Authentication and Surveillance - Cyber Security Informer

Cell Phone Location Privacy

Schneier on Security

JANUARY 15, 2021

It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers. Monthly: The user pays their bill to the MVNO (credit card or otherwise) and the phone gets anonymous authentication (using Chaum blind signatures) tokens for each time slice (e.g., It’s a clever system. All MVNO SIMs are identical.

Surveillance

Surveillance Mobile Authentication VPN

Apple released emergency updates for actively exploited flaws

Security Affairs

APRIL 17, 2025

RPAC (CVE-2025-31201) – An attacker with read/write access could bypass Pointer Authentication on iOS. However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. Apple addressed the flaw by removing the vulnerable code.

Surveillance

Surveillance Media Authentication Hacking

Critical Vulnerabilities in GPS Trackers

Schneier on Security

JULY 21, 2022

Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device.

Manufacturing

Manufacturing Surveillance Mobile Authentication

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance

Surveillance IoT Accountability Passwords

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 18, 2025

RPAC (CVE-2025-31201) An attacker with read/write access could bypass Pointer Authentication on iOS. However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. Apple addressed the flaw by removing the vulnerable code.

Authentication

Authentication Surveillance Passwords Media

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

” LightSpy now targets social media platforms like Facebook and Instagram from Android, extracting messages, contacts, and metadata, enhancing surveillance and exploitation potential. “This is the first reference we are aware of Facebook and Instagram database targeting within LightSpy’s command structure. ” Hunt.io

Data collection

Data collection Spyware Media Surveillance

Twitter cans 2FA service provider over surveillance claims

Malwarebytes

FEBRUARY 13, 2022

Twitter is transitioning away from from its two-factor authentication (2FA) provider, Mitto AG, a Swiss communications company. The companies that bought the access reportedly used it to help governments conduct secret surveillance against users through their phones. So where does that leave Twitter users who use SMS 2FA?

Surveillance

Surveillance Mobile Media Marketing

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

ScarCruft surveilling North Korean defectors and human rights activists

SecureList

NOVEMBER 29, 2021

The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months. To surveil the victim, the list includes target folders as well as /Camera, /Recordings, /KakaoTalk (a renowned Korean messenger), /??(documents),

Surveillance

Surveillance Malware Phishing Encryption

Latest on the SVR’s SolarWinds Hack

Schneier on Security

JANUARY 5, 2021

The hackers managed their intrusion from servers inside the United States, exploiting legal prohibitions on the National Security Agency from engaging in domestic surveillance and eluding cyberdefenses deployed by the Department of Homeland Security.

Hacking

Hacking System Administration Software Surveillance

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

The Hacker News

MAY 12, 2023

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

Surveillance

Surveillance Malware Internet Internet

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

DECEMBER 18, 2018

The report issued by the Inspector General’s office details several basic lapses in security protocols at five separate locations, including: A lack of multifactor authentication to access BMDS technical information. Known and unpatched network vulnerabilities dating back as far as 1990. No physical locks on server racks.

Risk

Risk Cybersecurity Surveillance Government

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

SEPTEMBER 12, 2023

Citizen Lab says the bug it discovered was being exploited to install spyware made by the Israeli cyber surveillance company NSO Group. Tom Bowyer , manager of product security at Automox , said exploiting this vulnerability could lead to the disclosure of Net-NTLMv2 hashes , which are used for authentication in Windows environments.

Spyware

Spyware Software Surveillance Authentication

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

SecureWorld News

APRIL 28, 2025

This kind of contextual authenticity is what makes synthetic sabotage so dangerous. These attacks don't just target specific bits of informationtheir goal are entire surveillance systems , production workflows, and collections of trade secrets. It learns the cadence, the in-jokes, the formatting quirks. What are we doing about it?

Phishing

Phishing Social Engineering Engineering Data breaches

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking

Banking Passwords Risk Accountability

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Security Affairs

APRIL 5, 2025

The vulnerability in the Verizon Call Filter apps /clr/callLogRetrieval endpoint, although authentication was enforced via JWT tokens, the server failed to verify that the phone number in the header matched the tokens user ID ( sub ). Call metadata can enable real-time surveillance if misused.

Wireless

Wireless Surveillance Risk Media

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

FEBRUARY 6, 2019

This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance. Ubiquitous surveillance. Last November, SureID , a fingerprint services vendor based in Portland, Ore.,

Surveillance

Surveillance Technology Retail Artificial Intelligence

When Security Takes a Backseat to Productivity

Krebs on Security

JUNE 17, 2020

The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data detailing the CIA’s capabilities to perform electronic surveillance and cyber warfare.

Data breaches

Data breaches Security Awareness Surveillance Media

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

The Last Watchdog

NOVEMBER 19, 2018

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom.

Surveillance

Surveillance Marketing Technology Authentication

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface. ” reads the advisory published by Claroty.

Firmware

Firmware IoT Wireless Surveillance

FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’

Threatpost

DECEMBER 30, 2020

Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.

Surveillance

Surveillance Authentication IoT Government

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Judging Facebook's Privacy Shift

Schneier on Security

MARCH 13, 2019

And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. Most recently, the company used phone numbers provided for two-factor authentication for advertising and networking purposes. Better use of Facebook data to prevent violence.

Advertising

Advertising Surveillance Engineering Encryption

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

AUGUST 7, 2018

Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication.

Mobile

Mobile Cryptocurrency Computers and Electronics Scams

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. This time, the Cybernews research team found 3.5

Surveillance

Surveillance Manufacturing Internet Internet

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Security Affairs

MARCH 29, 2025

Data Theft: Captures Google Authenticator screen content to steal OTP codes. Camera Access: Starts front camera streaming for potential identity theft or surveillance. Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers.

Banking

Banking Mobile Identity Theft Malware

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance

Surveillance Government Hacking Encryption

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The Last Watchdog

AUGUST 1, 2022

If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow. Nelson: The security challenges present in many smart home devices include device identity, proper authentication (user and device), confidentiality of sensitive data, and integrity of software. Secured unicast and group communications.

Manufacturing

Manufacturing IoT Surveillance Authentication

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords

Passwords Surveillance Manufacturing Accountability

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Muthukrishnan Access control, surveillance , and testing are the three major components that comprise the physical security of a system. Surveillance includes monitoring and detecting intruders into the network. One such measure is to authenticate the users who can access the server.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Your Network Is Showing – Time to Go Stealth

Security Boulevard

APRIL 17, 2025

One that did not contend with persistent threats, state-sponsored campaigns, and AI-powered surveillance. Legacy firewalls and VPNs may have served us well, but they were built for a different era.

Firewall

Firewall VPN Encryption Architecture

Privacy Roundup: Week 7 of Year 2025

Security Boulevard

FEBRUARY 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Kagi also introduces Privacy Pass, which allows users to authenticate to servers (like Kagi's) without revealing their identity; this should ensure searches are unlinkable to accounts. Tips for finding old accounts. CVE-2025-21391.

Surveillance

Surveillance Data breaches VPN Malware

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

SEPTEMBER 17, 2018

Machine to machine connection and communication needs to be authenticated to access systems, so this technology is where the rubber meets the road, with respect to this debate. The government wants to be able to surveil network traffic and They want backdoors so they can see everything.

Encryption

Encryption Government Surveillance Technology

Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

NOVEMBER 7, 2018

” “Fraudsters were also observed on criminal forums discussing using the Informed Delivery service to surveil potential identity theft victims,” the Secret Service memo reads. The final step in validating residents involves answering four so-called “knowledge-based authentication” or KBA questions.

Identity Theft

Identity Theft Advertising Accountability Banking

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

As a result, The majority of businesses (55 percent) are using some sort of a tool to monitor for insider threats; including data leak prevention (DLP) software (54 percent), user behavior analytics (UBA) software (50 percent), and employee monitoring and surveillance (47 percent).

Marketing

Marketing Software Surveillance Information Security

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Threatpost

SEPTEMBER 21, 2020

A new Android malware strain has been uncovered, part of the Rampant Kitten threat group's widespread surveillance campaign that targets Telegram credentials and more.

Malware

Malware Passwords Surveillance Authentication

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Duo's Security Blog

JULY 1, 2021

Tall Tale #1: PINs Are Just Passwords In Part 1 , we talked about how passwordless authentication is still multi-factor: Possession of a private key, ideally stored on a piece of secure hardware A biometric or PIN the authenticator uses to locally verify the user’s identity Reasoning about a PIN being used as a factor is simpler than a biometric.

Passwords

Passwords Surveillance Authentication Risk

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Internet Internet

How is information stored in cloud secure from hacks

CyberSecurity Insiders

MAY 14, 2023

Cloud providers implement access controls through authentication and authorization. Authentication is the process of verifying a user’s identity, while authorization is the process of granting or denying access based on the user’s identity and privileges.

Hacking

Hacking Antivirus Firewall Encryption

Privacy Roundup: Week 11 of Year 2025

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Kagi Search introduces Privacy Pass authentication AlternativeTo Kagi officially rolls out Privacy Pass support for its Android app. Tuta also shares planned updates "coming soon" to Tuta Mail.

Surveillance

Surveillance Data breaches Spyware Malware

$12M Ransomware Attack Hit Because Nobody Listened to the Security Team

SecureWorld News

APRIL 3, 2025

Category 1: "The problem doesn't exist" Their Attack: "We've never required multi-factor authentication for internal applications before, and we haven't had any major breaches. Companies that don't adapt their authentication practices to today's threats are increasingly becoming victims of costly breaches."

Ransomware

Ransomware CISO Authentication Healthcare

Cell Phone Location Privacy

Apple released emergency updates for actively exploited flaws

Webinars

Trending Sources

Critical Vulnerabilities in GPS Trackers

Webinars

Camera tricks: Privacy concerns raised after massive surveillance cam breach

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Twitter cans 2FA service provider over surveillance claims

An RCE in Annke video surveillance product allows hacking the device

European firm DSIRF behind the attacks with Subzero surveillance malware

ScarCruft surveilling North Korean defectors and human rights activists

Latest on the SVR’s SolarWinds Hack

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

The Risk of Weak Online Banking Passwords

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

When Security Takes a Backseat to Productivity

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’

A flaw in Dahua IP Cameras allows full take over of the devices

Judging Facebook's Privacy Shift

Florida Man Arrested in SIM Swap Conspiracy

3.5m IP cameras exposed, with US in the lead

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

FBI warns swatting attacks on owners of smart devices

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Your Network Is Showing – Time to Go Stealth

Privacy Roundup: Week 7 of Year 2025

Q&A: The troubling implications of normalizing encryption backdoors — for government use

Episode 188: Crowdsourcing Surveillance with Flock Safety

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

How is information stored in cloud secure from hacks

Privacy Roundup: Week 11 of Year 2025

$12M Ransomware Attack Hit Because Nobody Listened to the Security Team

Stay Connected