Data collection and Document - Cyber Security Informer

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Dropbox isn’t sharing all of your documents with OpenAI. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true.

Government

Government Banking Risk Internet

Class-Action Lawsuit against Google’s Incognito Mode

Schneier on Security

APRIL 3, 2024

The lawsuit has been settled : Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. I was an expert witness for the prosecution (that’s the class, against Google).

Data collection

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

SecureWorld News

DECEMBER 23, 2024

Unlike traditional enterprise IT systems, manufacturing systems have distinctive requirements: o Real time processing: Manufacturing systems rely on real-time data collection and evaluation to ensure easy operations. o IoT Integration: Gaining knowledge of IoT devices, data collection processes, and real-time monitoring tools.

Manufacturing

Manufacturing IoT Data collection Technology

Meta subsidiaries must pay $14m over misleading data collection disclosure

Malwarebytes

JULY 31, 2023

Meta has run into yet another bout of court related issues—two subsidiaries have been ordered to pay $14 million regarding undisclosed data collection. Additionally, users were taken to a page containing said documents when using Onavo Protect for the first time after installation.

Data collection

Data collection VPN Advertising Mobile

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. According to the leakers, the dump included, “Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources.

Data collection

Data collection VPN Accountability Risk

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

The Hacker News

FEBRUARY 25, 2025

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. It was first documented in

Spyware

Spyware Mobile Data collection Media

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.

Surveillance

Surveillance Encryption Wireless Government

On Chinese "Spy Trains"

Schneier on Security

SEPTEMBER 26, 2019

While it's unlikely that China would bother spying on commuters using subway cars, it would be much less surprising if a tech company offered free Internet on subways in exchange for surveillance and data collection. That's an easier, and more fruitful, attack path.

Surveillance

Surveillance Wireless Government Internet

Facebook Has No Idea What Data It Has

Schneier on Security

SEPTEMBER 8, 2022

The special master at times seemed in disbelief, as when he questioned the engineers over whether any documentation existed for a particular Facebook subsystem. “Someone must have a diagram that says this is where this data is stored,” he said, according to the transcript. ” […].

Engineering

Engineering Data collection Software

The Equifax Breach Settlement Offer is Real, For Now

Krebs on Security

DECEMBER 20, 2022

Those who received higher amounts likely spent more time documenting actual losses and/or explaining how the breach affected them personally. Americans currently have no legal right to opt out of this data collection and trade.

Identity Theft

Identity Theft Data breaches Data collection Hacking

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

Authorities soon tracked Sokolvsky’s phone through Germany and eventually to The Netherlands, with his female companion helpfully documenting every step of the trip on her Instagram account. gov — that allows visitors to check whether their email address shows up in the data collected by the Raccoon Stealer service.

Malware

Malware Identity Theft Cybercrime Accountability

Timeshare Owner? The Mexican Drug Cartels Want You

Krebs on Security

SEPTEMBER 25, 2024

These document exchanges went on for almost a year, during which time the real estate brokers made additional financial demands, such as tax payments on the sale, and various administrative fees. But the documents sent by their contact there referenced a few other still-active domains, including realestateassetsllc[.]com

Scams

Scams DNS Consumer Protection Data collection

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

This game of cat and mouse continued until Ngo found a much more reliable and stable source of consumer data: A U.S. based company called Court Ventures , which aggregated public records from court documents. “At first [when] I sign up they asked for some documents to verify,” Ngo said.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

SEPTEMBER 20, 2024

Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. “Reporters from Panorama and STRG_F were able to view documents that show four successful measures in just one investigation.

Surveillance

Surveillance Data collection Media Hacking

China passes new automobile data security law

CyberSecurity Insiders

AUGUST 20, 2021

China has made some amendments to the existing laws and passed a new document that discloses several provisions on how automobile companies need to collect their user data as per the stated stipulations.

Manufacturing

Manufacturing Data collection Media Risk

Fortune-telling website WeMystic exposes 13M+ user records

Security Affairs

DECEMBER 2, 2023

According to our team, WeMystic left an open and passwordless MongoDB database containing 34 gigabytes of data related to the service as part of the MongoDB infrastructure. Businesses employ MongoDB to organize and store large swaths of document-oriented information. million records.

