Data collection and Hacking - Cyber Security Informer

Apps That Are Spying on Your Location

Schneier on Security

JANUARY 10, 2025

Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening both without users and even app developers knowledge.

Data collection

Data collection Advertising Media Hacking

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The threat actors used exploits for the above issues in attacks against organizations in various sectors globally, allowing the APT group to access sensitive data and deploy infrastructure for ongoing data collection. The joint advisory includes a list of known vulnerabilities that should be addressed as soon as possible.

Data collection

Data collection Authentication Hacking Government

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection

Security Affairs

MARCH 1, 2021

users for illegal data collection. The Chinese firm was accused to have failed to get the users’ consent to collect data in compliance with the Illinois biometric privacy law. SecurityAffairs – hacking, privacy). ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S.

Data collection

Data collection Hacking Information Security Malware

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Security Affairs

DECEMBER 23, 2024

Italy’s data protection watchdog fined OpenAI 15 million for ChatGPT’s improper collection of personal data. Italys privacy watchdog, Garante Privacy, fined OpenAI 15M after investigating ChatGPT’s personal data collection practices. OpenAI spokesperson told Reuters.

Artificial Intelligence

Artificial Intelligence Data collection Data breaches Hacking

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

OCTOBER 10, 2024

. “ The Mongolian Skimmer uses common techniques: DOM monitoring for sensitive input changes, data exfiltration via encoded tracking pixels, DevTools detection to evade debugging, data collection on page unload, cross-browser compatibility, and anti-debugging measures to avoid code tampering.

Data collection

Data collection Engineering Malware Hacking

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches

Data breaches Passwords B2B Technology

Poland and Lithuania fear that data collected via FaceApp could be misused

Security Affairs

JULY 19, 2019

Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp. The post Poland and Lithuania fear that data collected via FaceApp could be misused appeared first on Security Affairs. Pierluigi Paganini.

Data collection

Data collection Wireless Advertising Risk

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

WIRED Threat Level

JUNE 4, 2024

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

Data collection

Data collection Cybersecurity Hacking

The Dark Sides of Modern Cars: Hacking and Data Collection

Threatpost

FEBRUARY 26, 2019

How features such as infotainment and driver-assist can give others a leg up on car owners.

Data collection

Data collection Hacking Engineering

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

MAY 11, 2021

By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints.

Software

Software Hacking Malware Engineering

Protonmail hacked …. a very strange scam attempt

Security Affairs

NOVEMBER 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company. The ransom demand ( archive.is

Scams

Scams Hacking Data collection Advertising

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage, etc. ? SecurityAffairs – hacking, North Korea). The post North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking VPN Internet Internet

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Automating Repetitive Tasks AI can also automate many of the tasks that make being a SOC analyst so mind-numbing, including data collection, cross-referencing information, and running queries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SOC Burnout)

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. Pierluigi Paganini.

Hacking

Hacking IoT Wireless Firmware

A chink in the armor of China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

Microsoft has taken control of 42 web domains that a hacking group was using to try to breach its targets. Sadly, any setback to the Chinese hacking group or others will likely be temporary as the hackers will find and build new infrastructure to use in forthcoming attacks. An overview of Chinese hacking groups and their aliases.

Hacking

Hacking Malware Surveillance Data collection

Prominent US law firm Wolf Haldenstein disclosed a data breach

Security Affairs

JANUARY 16, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,data breach) The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has only now disclosed it due to the complexity of the digital forensic investigation.

Data breaches

Data breaches Identity Theft Consumer Protection Data collection

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt , is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords. Hunt found an archive of the data on MEGA, a file-sharing site and has been featured on at least one hacking forum.

Accountability

Accountability Passwords Data breaches Data collection

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

The data collected through these operations can provide insights into voter demographics, potentially influencing election outcomes. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, generative artificial intelligence)

Artificial Intelligence

Artificial Intelligence Phishing Media Cyber threats

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities. SecurityAffairs – buildings, hacking). Pierluigi Paganini.

Hacking

Hacking Advertising Surveillance Data collection

Microsoft disrupts China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

Microsoft has taken control of 42 web domains that a hacking group was using to try to breach its targets. Sadly, any setback to the Chinese hacking group or others will likely be temporary as the hackers will find and build new infrastructure to use in forthcoming attacks. An overview of Chinese hacking groups and their aliases.

