2021, Information Security and Spyware - Cyber Security Informer

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. The former head of Poland’s internal security service was arrested Monday and brought before parliament to testify about prior government use of spyware against hundreds of individuals.

Spyware

Spyware Government Surveillance Hacking

Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware

Security Affairs

SEPTEMBER 23, 2021

Apple confirmed that at least one of the flaws was exploited by threat actors to infect the device with the NSO Pegasus spyware. and Macs with Security Update 2021-006 Catalina. The CVE-2021-30860 flaw can be triggered to execute arbitrary code by processing a maliciously crafted PDF. Pierluigi Paganini.

Spyware

Spyware Hacking Information Security Malware

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

Security Affairs

AUGUST 7, 2024

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. This AES key is then encrypted using a hardcoded public RSA key embedded in the spyware.

Spyware

Spyware Malware Encryption Data collection

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

Security Affairs

MAY 23, 2022

Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox. ” reads the advisory published by Google.

Spyware

Spyware Surveillance Government Banking

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Security Affairs

OCTOBER 25, 2021

Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group’s Pegasus spyware. The device was compromised two times, in July 2020 and June 2021.

Spyware

Spyware Hacking Backups Accountability

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild.

Spyware

Spyware Surveillance Mobile Hacking

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

Security Affairs

APRIL 11, 2024

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters. Reuters only mentioned India as one of the countries where users were targeted by the attacks.

Spyware

Spyware Mobile Hacking Government

Finnish diplomats’ devices infected with Pegasus spyware

Security Affairs

JANUARY 28, 2022

Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group’s Pegasus spyware. Finland’s Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with the infamous NSO Group’s Pegasus spyware. Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Risk

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents.

Spyware

Spyware Surveillance Hacking Government

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Cisco Talos and the Citizen Lab researchers have published a technical analysis of the powerful Android spyware Predator. Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox).

Spyware

Spyware Surveillance Media Malware

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Security Affairs

AUGUST 24, 2021

Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. Researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy NSO Group’s Pegasus spyware on Bahraini activists’ devices.

Spyware

Spyware Surveillance Hacking Mobile

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

Security Affairs

AUGUST 30, 2023

Google removed FlyGram from Google Play after January 6, 2021. The malware distributed by the nation-state actors is Android BadBazaar , which has been previously employed in attacks aimed at Uyghurs and other Turkic ethnic minorities. org) and a Telegram alternative app (flygram[.]org).” ” reads the analysis published by ESET.

Spyware

Spyware Accountability Malware Hacking

Experts warn of anomalous spyware campaigns targeting industrial firms

Security Affairs

JANUARY 21, 2022

Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email account credentials and carry out fraudulent activities. Pierluigi Paganini.

Spyware

Spyware Accountability Social Engineering Phishing

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Spyware

Spyware Surveillance Malware Government

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. Upon installing the two spyware, they request extensive device permissions.

Spyware

Spyware Surveillance Mobile Malware

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Security Affairs

NOVEMBER 24, 2021

federal court for illegally targeting its customers with the surveillance spyware Pegasus. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. radian) November 23, 2021. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S.

Spyware

Spyware Surveillance Software Hacking

XLoader, a $49 spyware that could target both Windows and macOS devices

Security Affairs

JULY 21, 2021

FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is capable of extracting data from HTTP sessions, keystroke logging, stealing clipboard contents. The post XLoader, a $49 spyware that could target both Windows and macOS devices appeared first on Security Affairs.

Spyware

Spyware Malware Cybercrime Advertising

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. CVE-2021-30883 internally referred to as Clicked2, marked as being exploited in-the-wild by Apple in October 2021. CVE-2020-9907 internally referred to as AveCesare. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

An international police operation dismantled FluBot spyware

Security Affairs

JUNE 2, 2022

Since March 2021, the malicious code was also employed in attacks aimed at several European countries as well as Japan. In March 2021, experts from Swiss security outfit PRODAFT estimated that the number of infected devices worldwide was approximately 60,000. Follow me on Twitter: @securityaffairs and Facebook.

Spyware

Spyware Malware Banking Cybercrime

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The investigation into the BadBazaar campaign started in late 2021 and is based on a tweet from @MalwareHunterTeam research team that was referencing a malicious English-Uyghur dictionary app.

Surveillance

Surveillance Spyware Malware Mobile

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. The exploit chains were used to install commercial spyware and malicious apps on targets’ devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Firmware Internet

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure.

Surveillance

Surveillance Spyware Risk Hacking

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware

Ransomware Passwords Scams Government

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Security Affairs

DECEMBER 16, 2021

Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations worldwide have been hit by the PseudoManuscrypt spyware.

Spyware

Spyware Energy and Utilities Malware Engineering

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Security Affairs

SEPTEMBER 13, 2021

Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858), the IT giant also warns its customers that these issues are actively exploited in attacks in the wild, come of which were reported by researchers from Citizen Lab. reads the analysis published by citizen L ab.

Spyware

Spyware Surveillance Hacking Mobile

Apple released emergency update to fix zero-day actively exploited

Security Affairs

OCTOBER 11, 2021

to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. ” The CVE-2021-30883 vulnerability was reported by an anonymous researcher. link] pic.twitter.com/GqzCcMIcum — Saar Amar (@AmarSaar) October 11, 2021. July 2021 – CVE-2021-30807 zero day.

Spyware

Spyware Hacking Mobile Information Security

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. The two surveillance firms employed the zero-click iMessage exploit dubbed FORCEDENTRY (CVE-2021-30860). as a zero-day.

Surveillance

Surveillance Spyware Government Hacking

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

Security Affairs

JULY 19, 2023

. “The proliferation and misuse of such commercial surveillance tools, including commercial spyware, pose distinct and growing security risks to the United States, facilitate repression, and enable human rights abuses. The surveillance firms were NSO Group and Candiru from Israel, Computer Security Initiative Consultancy PTE.

Surveillance

Surveillance Spyware Government Technology

Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit

Security Affairs

SEPTEMBER 28, 2021

Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Kaspersky experts shared the results of an 8-months investigation into FinSpy spyware at the Security Analyst Summit (SAS) 2021.

Spyware

Spyware Surveillance Firmware Malware

Security Affairs Malware Newsletter – Round 1

Security Affairs

JULY 7, 2024

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers I am Goot (Loader) Exposing FakeBat loader: distribution methods and adversary infrastructure MerkSpy: (..)

Malware

Malware Spyware Cybercrime Ransomware

Surveillance vendor exploited Samsung phone zero-days

Security Affairs

NOVEMBER 9, 2022

Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. Google reported the vulnerabilities to Samsung immediately after their discovery in late 2020s, and the vendor addressed them in March 2021.

Surveillance

Surveillance Spyware Mobile Manufacturing

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

TechCrunch reported that a zero-day exploits for popular applications like WhatsApp “are now worth millions of dollars” TechCrunch obtained leaked documents that demonstrate that, as of 2021, a zero-click, zero-day exploit for the Android version of WhatsApp had a bounty between $1.7 and $8 million.

Mobile

Mobile Marketing Spyware Surveillance

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. ” Security researchers said that Apple sent the warnings to its users targeted between February and September 2021. ” concludes the report.

Surveillance

Surveillance Software Spyware Hacking

Flubot Android banking Trojan spreads via fake security updates

Security Affairs

OCTOBER 2, 2021

Researchers at New Zealand’s computer emergency response team (CERT NZ) spotted the fake security warnings used to deceive the Android users: “Your device is infected with the FluBot® malware. Android has detected that your device has been infected,” states the fake security warning observed by the researchers.

Banking

Banking Malware Spyware Passwords

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

For instance, we see a new trend emerging in the criminal ecosystem of spyware-based authentication data theft, with each individual attack being directed at a very small number of targets (from single digits to several dozen). Such attacks are likely to comprise an even larger portion of the threat landscape next year.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

MARCH 6, 2024

” reads the security bulletin published by the company. The issue is likely chained with other flaws in an exploit used by a commercial spyware vendor or a nation-state actor. The second issue added to the Catalog is an OS Command Injection vulnerability in Sunhillo SureLine.

Spyware

Spyware Ransomware Cybersecurity Risk

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

Security Affairs

OCTOBER 29, 2021

1/6 pic.twitter.com/dBw0E5pj6r — ESET research (@ESETresearch) October 29, 2021. 5/6 pic.twitter.com/tuwQKJpFml — ESET research (@ESETresearch) October 29, 2021. In order to facilitate file encryption, the ransomware look for processes associated with backups, anti-virus/anti-spyware, and file copying and terminates them.

Encryption

Encryption Ransomware Spyware Malware

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

MAY 17, 2022

Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data from infected devices.

Spyware

Spyware Cryptocurrency VPN Malware

Al Jazeera detected and blocked disruptive cyberattacks

Security Affairs

JUNE 11, 2021

“Between June 5 and 8, 2021, Al Jazeera websites and platforms experienced continued electronic attacks aimed at accessing, disrupting, and controlling some of the news platforms. ” The series of attacks was observed between June 5 and 8, 2021, with a peak of these on Sunday evening, June 6.

Cyber Attacks

Cyber Attacks Media Hacking Spyware

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Security Affairs

JULY 19, 2022

The spyware is able to steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions. The Facestealer spyware was first spotted on July 2021 by Dr. Web researchers, the development team behind the threat has frequently changed its code.

Malware

Malware Spyware Banking Mobile

Ransomware attack disrupted store operations in the Netherlands and Germany

Security Affairs

NOVEMBER 8, 2021

Update November 8, 2021. The Hive gang has been active since June 2021, it implements a Ransomware-as-a-Service model and employs a wide variety of tactics, techniques, and procedures (TTPs). The Hive ransomware adds the.hive extension to the filename of encrypted files.

Computers and Electronics

Computers and Electronics Ransomware Retail Spyware

Poland probes Pegasus spyware abuse under the PiS government

Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware

Webinars

Trending Sources

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

Webinars

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Pegasus Project – how governments use Pegasus spyware against journalists

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

Finnish diplomats’ devices infected with Pegasus spyware

Pegasus spyware used to spy on a Polish mayor

Researchers analyzed the PREDATOR spyware and its loader Alien

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

Experts warn of anomalous spyware campaigns targeting industrial firms

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

XLoader, a $49 spyware that could target both Windows and macOS devices

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

An international police operation dismantled FluBot spyware

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Google TAG shares details about exploit chains used to install commercial spyware

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Cyber Security Roundup for May 2021

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Apple released emergency update to fix zero-day actively exploited

Israeli surveillance firm QuaDream emerges from the dark

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit

Security Affairs Malware Newsletter – Round 1

Surveillance vendor exploited Samsung phone zero-days

A WhatsApp zero-day exploit can cost several million dollars

EU officials were targeted with Israeli surveillance software

Flubot Android banking Trojan spreads via fake security updates

Threats to ICS and industrial enterprises in 2022

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Al Jazeera detected and blocked disruptive cyberattacks

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Ransomware attack disrupted store operations in the Netherlands and Germany

Stay Connected