Data collection

Data collection Risk Hacking Information Security

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. Court documents (PDF) obtained from the U.S.

Spyware

Spyware Mobile Advertising Software

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

The documents also revealed the existence of other spy bases located in secret places identified with codes “TIMPANI”, “GUITAR” and “CLARINET”. The documents mention a clandestine program, coded as RAMPART-A , which was conducted with secret arrangements of other intelligence agencies.

Wireless

Wireless Surveillance Telecommunications Advertising

IATA Cyber Regulations

Centraleyes

DECEMBER 11, 2024

Regional and National Regulations and Documents: This part details regulations and guidelines specific to certain regions or countries, addressing local legislative requirements that may impact your operations.

Risk

Risk Cybersecurity Penetration Testing Digital transformation

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The threat actors used lures consisted of documents about Sinopharm International Corporation, a pharmaceutical company involved in the development of a COVID-19 vaccine and that is currently going through phase three clinical trials. Zebrocy is mainly used against governments and commercial organizations engaged in foreign affairs.

Malware

Malware Phishing Government Data collection

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

AUGUST 15, 2024

ANALYSIS Data brokers like National Public Data typically get their information by scouring federal, state and local government records. Americans may believe they have the right to opt out of having these records collected and sold to anyone. The breach at National Public Data may not be the worst data breach ever.

Hacking

Hacking Data breaches Identity Theft Accountability

Facebook suspends Facial Recognition Program and deletes over 1bn face prints

CyberSecurity Insiders

NOVEMBER 2, 2021

From now on, the Mark Zuckerberg’s led company faced a lawsuit against its facial recognition related data collection early this year. FB made a step forward by offering a settlement of $650 million to a data advocacy group that filed a legal suit against the use of FacioMetrics technology acquired by FB in 2016.

Artificial Intelligence

Artificial Intelligence Data collection Media Technology

H&M Configuration Error Leads to $42 Million Privacy Fine

SecureWorld News

OCTOBER 8, 2020

In addition to a meticulous evaluation of individual work performance, the data collected in this way were used, among other things, to obtain a profile of the employees for measures and decisions in the employment relationship. The company followed suit and submitted a data set of around 60 gigabytes for analysis.

Data collection

Data collection Data privacy Retail Education

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Banking Malware

Threat Report Portugal: Q2 2021

Security Affairs

JULY 22, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

Researchers noticed that in all the attacks threat actors used decoy documents that have the same author name Joohn. The delivery documents used in the October and November waves shared a large number of similarities, which allowed us to cluster the activity together. reads the analysis published by Palo Alto Networks.

Malware

Malware Advertising Data collection Phishing

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Security Affairs

SEPTEMBER 17, 2024

The report provides insights into factors influencing user consent for data collection and usage and reasons for consumer disengagement. A Statista survey of US consumers showed that two-thirds (66%) of respondents said they would gain trust in a company if it were transparent about how it uses their personal data.

Data collection

Data collection Data privacy B2B Digital transformation

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

JULY 30, 2020

The attackers sent out spear-phishing emails using boobytrapped documents leveraging the fake job offer as bait. “The data collected from the target machine could be useful in classifying the value of the target. ” states the report published by the experts.

Advertising

Advertising Data collection Malware Phishing

Product Review: NISOS Executive Shield

CyberSecurity Insiders

AUGUST 27, 2022

Nisos analysts actively remove PII through legally protected opt-out procedures on public and private data broker sites, add relevant addresses and phone numbers to do-not-call lists, and remove contact details from mailing lists. Nisos also documents any remaining PII that couldn’t be removed. their needs.

Risk

Risk Media Data collection Security Intelligence

Threat Report Portugal: Q1 2021

Security Affairs

MAY 2, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Data collection

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Data collection Media Passwords

Threat Report Portugal: Q3 2021

Security Affairs

NOVEMBER 14, 2021

The Threat Report Portugal: Q3 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q3, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

Data collected by the agency is used by the federal government to allocate over $675 billion in federal funds to tribal, local, and state governments every year. The document warns of destructive attacks against U.S. critical infrastructure.

