2023, Firmware and Spyware - Cyber Security Informer

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices. In early April, U.S.

Spyware

Spyware Surveillance Firmware Hacking

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. In 2022, the GReAT team tracked several threat actors leveraging SilentBreak’s toolset as well as a commercial Android spyware we named MagicKarakurt. What we predicted in 2022.

Firmware

Firmware Surveillance Mobile Telecommunications

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. The exploit chains were used to install commercial spyware and malicious apps on targets’ devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Firmware Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Android malware, Android malware and more Android malware

SecureList

MARCH 20, 2024

In 2023 , our technologies blocked 33.8 One of 2023’s most resonant attacks was Operation Triangulation , targeting iOS, but that was rather a unique case. Instead, it is a full-fledged spyware application that collects SMS messages, keystrokes, etc. Conclusion In 2023, we detected more than 1.3

Malware

Malware Mobile Firmware Spyware

Operation Triangulation attacks relied on an undocumented hardware feature

Security Affairs

DECEMBER 28, 2023

In June, Kaspersky announced that after a six-month-long investigation, they completed the collection of all the components of the attack chain and the analysis of the spyware implant, tracked as TriangleDB. The spyware is directly deployed in memory, but if the victim reboots the device the malware doesn’t persist.

Spyware

Spyware Firmware Mobile Malware

Operation Triangulation: The last (hardware) mystery

SecureList

DECEMBER 27, 2023

Today, on December 27, 2023, we ( Boris Larin , Leonid Bezvershenko , and Georgy Kucherin ) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. This was mitigated as CVE-2023-38606.

Firmware

Firmware Engineering Spyware Retail

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking

Banking Malware Computers and Electronics Mobile

Privacy Roundup: Week 7 of Year 2025

Security Boulevard

FEBRUARY 17, 2025

Google's reCAPTCHA is not only useless, it's also basically spyware Techspot This study demonstrates Google's reCAPTCHA v2 and v3 are flawed and don't actually keep out bots. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw).

Surveillance

Surveillance Data breaches VPN Malware

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking

Hacking Energy and Utilities Media Malware

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns. Spooky fact : According to research from Proofpoint , in 2023, 71% of organizations experienced at least one successful phishing attack, and they remain one of the most prevalent forms of cyber threats.

IoT

IoT Phishing DDOS Backups

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. The problem: The vulnerabilities ( CVE-2023-39238 , CVE-2023-39239 and CVE-2023-39240 ), with a CVSS v3.1 score of 9.8

VPN

VPN Authentication Firmware Phishing

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 22, 2024

CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog ConnectOnCall data breach impacted over 900,000 individuals Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise (..)

Data breaches

Data breaches Cybercrime Spyware Firmware

Cyber Security Informer

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Advanced threat predictions for 2023

Webinars

Trending Sources

Google TAG shares details about exploit chains used to install commercial spyware

Webinars

Android malware, Android malware and more Android malware

Operation Triangulation attacks relied on an undocumented hardware feature

Operation Triangulation: The last (hardware) mystery

IT threat evolution Q1 2024

Privacy Roundup: Week 7 of Year 2025

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Advanced threat predictions for 2024

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected