Security Affairs

SEPTEMBER 11, 2023

CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog.

Spyware 132

Spyware Accountability Hacking Risk 132

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. The exploits were used to install commercial spyware and malicious apps on targets’ devices. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware 98

Spyware Surveillance Mobile Education 98

Security Affairs

JUNE 16, 2023

An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico.

Backups 98

Backups Spyware Malware Accountability 98

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. These add up to 144 million annually.

Media 139

Media Social Engineering Ransomware Hacking 139

SecureList

SEPTEMBER 24, 2024

Statistics collection principles For this report, we used anonymous statistics collected from July 2023 to June 2024 inclusive, by the Do Not Track (DNT) component, which prevents the loading of tracking elements that track user actions on websites. In South Asia, it accounted for 25.47% of DNT component triggers, and in East Asia – 24.45%.

Advertising 130

Advertising Technology Marketing Media 130

The Last Watchdog

SEPTEMBER 27, 2023

27, 2023 — Citing organized crime statutes, attorneys with Wisner Baum have filed the first RICO class action alleging that H&R Block, Meta, and Google jointly schemed to install spyware on the H&R Block site, scraping customers’ private tax return information for profit. Los Angeles, Calif., Learn more at WisnerBaum.com.

Spyware 100

Spyware Identity Theft Accountability Banking 100

SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. This feature bypass vulnerability (CVE-2023-29324) was itself patched in May.

Malware 138

Malware Ransomware Encryption Energy and Utilities 138

Malwarebytes

JUNE 29, 2023

From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users. As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts.

Spyware 98

Spyware Hacking Antivirus Passwords 98

SecureList

AUGUST 30, 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Quarterly figures According to Kaspersky Security Network, in Q2 2023: A total of 5,704,599 mobile malware, adware, and riskware attacks were blocked. 16.79 +3.52 0 2 Trojan.AndroidOS.Boogr.gsh 8.39

Mobile 98

Mobile Adware Banking Malware 98

eSecurity Planet

OCTOBER 2, 2023

September 29, 2023 Patch WS_FTP Now: 10 / 10 RCE Vulnerability Revealed Type of attack: Attackers can exploit unpatched vulnerabilities to perform remote code execution (RCE), directory traversal, cross-site scripting (XSS), SQL injection , cross-site request forgery (CSRF), and file enumeration attacks. RCE vulnerability CVE-2023-42117 = 8.1

DDOS 109

DDOS Encryption Software Ransomware 109

SecureList

MARCH 13, 2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. The data highlights of 2023 In 2023, a total of 31,031 unique users were affected by stalkerware, an increase on 2022 (29,312).

Mobile 108

Mobile Passwords Surveillance Technology 108

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 125

Spyware Data breaches Hacking Ransomware 125

SecureList

NOVEMBER 28, 2024

Later, in 2023, Elastic Lab published a report about an OceanLotus APT (aka APT32) attack that leveraged a new set of malicious tools called Spectral Viper. Epeius is a commercial spyware tool developed by an Italian company that claims to provide intelligence solutions to law enforcement agencies and governments.

Malware 118

Malware Government Software Spyware 118

SecureList

NOVEMBER 22, 2022

A look back on the year 2022 and what to expect in 2023. This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. Forecasts for 2023. Analysis of forecasts for 2022. Rise and consolidation of information stealers.

Cryptocurrency 106

Cryptocurrency Mobile Ransomware Banking 106

Malwarebytes

MARCH 1, 2023

Malware and phishing are two particular mobile threats that you need to defend against in 2023. Check Point 2023 Cyber Security Report) In addition, according to Malwarebytes research , 45 percent of schools reported that at least one cybersecurity incident last year started with Chromebooks or other mobile devices.

Mobile 93

Mobile Phishing Malware Adware 93

SecureList

AUGUST 30, 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. We had observed few victims compromised using Gopuram, but the number of infections increased in March 2023 — a spike that was directly related to the 3CX supply chain attack.