Hacking

Hacking Malware Surveillance Data collection

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. By the time the Secret Service caught up with him in 2013, he’d made over $3 million selling fullz data to identity thieves and organized crime rings operating throughout the United States.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

The network of data brokers that political campaigns rely on to target voters with ads is enormous, as one Washington Post reporter found in 2020, with “3,000 data points on every voter.” Escaping this data collection regime has proven difficult for most people.

Scams

Scams Identity Theft Cybercrime Accountability

Texas is the first state to ban DeepSeek on government devices

Security Affairs

FEBRUARY 2, 2025

Last week, Italys data protection watchdog blocked Chinese artificial intelligence (AI) firm DeepSeek s chatbot service within the country, citing a lack of information on its use of users personal data. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,DeepSeek)

Government

Government Artificial Intelligence Media Data collection

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Security Affairs

MARCH 27, 2025

In January, Italys Data Protection Authority Garante asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Deepseek)

Malware

Malware Data collection Advertising Media

Italy’s Data Protection Authority Garante requested information from Deepseek

Security Affairs

JANUARY 30, 2025

Italys data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italys Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data.

Artificial Intelligence

Artificial Intelligence Data collection Data privacy DDOS

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit

SC Magazine

JULY 13, 2021

The large amount and very personal types of data collected by the organization is an extremely valuable dataset for cybercriminals if they want to steal identities, said Erich Kron, security awareness advocate at KnowBe4. The post Fashion brand Guess hacked, DarkSide ransomware group the likely culprit appeared first on SC Media.

Retail

Retail Ransomware Hacking Digital transformation

The Ethics of Network and Security Monitoring

Dark Reading

MARCH 17, 2023

The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity.

Data collection

Data collection Hacking

The Equifax Breach Settlement Offer is Real, For Now

Krebs on Security

DECEMBER 20, 2022

Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack. Americans currently have no legal right to opt out of this data collection and trade. In February 2020, the U.S. billion for the quarter ending September 2022.

Identity Theft

Identity Theft Data breaches Data collection Hacking

Baidu Android apps removed from Play Store because caught collecting user details

Security Affairs

NOVEMBER 24, 2020

The code found in both apps allowed to gather device data, including model, MAC address, carrier information, and IMSI (International Mobile Subscriber Identity) number. The data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps. SecurityAffairs – hacking, Android).

Data collection

Data collection Mobile Spyware Surveillance

Fortune-telling website WeMystic exposes 13M+ user records

Security Affairs

DECEMBER 2, 2023

While WeMystic has since closed the database, researchers said that the data was accessible for at least five days. One of the data collections in the exposed instance, named “users,” contained a whopping 13.3 Businesses employ MongoDB to organize and store large swaths of document-oriented information.

Data collection

Data collection Risk Hacking Information Security

Wacom Tablet Data Exfiltration Raises Security Concerns

Threatpost

FEBRUARY 7, 2020

Wacom stated that its data collection is done only in aggregate -- but that doesn't fix the issues, according to security experts.

Data collection

Data collection Hacking

Google agreed to settle a $5 billion privacy lawsuit

Security Affairs

DECEMBER 31, 2023

. “Judge Rogers had rejected Google’s bid to have the case dismissed earlier this year, saying she could not agree that users consented to allowing Google to collect information on their browsing activity.” Google has yet to respond to a request for comment on the settlement.

Data collection

Data collection Advertising Hacking Technology

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. SecurityAffairs – hacking, Turkey). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Media

Media Data collection Internet Internet

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT) .”

Malware

Malware Data collection Manufacturing Healthcare

Over $27billion worth Cyber Crime prevented during COVID-19 Pandemic

CyberSecurity Insiders

NOVEMBER 16, 2021

Bugcrowd’s Inside the Mind of a Hacker report compiled from the data collected in between May 1st, 2020 to August 31st, 2021 states that security vulnerabilities have increased since the start of COVID-19 pandemic, as most companies opted for work from home operations.

