2023 and Spyware - Cyber Security Informer

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. Poland’s government has been investigating the alleged misuse of Pegasus spyware by the previous administration and arrested the former head of Poland’s internal security service Piotr Pogonowski.

Spyware

Spyware Government Surveillance Hacking

Zero-Click Exploit in iPhones

Schneier on Security

SEPTEMBER 13, 2023

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. “We refer to the exploit chain as BLASTPASS.

Spyware

Spyware Accountability

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Bleeping Computer

MARCH 27, 2024

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. [.]

Spyware

New iPhone Exploit Uses Four Zero-Days

Schneier on Security

JANUARY 4, 2024

This attachment exploits the remote code execution vulnerability CVE-2023-41990 in the undocumented, Apple-only ADJUST TrueType font instruction. This was mitigated as CVE-2023-38606. The Safari exploit uses CVE-2023-32435 to execute a shellcode. It uses the same vulnerabilities: CVE-2023-32434 and CVE-2023-38606.

Spyware

Spyware Authentication

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

SEPTEMBER 12, 2023

7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. Apple says the iOS flaw ( CVE-2023-41064 ) does not seem to work against devices that have its ultra-paranoid “ Lockdown Mode ” enabled.

Spyware

Spyware Software Surveillance Authentication

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Security Affairs

SEPTEMBER 7, 2023

Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect devices with NSO Group ’s Pegasus spyware.

Spyware

Spyware Accountability Hacking Mobile

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

Security Boulevard

MARCH 28, 2024

The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google cybersecurity experts.

Spyware

Spyware Cybersecurity Mobile Malware

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

The Hacker News

SEPTEMBER 8, 2023

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. CVE-2023-41064

Spyware

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

The Hacker News

SEPTEMBER 22, 2023

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.

Spyware

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

The Hacker News

OCTOBER 4, 2023

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices.

Spyware

Spyware Malware

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

The Hacker News

SEPTEMBER 14, 2023

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023.

Spyware

Spyware Government

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

The Hacker News

FEBRUARY 19, 2024

The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.)

Spyware

Spyware Surveillance Threat Reports Malware

Pegasus spyware and how it exploited a WebP vulnerability

Malwarebytes

SEPTEMBER 27, 2023

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. The exploit chain based on these vulnerabilities was capable of compromising devices without any interaction from the victim and were reportedly used by the NSO Group to deliver its infamous Pegasus spyware.

Spyware

Spyware Surveillance Mobile Software

Predator spyware vendor banned in US

Malwarebytes

MARCH 7, 2024

The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of the use of the spyware against Americans, including US government officials, journalists, and policy experts.

Spyware

Spyware Surveillance Government Mobile

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild.

Spyware

Spyware Surveillance Mobile Hacking

Google says spyware vendors behind most zero-days it discovers

Bleeping Computer

FEBRUARY 6, 2024

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. [.]

Spyware

Spyware Mobile

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices. In early April, U.S.

Spyware

Spyware Surveillance Firmware Hacking

The iPhone of a Russian journalist was infected with the Pegasus spyware

Security Affairs

SEPTEMBER 14, 2023

The iPhone of a prominent Russian journalist, who is at odds with Moscow, was infected with NSO Group’s Pegasus spyware. The iPhone of the Russian journalist Galina Timchenko was compromised with NSO Group’s Pegasus spyware. The threat actors used a zero-click exploit, likely the PWNYOURHOME. ” reported Citizen Lab.

Spyware

Spyware Surveillance Media Government

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware

Spyware Malware Mobile Marketing

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. In 2023, TAG identified 250 days actively exploited in the wild, 20 of which were exploited by Commercial Surveillance Vendors (CSVs). ” reads the report published by Google.

Spyware

Spyware Surveillance Government Software

CISA Issues Alert to Secure iPhones Against Pegasus Spyware Zero-Days

SecureWorld News

SEPTEMBER 13, 2023

Alarming details have emerged about the exploitation of two Zero-Day vulnerabilities to deploy NSO Group's Pegasus commercial spyware on iPhones. These vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061 , were actively abused as part of a zero-click exploit chain, according to security researchers at The Citizen Lab.

Spyware

Spyware Government Cybersecurity Backups

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Surveillance

Surveillance Spyware Passwords Hacking

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware

Spyware Surveillance Software Hacking

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Spooky fact : According to research from Proofpoint , in 2023, 71% of organizations experienced at least one successful phishing attack, and they remain one of the most prevalent forms of cyber threats. million, almost an increase of $1 million from 2023 , proving that these "vampires" are more active—and greedier—than ever.

IoT

IoT Phishing DDOS Backups

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

Security Boulevard

SEPTEMBER 25, 2023

The post More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator appeared first on Security Boulevard. Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government.

Spyware

Spyware Government Social Engineering Data privacy

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

Security Affairs

AUGUST 30, 2023

ESET reported Signal Plus Messenger to both Google Play and Samsung Galaxy Store on April 27, 2023. Google removed the tainted app on May 23 rd , 2023. The malware distributed by the nation-state actors is Android BadBazaar , which has been previously employed in attacks aimed at Uyghurs and other Turkic ethnic minorities.

