly arrested multiple times for sending fake EDRs.

Government 312

Government Accountability Education Media 312

Krebs on Security

MARCH 22, 2023

In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device.

Malware 320

Malware eCommerce Mobile Media 320

Krebs on Security

SEPTEMBER 30, 2024

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. They’re active-duty.” at Iza’s behest.

Cryptocurrency 311

Cryptocurrency Government Internet Internet 311

SecureList

NOVEMBER 17, 2021

Let’s start by looking at the predictions we made for 2021. Last year, we foresaw the APT and cybercrime worlds becoming more porous on an operational level. A very interesting campaign orchestrated by APT31 surfaced in 2021. One of the most iconic cyber-events of 2021 was the ransomware attack on Colonial Pipeline.

Mobile 145

Mobile Surveillance Ransomware Government 145

SecureList

APRIL 27, 2022

We also identified two samples developed in December 2021 containing test strings and preceding revisions of the ransom note observed in Microsoft’s shared samples. One of the identified samples was compiled on December 28, 2021, suggesting that this destructive campaign had been planned for months. … ?????? ??????!!!

Malware 145

Malware Firmware Government Phishing 145

Krebs on Security

MARCH 29, 2022

” On April 5, 2021, Everlynn posted a new sales thread to the cybercrime forum cracked[.]to But KT said each time Everlynn gets released from police custody, they go right back to committing the same cybercrimes. The phony message sent in November 2021 via the FBI’s email system.

Accountability 290

Accountability Government Hacking Social Engineering 290

Security Affairs

FEBRUARY 20, 2022

Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Banking 98

Banking Ransomware Spyware Surveillance 98

SecureList

OCTOBER 17, 2023

This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets. These are new variants of the same hacking tools that we first reported in August 2019, and later detailed again in June 2021. At that time, we showed that Owowa may have been developed by a Chinese-speaking individual.

Malware 140

Malware Government VPN Manufacturing 140

eSecurity Planet

OCTOBER 21, 2022

A report from IBM claims that 21% of all cyber attacks the company remediated in 2021 were ransomware, making it the most common type of attack in the report. Once a system is infected, ransomware attacks usually come in 3 stages: Surveillance: The hackers scan their target for more information on the system they are attacking.

Malware 75

Malware Adware Spyware Antivirus 75

eSecurity Planet

DECEMBER 19, 2023

Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. AI-Powered Cybercrime Despite the advancements in using AI to improve security, cybercriminals also have access to AI and LLMs.

Cybersecurity 140

Cybersecurity CISO Government Technology 140