Accountability, Information Security and Surveillance

Apple Guidance on Intimate Partner Surveillance

Adam Shostack

MAY 6, 2021

The document includes checklists, which are available separately: If you want to see if anyone else has access to your device or accounts. Defending against attackers who are both authorized and “interface-bound” is a weird problem for information security, as traditionally defined.

Surveillance

Surveillance Information Security Accountability Technology

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

.” These searches are legal when conducted for the purpose of foreign surveillance, but the worry about using them domestically is that they are unconstitutionally broad. The very nature of these searches requires mass surveillance. The FBI does not conduct mass surveillance. The FBI does not conduct mass surveillance.

Surveillance

Surveillance Wireless Accountability Architecture

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. The WIS, among other things, allows defendants clients to send cipher files with installation vectors that ultimately allow the clients to surveil target users.” ” The U.S.

Spyware

Spyware Surveillance Software Hacking

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations.

Surveillance

Surveillance Hacking Banking Firmware

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

JULY 12, 2020

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. The move aims at fighting the advertising of any form of surveillance. The tech giant announced that the update will be effective starting from August 11, 2020. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Marketing

Apple Guidance on Intimate Partner Surveillance

Adam Shostack

JANUARY 2, 2025

They're reasonable from the perspective that information security has long been defined as the ability of system owners to implement their policies, and to have assurance in those implementations. These objections are simultaneously reasonable and not.

Surveillance

Surveillance Information Security Risk Accountability

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. This is the latest example of why spyware companies must be held accountable for their unlawful actions. Weve reached out directly to people who we believe were affected.

Spyware

Spyware Hacking Surveillance Malware

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. According to the NSO CEO, Facebook was interested in improving surveillance capabilities on iOS devices of the Onavo Protect. ” Who will win? Facebook or NSO Group? Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Government

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

. — Operation Zero (@opzero_en) March 20, 2025 A zero-day broker like Operation Zero might be willing to pay millions for Telegram exploits for several reasons, including: Government and Intelligence Demand Telegram is widely used for secure communication, including by journalists, activists, dissidents, and political figures.

Government

Government Surveillance Mobile Hacking

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying. Or another video in which Massachusetts police officers were questioning a handcuffed man in custody.

Surveillance

Surveillance IoT Accountability Passwords

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices. .”

Surveillance

Surveillance Software Spyware Hacking

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Security Affairs

APRIL 17, 2023

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Surveillance

Surveillance Spyware Education Media

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity. .

Surveillance

Surveillance Malware Spyware Accountability

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. ”

Hacking

Hacking Ransomware Banking Accountability

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware

Spyware Surveillance Malware Government

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Security Affairs

JANUARY 10, 2024

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. ” Gensler wrote.

Accountability

Accountability Hacking Cryptocurrency Surveillance

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call.

Surveillance

Surveillance Spyware Malware Mobile

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

One million cracked Poshmark accounts being sold online

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc.

Accountability

Accountability Data breaches Passwords Advertising

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Those of us in the information security community had long assumed that the NSA was doing things like this. Many have written about how being under constant surveillance changes a person.

Surveillance

Surveillance Computers and Electronics Government Encryption

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Security Affairs

DECEMBER 3, 2021

The US officials targeted by the surveillance software were either based in Uganda or focused on matters concerning the African country, revealed Reuters which was not able to determine which was NSO client that orchestrated the attacks. federal court for illegally targeting its customers with the surveillance spyware Pegasus.

Spyware

Spyware Surveillance Hacking Software

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. The lawsuit filed by WhatsApp in U.S.

Surveillance

Surveillance Technology Spyware Mobile

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability

Accountability Phishing Financial Services Surveillance

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. ” concludes the alert.

Passwords

Passwords Surveillance Manufacturing Accountability

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. ” reads the report. ” reads the report.

Ransomware

Ransomware Surveillance Healthcare Accountability

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Security Affairs

NOVEMBER 24, 2021

Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. federal court for illegally targeting its customers with the surveillance spyware Pegasus. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S.

