Security Boulevard

JANUARY 20, 2025

Inside the Black Box of Predictive Travel Surveillance Wired Covers the use of powerful surveillance technology in predicting who might be a "threat." Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). CVE-2025-21308.

Surveillance 97

Surveillance Malware Data breaches Phishing 97

Security Affairs

AUGUST 17, 2021

The identifier could be obtained via social engineering. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs. This varies from device to device but typically is used for device telemetry, firmware updates, and device control.”

IoT 123

IoT Hacking Social Engineering Firmware 123

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The data can be textual (e.g.,

Firmware 98

Firmware Social Engineering Surveillance Malware 98

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. Firmware vulnerabilities. FinSpy is an infamous, commercial surveillance toolset that is used for “legal surveillance” purposes.

Malware 140

Malware Mobile Spyware Surveillance 140

eSecurity Planet

FEBRUARY 22, 2022

There is no need for social engineering , as the program can implant backdoors directly without forced consent. It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation. Zero-click attacks remove this hurdle.

Spyware 126

Spyware Software Government Social Engineering 126

SecureList

APRIL 27, 2022

In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology. Further analysis showed that the attackers modified a single component within the firmware to append a payload to one of its sections and incorporate inline hooks within particular functions. Final thoughts.

Malware 145

Malware Firmware Government Phishing 145

SecureList

OCTOBER 26, 2021

On June 3, Check Point published a report about an ongoing surveillance operation targeting a Southeast Asian government, and attributed the malicious activities to a Chinese-speaking threat actor named SharpPanda. In this quarter we focused on researching and dismantling surveillance frameworks following malicious activities we detected.

Malware 145

Malware Government Surveillance Spyware 145