Malware 98

Malware Spyware Government Cryptocurrency 98

SecureList

JULY 27, 2023

This is our latest installment, focusing on activities that we observed during Q2 2023. The group’s latest activities, from September 2022 until March 2023, involve a new set of custom loaders and its private post-exploitation tool “Ninja,” used to help it remain undetected.

Malware 98

Malware Government Phishing Social Engineering 98

Malwarebytes

JUNE 6, 2024

For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023. It will not hide information such as passwords or financial account numbers and that data may be in snapshots that are stored on your device.

Identity Theft 145

Identity Theft Risk Spyware Passwords 145

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 98

Surveillance Malware Spyware Accountability 98

Security Affairs

DECEMBER 2, 2023

Researchers devised an attack technique to extract ChatGPT training data Fortune-telling website WeMystic exposes 13M+ user records Expert warns of Turtle macOS ransomware US govt sanctioned North Korea-linked APT Kimsuky Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022 Apple addressed 2 new (..)

Ransomware 123

Ransomware Hacking Spyware Cybercrime 123

SecureWorld News

NOVEMBER 30, 2023

The flaw, tracked as CVE-2023-6345 , marks the sixth Chrome Zero-Day exploit in 2023 and showcases a growing trend in major browsers suffering Zero-Day attacks. Such vulnerabilities can also serve as entry points for malware and spyware, endangering corporate networks.

Spyware 113

Spyware Surveillance Malware Risk 113

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 123

Spyware Surveillance DDOS Identity Theft 123

Security Affairs

APRIL 18, 2023

A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. “These indicator overlaps allow us to attribute the 2022 zero-click chains to NSO Group’s Pegasus spyware with high confidence. ” reads the report. and 14.4.2,

Surveillance 98

Surveillance Spyware Education Risk 98

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. CISA orders federal agencies to fix this flaw by April 28, 2023.

Backups 98

Backups Spyware Ransomware Education 98

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 123

Malware Cybercrime Hacking Cyber threats 123

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 128

DDOS VPN Data breaches Cybercrime 128

SecureList

DECEMBER 9, 2024

In 2023, cyberattacks using trusted relationships had already become one of the top three most common vectors , with this trend gaining new momentum in 2024. A major AI provider failure AI dominated our “ Story of the Year 2023 ” as the adoption of generative tools has already influenced nearly every aspect of our lives back then.

Internet 113

Internet Internet Risk Social Engineering 113

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches 98

Data breaches Spyware Surveillance Retail 98

Malwarebytes

SEPTEMBER 3, 2023

Last week on Malwarebytes Labs: 2.6

Spyware 103

Spyware Data breaches Scams Ransomware 103

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5 Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5 Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks 120

Cyber Attacks Firewall Data breaches Telecommunications 120

SecureList

NOVEMBER 2, 2023

Furthermore, the module transmits information about the victim’s contacts and accounts every five minutes. According to our findings, the spyware has been active since mid-August 2023. At the time of writing, all versions published in the channels since then contained malware.

Malware 145

Malware Spyware Mobile VPN 145

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Affairs

APRIL 4, 2023

The attacker can also use the compromised accounts to carry out lateral phishing attacks and further infiltrate the target organizations TA473 targeted US elected officials and staffers since at least February 2023. CISA orders federal agencies to fix this flaw by April 24, 2023.

Phishing 98

Phishing Government Spyware Passwords 98

Security Affairs

JUNE 29, 2023

According to a notice published by the company, the security incident took place on June 21, 2023. As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” reads a statement published by the company. ” reported TechCrunch.

Data breaches 98

Data breaches Spyware Hacking Accountability 98

Security Boulevard

FEBRUARY 17, 2025

The more accounts you have, the bigger your attack surface and potential exposure to data breaches. Tips for finding old accounts. Google's reCAPTCHA is not only useless, it's also basically spyware Techspot This study demonstrates Google's reCAPTCHA v2 and v3 are flawed and don't actually keep out bots.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Affairs

FEBRUARY 10, 2023

The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. On January 2023, the experts observed a minor number of campaigns, but with greater email volumes. Example email from January 23, 2023 campaign sent to a recipient in U.S.

Malware 98

Malware Phishing Spyware Cybercrime 98