Spyware

Spyware Surveillance Software Hacking

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

The application was in fact a piece of custom Android spyware designed to extract some of the most sensitive and personal information stored on the activist’s phone.” The company denied any involvement in the surveillance campaign attributed to the Donot Team APT. photos, files), and spy on WhatsApp communications. .”

Spyware

Spyware Surveillance Accountability Mobile

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% The post Security Affairs newsletter Round 377 appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Manufacturing Small Business Surveillance

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The threat actors gathered personal information on minority groups and potential political dissents. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Enable 2FA on all externally exposed accounts.

Media

Media Accountability Telecommunications Government

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

NSO Group, Positive Technologies and other firms sanctioned by the US government

Security Affairs

NOVEMBER 3, 2021

sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state actors, including NSO Group. The Commerce Department’s Bureau of Industry and Security (BIS) has sanctioned four companies for the development of spyware or the sale of hacking tools used by nation-state actors.

Technology

Technology Government Surveillance Spyware

Egypt regularly spies on opponents and activists with mobile apps

Security Affairs

OCTOBER 4, 2019

Researchers at Check Point discovered that Egypt ‘ government has been spying citizens in a sophisticated surveillance program. Researchers at Check Point discovered that the Egyptian government has been spying on activists and opponents as part of a sophisticated surveillance program. SecurityAffairs – Egypt, surveillance).

Mobile

Mobile Surveillance Government Advertising

42 million records of Iranian users of unofficial Telegram fork leaked online

Security Affairs

MARCH 31, 2020

Security expert Bob Diachenko discovered that 42 million Iranian ‘Telegram’ user IDs and phone numbers have been leaked online. The accounts belong to Iranian users, they are from a third-party version of the Telegram app. The experts pointed out that hashes and secret keys can’t be used to access accounts.

Advertising

Advertising Accountability Surveillance Government

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against individuals and organizations of strategic interest to Teheran. ” The surveillance operations conducted by the APT group involved the distribution of Android malware such as VINETHORN and PINEFLOWER.

Surveillance

Surveillance Social Engineering Phishing Government

Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention

SC Magazine

APRIL 9, 2021

A screenshot from a music video of hte Evan Greer song, “Surveillance Capitalism,” which tackles the dangers of commercial surveillance technology. Sometimes fighting the excesses of the creeping surveillance economy is done through position papers, coalition building and lawsuits. Our concern is not ‘Hey patch this up.’

Surveillance

Surveillance Artificial Intelligence Technology Media

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence

Artificial Intelligence Data breaches Scams Insurance

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

Deepfake Fraud, Data Brokers Tracking Military Personnel

Security Boulevard

NOVEMBER 24, 2024

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The conversation shifts to social media platforms Twitter, Blue […] The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Shared Security Podcast.

Media

Media Technology Accountability Surveillance

Apple Guidance on Intimate Partner Surveillance

Google Responds to Warrants for “About” Searches

Trending Sources

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

White hat hackers gained access more than 150,000 surveillance cameras

Google updates policies to ban any ads for surveillance solutions and services

Apple Guidance on Intimate Partner Surveillance

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

EU officials were targeted with Israeli surveillance software

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

European firm DSIRF behind the attacks with Subzero surveillance malware

One million cracked Poshmark accounts being sold online

Snowden Ten Years Later

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Remcos RAT campaign targets US accounting and tax return preparation firms

Pegasus Project – how governments use Pegasus spyware against journalists

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

FBI warns swatting attacks on owners of smart devices

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs newsletter Round 377

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

A flaw in Dahua IP Cameras allows full take over of the devices

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

NSO Group, Positive Technologies and other firms sanctioned by the US government

Egypt regularly spies on opponents and activists with mobile apps

42 million records of Iranian users of unofficial Telegram fork leaked online

Iran-linked APT42 is behind over 30 espionage attacks

Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Deepfake Fraud, Data Brokers Tracking Military Personnel

Stay Connected