Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild.

Spyware 127

Spyware Surveillance Mobile Hacking 127

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. The exploits were used to install commercial spyware and malicious apps on targets’ devices. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware 98

Spyware Surveillance Mobile Education 98

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Surveillance 131

Surveillance Spyware Passwords Hacking 131

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 132

Spyware Surveillance Software Hacking 132

Security Affairs

JULY 19, 2023

government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses. national security or foreign policy interests.

Surveillance 98

Surveillance Spyware Government Technology 98

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). However, much of the victim data points to its broader usage, which indicates targeted surveillance efforts towards minorities within Iran.”

Surveillance 98

Surveillance Malware Spyware Accountability 98

Security Affairs

JULY 20, 2023

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. Most recent samples of DraginEgg are dated April 2023.

Spyware 98

Spyware Surveillance Mobile Malware 98

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. The exploit chains were used to install commercial spyware and malicious apps on targets’ devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware 98

Spyware Surveillance Firmware Internet 98

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. In 2022, the GReAT team tracked several threat actors leveraging SilentBreak’s toolset as well as a commercial Android spyware we named MagicKarakurt. What we predicted in 2022.

Firmware 128

Firmware Surveillance Mobile Telecommunications 128

SecureList

MARCH 13, 2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Nevertheless, iPhone users fearing surveillance should always keep a close eye on their device.

Mobile 108

Mobile Passwords Surveillance Technology 108

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. ” reads the report.

Surveillance 98

Surveillance Spyware Education Risk 98

Security Affairs

OCTOBER 16, 2023

— Signal (@signalapp) October 16, 2023 The company also added that it has checked with the U.S. 2/ — Signal (@signalapp) October 16, 2023 Rumors circulated over the weekend about a zero-day flaw in the Signal platform that could be exploited to take over the target device.

Spyware 120

Spyware Surveillance Encryption Mobile 120

SecureList

NOVEMBER 28, 2024

Later, in 2023, Elastic Lab published a report about an OceanLotus APT (aka APT32) attack that leveraged a new set of malicious tools called Spectral Viper. Epeius is a commercial spyware tool developed by an Italian company that claims to provide intelligence solutions to law enforcement agencies and governments.

Malware 118

Malware Government Software Spyware 118

Security Affairs

OCTOBER 5, 2023

The surveillance market is literally exploding, intelligence agencies, law enforcement bodies and zero-day brokers are competing to buy exploits that can allow them to compromise devices and apps. It’s unclear if these patches fixed the flaws underlying the exploits that were on sale in 2021.”

Mobile 139

Mobile Marketing Spyware Surveillance 139

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 124

Spyware Surveillance DDOS Identity Theft 124

Security Affairs

FEBRUARY 22, 2023

Apple updated its advisories by adding three new vulnerabilities, tracked as CVE-2023-23520, CVE-2023-23530 and CVE-2023-23531, that affect iOS, iPadOS , and macOS. An attacker can trigger the CVE-2023-23530 flaw to execute arbitrary code out of its sandbox or with certain elevated privileges. ” reads the advisory.

Surveillance 98

Surveillance Spyware Hacking Software 98

Security Affairs

SEPTEMBER 3, 2023

Hacks QakBot, Quietly Removes Botnet Infections Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs Why is.US Being Used to Phish So Many of Us?

Social Engineering 124

Social Engineering Data breaches Spyware Malware 124

SecureWorld News

NOVEMBER 30, 2023

The flaw, tracked as CVE-2023-6345 , marks the sixth Chrome Zero-Day exploit in 2023 and showcases a growing trend in major browsers suffering Zero-Day attacks. Such vulnerabilities can also serve as entry points for malware and spyware, endangering corporate networks.

Spyware 113

Spyware Surveillance Malware Risk 113

Security Boulevard

FEBRUARY 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Google's reCAPTCHA is not only useless, it's also basically spyware Techspot This study demonstrates Google's reCAPTCHA v2 and v3 are flawed and don't actually keep out bots. Tips for finding old accounts.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Affairs

APRIL 16, 2023

New Android malicious library Goldoson found in 60 apps +100M downloads Siemens Metaverse exposes sensitive corporate data CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog Volvo retailer leaks sensitive files A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays Google fixed (..)

Data breaches 98

Data breaches Spyware Surveillance Retail 98

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 98

Spyware Hacking Data breaches Mobile 98

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 121

Cyber Attacks Firewall Data breaches Telecommunications 121

Hackology

NOVEMBER 11, 2023

The emergence of Kamran spyware, targeting users of a regional news website, has raised concerns among cybersecurity experts. Distributed through a possible watering-hole attack on the Hunza News website , the spyware prompts users to grant permissions, allowing access to sensitive data.

Spyware 45

Spyware Malware Risk Mobile 45

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

SEPTEMBER 1, 2024

Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong EU investigating Telegram over user numbers Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Malware 118

Malware Surveillance Firewall Phishing 118

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Affairs

DECEMBER 15, 2024

CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.S.

Firewall 63

Firewall Spyware Surveillance Cybercrime 63

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking 118

Banking Malware Computers and Electronics Mobile 118

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking 141

Hacking Energy and Utilities Media Malware 141

Security Affairs

JANUARY 10, 2021

It is a great question, particularly when you consider that $167 Billion was spent on Cybersecurity in 2019 and this is predicted to increase to $248 Billion by 2023 [Source: Forbes ]. If you consider any other major criminal activity such as robbing a Bank, it always requires surveillance and planning first. 4securitas.com ).

Cyber Attacks 124

Cyber Attacks Government Software Surveillance 124

eSecurity Planet

MARCH 27, 2023

Exploitation of enterprise IT zero-day vulnerabilities are continuing into 2023, led by a Fortra GoAnywhere zero-day that has been behind more than a hundred attacks by the Clop ransomware group.

Firewall 104

Firewall Internet Internet Ransomware 104

Hacker's King

MAY 20, 2023

You may also like: Ways To Earn Passive Income In Cyber Security In 2023 Brute Force Attacks: Cracking the Code In certain cases, hackers may employ brute force attacks to gain access to an account without triggering the 2FA process. Attackers may exploit call-forwarding techniques to intercept verification codes sent via SMS or voice calls.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

SecureList

MARCH 8, 2023

Other types of monitoring or spyware apps that fall outside of the Coalition’s definition are not included in the report statistics. iPhone users fearing surveillance should always keep an eye on their device. This means that the affected number of users have been targeted by stalkerware only.

Mobile 122

Mobile Software Accountability Cybersecurity 122

Security Affairs

SEPTEMBER 9, 2024

Researchers warn of a fresh cluster of activity associated with the Predator spyware using a new infrastructure, following the U.S. Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium.

Spyware 135

Spyware Surveillance Government Risk 135

Security Affairs

MARCH 5, 2024

government sanctioned two individuals and five entities linked to the development and distribution of the Predator spyware used to target Americans. The surveillance software was also used to spy on U.S. The Department of the Treasury warns that the proliferation of commercial spyware poses growing risks to the United States.

Spyware 132

Spyware Surveillance Government Technology 132

Security Affairs

FEBRUARY 6, 2024

government imposes visa restrictions on individuals who are involved in the illegal use of commercial spyware. State Department announced it is implementing a new policy to impose visa restrictions on individuals involved in the misuse of commercial spyware. The policy underscores the U.S. The policy underscores the U.S.

Spyware 125

Spyware Surveillance Government Technology 125

Security Affairs

APRIL 23, 2024

Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. ” In February, the U.S. .

Spyware 128

Spyware Surveillance Government Technology 128