Government

Government Advertising Hacking Data collection

Delaware Personal Data Privacy Act (DPDPA)

Centraleyes

NOVEMBER 9, 2024

Data Minimization : The Act encourages businesses to collect only the data necessary for specific purposes and limit data retention. Accountability : Companies must regularly assess and document their data privacy practices and ensure timely responses to consumer requests.

Data privacy

Data privacy Data collection Risk Accountability

Threat Report Portugal: Q4 2021

Security Affairs

FEBRUARY 20, 2022

The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Security Affairs

NOVEMBER 15, 2018

The documents in question were supposedly contained in the zipped files attached, however by uncompressing these files users downloaded Silence.Downloader – the tool used by Silence hackers. As such, they are very familiar with documentation in the financial sector and the structure of banking systems. October attack: MoneyTaker .

Banking

Banking Computers and Electronics Phishing Cybercrime

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

AUGUST 14, 2019

Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.

Banking

Banking Computers and Electronics Marketing Mobile

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet. Probably “no”, but in a perfect world they’d document local connections by other apps and not break that.

IoT

IoT Firmware Risk Manufacturing

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

Data collected by the malware are then transferred to the operator’s command-and-control (C2) server. The spreading intensified over time, in March 2020, it was delivered in a COVID-19-themed spam campaign using weaponized Word documents. The malware is able to infect all operating systems.

Banking

Banking Advertising Malware Cybercrime

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

IT Security Guru

AUGUST 7, 2024

Robust CIAM platforms incorporate effective ID verification mechanisms, such as document verification and biometric authentication, to ensure the authenticity of customer identities while eliminating friction and fraud risks. In addition, the burden on IT is reduced through centralised and automated user management processes.

Insurance

Insurance Data collection Authentication Technology

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

The Threat Report Portugal: Q4 2020 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2020. This makes it a reliable and trustworthy and continuously updated source, focused on the threats targeting Portuguese citizens. The submissions were classified as either phishing or malware.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal Q1 2020

Security Affairs

APRIL 20, 2020

The Threat Report Portugal: Q1 2020 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2020. investigations are being documented and published on Segurança-Informatica. The campaigns were classified as either phishing or malware. EDP Group ransomware attack via RagnarLocker ).

Threat Reports

Threat Reports Phishing Malware Banking

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

OpenAI Is Not Training on Your Dropbox Documents—Today

Trending Sources

Class-Action Lawsuit against Google’s Incognito Mode

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

Meta subsidiaries must pay $14m over misleading data collection disclosure

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

China’s Olympics App Is Horribly Insecure

On Chinese "Spy Trains"

Facebook Has No Idea What Data It Has

The Equifax Breach Settlement Offer is Real, For Now

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Timeshare Owner? The Mexican Drug Cartels Want You

Confessions of an ID Theft Kingpin, Part I

Tor Project responded to claims that law enforcement can de-anonymize Tor users

China passes new automobile data security law

Fortune-telling website WeMystic exposes 13M+ user records

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Russian spies are attempting to tap transatlantic undersea cables

IATA Cyber Regulations

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

NationalPublicData.com Hack Exposes a Nation’s Data

Facebook suspends Facial Recognition Program and deletes over 1bn face prints

H&M Configuration Error Leads to $42 Million Privacy Fine

Threat Report Portugal: Q2 2020

Threat Report Portugal: Q2 2021

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Product Review: NISOS Executive Shield

Threat Report Portugal: Q1 2021

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Threat Report Portugal: Q3 2021

Hackers targeted the US Census Bureau network, DHS report warns

Delaware Personal Data Privacy Act (DPDPA)

Threat Report Portugal: Q4 2021

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Meet Bluetana, the Scourge of Pump Skimmers

IoT Unravelled Part 3: Security

Silent Night Zeus botnet available for sale in underground forums

Threat Report Portugal: Q2 2022

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

Threat Report Portugal: Q4 2020

Threat Report Portugal Q1 2020

Stay Connected