Spyware

Spyware Accountability Malware Hacking

Threat landscape for industrial automation systems. Statistics for H1 2023

SecureList

SEPTEMBER 13, 2023

Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 In H1 2023, however, those were the very regions where the percentages of attacked ICS computers increased by the most percentage points. pp) and energy (by 1.5

Spyware

Spyware Internet Internet Manufacturing

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 15, 2025

However, the circumstance that the Citizen Lab researchers discovered the attack suggests that the threat actor may have used a zero-day exploit to deliver commercial spyware in highly targeted attacks. Such kinds of attacks often rely on zero-day exploits to target journalists, dissidents, and opposition politicians with spyware.

Spyware

Spyware DDOS Hacking Authentication

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

Security Affairs

FEBRUARY 10, 2025

However, the circumstance that the Citizen Lab researchers discovered the attack suggests that the threat actor may have used a zero-day exploit to deliver commercial spyware in highly targeted attacks. Such kinds of attacks often rely on zero-day exploits to target journalists, dissidents, and opposition politicians with spyware.

Spyware

Spyware Media Hacking Accountability

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. Most recent samples of DraginEgg are dated April 2023. ” continues the report.

Spyware

Spyware Surveillance Mobile Malware

Android Malware Surge: Adware Trojans, Spyware Trojans, and Banking Malware on the Rise

Penetration Testing

NOVEMBER 24, 2023

According to the latest report from Dr.Web, a company specializing in cybersecurity, October 2023 witnessed a significant surge in the activity of malicious software targeting Android-based mobile devices.

Adware

Adware Spyware Banking Malware

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 11, 2023

CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Accountability Hacking Risk

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. The exploits were used to install commercial spyware and malicious apps on targets’ devices. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware

Spyware Surveillance Mobile Education

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

Malwarebytes

MAY 28, 2024

As you may have read many times before on our blog, some spyware companies have a surprisingly low standard of security. Daigle found that pcTattleTale’s Application Programming Interface (API) allows any attacker to access the most recent screen capture recorded from any device on which the spyware is installed.

Spyware

Spyware Software Malware Mobile

Updated Android spyware GravityRAT steals WhatsApp Backups

Security Affairs

JUNE 16, 2023

An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico.

Backups

Backups Spyware Malware Accountability

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. These add up to 144 million annually.

Media

Media Social Engineering Ransomware Hacking

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. The exploit chains were used to install commercial spyware and malicious apps on targets’ devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Firmware Internet

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. This feature bypass vulnerability (CVE-2023-29324) was itself patched in May.

Malware

Malware Ransomware Encryption Energy and Utilities

Web tracking report: who monitored users’ online activities in 2023–2024 the most

SecureList

SEPTEMBER 24, 2024

Statistics collection principles For this report, we used anonymous statistics collected from July 2023 to June 2024 inclusive, by the Do Not Track (DNT) component, which prevents the loading of tracking elements that track user actions on websites. The statistics consist of anonymized data provided by users voluntarily.

Advertising

Advertising Technology Marketing Media

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. The problem: The vulnerabilities ( CVE-2023-39238 , CVE-2023-39239 and CVE-2023-39240 ), with a CVSS v3.1 score of 9.8

VPN

VPN Authentication Firmware Phishing

Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

eSecurity Planet

OCTOBER 2, 2023

September 29, 2023 Patch WS_FTP Now: 10 / 10 RCE Vulnerability Revealed Type of attack: Attackers can exploit unpatched vulnerabilities to perform remote code execution (RCE), directory traversal, cross-site scripting (XSS), SQL injection , cross-site request forgery (CSRF), and file enumeration attacks. RCE vulnerability CVE-2023-42117 = 8.1

DDOS

DDOS Encryption Software Ransomware

IT threat evolution in Q2 2023. Mobile statistics

SecureList

AUGUST 30, 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Quarterly figures According to Kaspersky Security Network, in Q2 2023: A total of 5,704,599 mobile malware, adware, and riskware attacks were blocked. 16.79 +3.52 0 2 Trojan.AndroidOS.Boogr.gsh 8.39

Mobile

Mobile Adware Banking Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

Poland probes Pegasus spyware abuse under the PiS government

Zero-Click Exploit in iPhones

Trending Sources

Google: Spyware vendors behind 50% of zero-days exploited in 2023

New iPhone Exploit Uses Four Zero-Days

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Pegasus spyware and how it exploited a WebP vulnerability

Predator spyware vendor banned in US

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Google says spyware vendors behind most zero-days it discovers

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

The iPhone of a Russian journalist was infected with the Pegasus spyware

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

CISA Issues Alert to Secure iPhones Against Pegasus Spyware Zero-Days

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

Threat landscape for industrial automation systems. Statistics for H1 2023

Top 2023 Security Affairs cybersecurity stories

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Android Malware Surge: Adware Trojans, Spyware Trojans, and Banking Malware on the Rise

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

Updated Android spyware GravityRAT steals WhatsApp Backups

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Google TAG shares details about exploit chains used to install commercial spyware

IT threat evolution Q3 2023

Web tracking report: who monitored users’ online activities in 2023–2024 the most

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

IT threat evolution in Q2 2023. Mobile statistics

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Stay Connected