2021, Information Security and Surveillance

Surveillance vendor exploited Samsung phone zero-days

Security Affairs

NOVEMBER 9, 2022

Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. Pierluigi Paganini.

Surveillance

Surveillance Spyware Mobile Manufacturing

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations.

Surveillance

Surveillance Hacking Banking Firmware

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. “The The politicians who inspired and commissioned these activities belong in prison.”

Spyware

Spyware Government Surveillance Hacking

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. CVE-2021-30983 internally referred to as Clicked3, fixed by Apple in December 2021.

Surveillance

Surveillance Mobile Spyware Telecommunications

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. as a zero-day.

Surveillance

Surveillance Spyware Government Hacking

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices. Pierluigi Paganini.

Surveillance

Surveillance Software Spyware Hacking

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

Security Affairs

JULY 19, 2023

government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. national security or foreign policy interests. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses.

Surveillance

Surveillance Spyware Government Technology

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

Security Affairs

MAY 23, 2022

Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. We assess the exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different govt-backed actors. ” continues the report.

Spyware

Spyware Surveillance Government Banking

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. ” reads the report. £We Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware

Spyware Surveillance Malware Government

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call. .”

Surveillance

Surveillance Spyware Malware Mobile

CPDP 2021 – Moderator: Eleni Kosta ‘The Use Of Ai In State Surveillance: Challenges For Privacy’

Security Boulevard

MAY 14, 2021

Our sincere thanks to CPDP 2021 - Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization's YouTube channel. The post CPDP 2021 – Moderator: Eleni Kosta ‘The Use Of Ai In State Surveillance: Challenges For Privacy’ appeared first on Security Boulevard.

Surveillance

Surveillance Education InfoSec Information Security

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. In the middle of September, the FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warned that nation-state APT groups were actively exploiting the CVE-2021-40539 flaw.

Healthcare

Healthcare Password Management Financial Services Surveillance

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 18, 2025

Security patches are available for the following devices: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. ” states Check Point.

Authentication

Authentication Surveillance Passwords Media

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

government surveillance. Amazon: €746 Million ($781 Million), 2021 In 2021, Amazon received a hefty fine for failing to secure proper consent for advertising cookies. Privacy Shield in 2020, Meta continued transferring data under a framework that was deemed insufficient to protect European citizens from U.S.

Data privacy

Data privacy Risk Surveillance Government

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser engine. “We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors. .

Surveillance

Surveillance Government Internet Internet

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance

Surveillance Government Hacking Encryption

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

CPDP 2021 – Moderator: Rosamunde Van Brakel ‘Involving Data Subjects In Democratic Oversight Of Police-Use Of Surveillance Technologies’

Security Boulevard

MAY 18, 2021

Our sincere thanks to CPDP 2021 - Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization's YouTube channel.

Surveillance

Surveillance Technology Education InfoSec

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

DECEMBER 1, 2021

Which are the most secure encrypted messaging apps? The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. FOIA [link] — PropertyOfThePeople (@PropOTP) November 29, 2021.

Encryption

Encryption Surveillance Hacking Information Security

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Security Affairs

DECEMBER 12, 2024

Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related to Ukrainian affairs, since October 2021.

Mobile

Mobile Malware Surveillance Social Engineering

CPDP 2021 – Moderator: John Davisson ‘Student Privacy At Risk Under Covid-19: Online Test Proctoring Brings AI And Surveillance Into Students’ Homes’

Security Boulevard

MAY 2, 2021

Our sincere thanks to CPDP 2021 - Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization's YouTube channel.

Surveillance

Surveillance Risk Education InfoSec

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. ” reads the analysis published by Google.

Malware

Malware Media Surveillance Encryption

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

OCTOBER 21, 2022

From the United Kingdom Home Office’s misleadingly named No Place to Hide anti-encryption campaign, to India’s Intermediary Guidelines and Digital Media Ethics Code , to Australia’s Assistance and Access Act of 2018 and its 2021.

Encryption

Encryption Government Artificial Intelligence Surveillance

QNAP fixes multiple flaws, including a QVR RCE vulnerability

Security Affairs

MAY 6, 2022

QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software.

Surveillance

Surveillance Hacking Software Cybersecurity

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

Security Affairs

NOVEMBER 25, 2021

The campaign was first spotted in mid-September 2021 by ShadowChasing. aspx pic.twitter.com/fHsgAshCNc — Shadow Chaser Group (@ShadowChasing1) September 15, 2021. The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. docx URL: hxxp://hr.dedyn.io/word.html

Surveillance

Surveillance Social Engineering Ransomware Cybercrime

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. This time, the Cybernews research team found 3.5

Surveillance

Surveillance Manufacturing Internet Internet

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

TechCrunch reported that a zero-day exploits for popular applications like WhatsApp “are now worth millions of dollars” TechCrunch obtained leaked documents that demonstrate that, as of 2021, a zero-click, zero-day exploit for the Android version of WhatsApp had a bounty between $1.7 and $8 million.

Mobile

Mobile Marketing Spyware Surveillance

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

SEPTEMBER 20, 2024

German law enforcement agencies have been surveilling Tor network by operating their own servers for months. Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. ” reported the NDR.

Surveillance

Surveillance Data collection Media Hacking

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Security Affairs

AUGUST 24, 2021

The iPhones of nine activists, including members of the Bahrain Center for Human Rights , Waad , Al Wefaq , were infected with Pegasus spyware as part of a surveillance operation likely orchestrated by a threat actor tracked as LULU and attributed with high confidence to the government of Bahrain. ” concludes the report.

Spyware

Spyware Surveillance Hacking Mobile

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox). The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox.

Spyware

Spyware Surveillance Media Malware

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. “We The politicians who inspired and commissioned these activities belong in prison.”

Spyware

Spyware Surveillance Hacking Government

CPDP 2021 – Moderator: Chloé Berthélémy ‘New Police Surveillance Technologies: Combatting The Science Fiction Collectively – A Civil Society Perspective’

Security Boulevard

MAY 21, 2021

Our sincere thanks to CPDP 2021 - Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization's YouTube channel. Speakers: Chris Jones, Amba Kak, Alyna Smith, Petra Molnar.

Surveillance

Surveillance Technology Education InfoSec

An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it

Security Affairs

DECEMBER 23, 2022

An Iranian group hacked dozens of CCTV cameras in Israel in 2021 and maintained access for a long period of time. In 2021, the group published footage on its Telegram channel of the surroundings of Israel’s Rafael defense contractor factory in Haifa, as well as footage from cameras throughout Israeli cities of Jerusalem and Tel Aviv.

Hacking

Hacking Surveillance Internet Internet

Al Jazeera detected and blocked disruptive cyberattacks

Security Affairs

JUNE 11, 2021

“Between June 5 and 8, 2021, Al Jazeera websites and platforms experienced continued electronic attacks aimed at accessing, disrupting, and controlling some of the news platforms. ” The series of attacks was observed between June 5 and 8, 2021, with a peak of these on Sunday evening, June 6.

Cyber Attacks

Cyber Attacks Media Hacking Spyware

CPDP 2021 – Moderator: Alexander Fanta ‘Smile For The Camera, You Are Being Watched’, Workplace Surveillance: Enforcing Worker’s Rights’

Security Boulevard

APRIL 20, 2021

Our sincere thanks to CPDP 2021 - Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization's YouTube channel. Speakers: Ella Jakubowska, Aida Ponce Del Castillo, Clément Nyaletsossi Voule, Birthe Dedden, Johannes Caspar.

Surveillance

Surveillance Education InfoSec Information Security

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Security Affairs

NOVEMBER 24, 2021

Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. federal court for illegally targeting its customers with the surveillance spyware Pegasus. radian) November 23, 2021. ” reads the announcement published by Apple.

Spyware

Spyware Surveillance Software Hacking

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

link] — Edward Snowden (@Snowden) September 16, 2021. The surveillance it represents is completely antithetical to our mission.” Edward Snowden expressed concerns about the VPN service offered by ExpressVPN and has warned users to stop using it. If you're an ExpressVPN customer, you shouldn't be.

Surveillance

Surveillance VPN Hacking Cybersecurity

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. ” “CVE-2021-28372 poses a huge risk to an end user’s security and privacy and should be mitigated appropriately.

IoT

IoT Hacking Social Engineering Firmware

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Security Affairs

SEPTEMBER 13, 2021

Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild. We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. reads the analysis published by citizen L ab.

Spyware

Spyware Surveillance Hacking Mobile

Surveillance vendor exploited Samsung phone zero-days

White hat hackers gained access more than 150,000 surveillance cameras

Webinars

Trending Sources

Poland probes Pegasus spyware abuse under the PiS government

Webinars

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Israeli surveillance firm QuaDream emerges from the dark

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

EU officials were targeted with Israeli surveillance software

An RCE in Annke video surveillance product allows hacking the device

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

European firm DSIRF behind the attacks with Subzero surveillance malware

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

CPDP 2021 – Moderator: Eleni Kosta ‘The Use Of Ai In State Surveillance: Challenges For Privacy’

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Increased GDPR Enforcement Highlights the Need for Data Security

Google: four zero-day flaws have been exploited in the wild

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Pegasus Project – how governments use Pegasus spyware against journalists

CPDP 2021 – Moderator: Rosamunde Van Brakel ‘Involving Data Subjects In Democratic Oversight Of Police-Use Of Surveillance Technologies’

FBI training document shows lawful access to multiple encrypted messaging apps

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

CPDP 2021 – Moderator: John Davisson ‘Student Privacy At Risk Under Covid-19: Online Test Proctoring Brings AI And Surveillance Into Students’ Homes’

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

QNAP fixes multiple flaws, including a QVR RCE vulnerability

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

3.5m IP cameras exposed, with US in the lead

A WhatsApp zero-day exploit can cost several million dollars

Tor Project responded to claims that law enforcement can de-anonymize Tor users

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Researchers analyzed the PREDATOR spyware and its loader Alien

Pegasus spyware used to spy on a Polish mayor

CPDP 2021 – Moderator: Chloé Berthélémy ‘New Police Surveillance Technologies: Combatting The Science Fiction Collectively – A Civil Society Perspective’

An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it

Al Jazeera detected and blocked disruptive cyberattacks

CPDP 2021 – Moderator: Alexander Fanta ‘Smile For The Camera, You Are Being Watched’, Workplace Surveillance: Enforcing Worker’s Rights’

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Why Edward Snowden is urging users to stop using ExpressVPN?

Kalay cloud platform flaw exposes millions of IoT devices to hack

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Stay Connected