Data collection

Data collection Scams Hacking Malware

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

JUNE 20, 2022

Data collections released after ransomware attacks. The financial losses associated with a hacking incident – not to mention the loss of customer trust and faith in a brand – make for a difficult and expensive recovery. Databases with critical IP and/or PII. Chatter about the best methods to attack your business.

Ransomware

Ransomware Marketing Data collection VPN

How ads weirdly know your screen brightness, headphone jack use, and location, with Tim Shott (Lock and Code S06E05)

Malwarebytes

MARCH 10, 2025

This week on the Lock and Code podcast… Something’s not right in the world of location data. In January, a location data broker named Gravy Analytics was hacked, with the alleged cybercriminal behind the attack posting an enormous amount of data online as proof.

Mobile

Mobile Advertising Data collection Hacking

Don’t use AI-based apps, Philippine defense ordered its personnel

Security Affairs

OCTOBER 23, 2023

Teodoro ordered “to refrain from using AI photo generator applications and practice vigilance in sharing information online” At this time, it remains unclear whether the order was issued in response to a specific event or to address potential attacks aimed at exploiting the data collected by these applications.

Identity Theft

Identity Theft Social Engineering Data collection Risk

META hit with privacy complaints by EU consumer groups

Security Affairs

MARCH 4, 2024

Consumer groups assert that Meta is not adhering to various rules established by the European privacy regulation GDPR: Fair Processing (Article 5(1)(a)): Personal data must be processed lawfully, fairly, and transparently. Consumer groups claim that Meta’s data collection is unfair and lacks transparency.

Data collection

Data collection Surveillance Hacking Information Security

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

Thirteen exchanges were hacked in 2017 and in the first three quarters of 2018, amounting to a total loss of $877 million. GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. Attacks on Crypto. Pierluigi Paganini.

Cybercrime

Cybercrime Hacking Banking Phishing

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches

Data breaches Banking Hacking Malware

Europol to delete huge data sets of personal info of EU Citizens

CyberSecurity Insiders

JANUARY 12, 2022

All the data collected by Europol regarding citizens linked to no criminal activity will from now on be deleted after a retention period of just 6 months. In general, the European Union Agency for Law Enforcement Cooperation maintains enormous data sets containing information of individuals as per the governing body policing.

Data collection

Data collection Government Hacking Cybersecurity

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

Data collected by the agency is used by the federal government to allocate over $675 billion in federal funds to tribal, local, and state governments every year. SecurityAffairs – hacking, US Census Bureau). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government

Government Advertising Hacking Data collection

Apps That Are Spying on Your Location

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Webinars

Trending Sources

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Webinars

ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Inside the DemandScience by Pure Incubation Data Breach

Poland and Lithuania fear that data collected via FaceApp could be misused

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

The Dark Sides of Modern Cars: Hacking and Data Collection

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

Protonmail hacked …. a very strange scam attempt

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

A chink in the armor of China-based hacking group Nickel

Prominent US law firm Wolf Haldenstein disclosed a data breach

Collection #1 Mega Breach Leaks 773 Million Email Accounts

How threat actors can use generative artificial intelligence?

Over 100 flaws in management and access control systems expose buildings to hack

Microsoft disrupts China-based hacking group Nickel

Confessions of an ID Theft Kingpin, Part I

Election season raises fears for nearly a third of people who worry their vote could be leaked

Texas is the first state to ban DeepSeek on government devices

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Italy’s Data Protection Authority Garante requested information from Deepseek

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit

The Ethics of Network and Security Monitoring

The Equifax Breach Settlement Offer is Real, For Now

Baidu Android apps removed from Play Store because caught collecting user details

Fortune-telling website WeMystic exposes 13M+ user records

Wacom Tablet Data Exfiltration Raises Security Concerns

Google agreed to settle a $5 billion privacy lawsuit

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Over $27billion worth Cyber Crime prevented during COVID-19 Pandemic

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

How ads weirdly know your screen brightness, headphone jack use, and location, with Tim Shott (Lock and Code S06E05)

Don’t use AI-based apps, Philippine defense ordered its personnel

META hit with privacy complaints by EU consumer groups

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Europol to delete huge data sets of personal info of EU Citizens

Hackers targeted the US Census Bureau network, DHS report warns

Stay Connected