Information Security, Internet and Surveillance

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

The Real Internet of Things, January 2017. Just yesterday I tweeted that the COVID-19 situation was going to finally make large-scale video surveillance endemic to our society. New: AI/surveillance company claims it's deploying 'coronavirus-detecting' cameras in the United States.

Surveillance

Surveillance Government Education Engineering

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

.” These searches are legal when conducted for the purpose of foreign surveillance, but the worry about using them domestically is that they are unconstitutionally broad. The very nature of these searches requires mass surveillance. The FBI does not conduct mass surveillance. The FBI does not conduct mass surveillance.

Surveillance

Surveillance Wireless Accountability Architecture

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. “The The politicians who inspired and commissioned these activities belong in prison.”

Spyware

Spyware Government Surveillance Hacking

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. appeared first on Security Affairs.

Surveillance

Surveillance Spyware Mobile Hacking

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs.

Surveillance

Surveillance Firmware Advertising Mobile

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Internet

Internet Internet Surveillance Government

Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

Security Affairs

FEBRUARY 7, 2023

The popular collective Anonymous has leaked 128 GB of data allegedly stolen from the Russian Internet Service Provider Convex. The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. ” reads a statement sent by Caxxii to the Kyiv Post.”

Surveillance

Surveillance Internet Internet Government

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying. Thought leaders advise reducing or eliminating the use of these skeleton key-like accounts.

Surveillance

Surveillance IoT Accountability Passwords

Internet disruption in Russia coincided with the introduction of restrictions

Security Affairs

MARCH 12, 2021

Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom.

Internet

Internet Internet Mobile Hacking

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this.

Surveillance

Surveillance Computers and Electronics Government Encryption

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” The Salt Typhoon group targeted surveillance systems used by the US government to investigate crimes and threats to national security, including activities carried out by nation-state actors.

Government

Government Telecommunications Surveillance Risk

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. and Yandex.ru

Internet

Internet Internet DNS Cyber Attacks

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. SecurityAffairs – Kazakhstan, surveillance). ” states Tele2. Pierluigi Paganini.

Internet

Internet Internet Encryption Government

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. ” reads the analysis published by Awake Security. The domains were found hosting several browser-based surveillance tools and malware. “Browsers have replaced Windows, MacOS, etc.

Surveillance

Surveillance Internet Internet Advertising

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The exploits were used to install commercial spyware and malicious apps on targets’ devices. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware

Spyware Surveillance Mobile Education

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface.

Firmware

Firmware IoT Wireless Surveillance

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Internet Internet

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

The latest report published by Google Threat Analysis Group (TAG), titled “ Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs )”, warns of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet. ” concludes Google.

Spyware

Spyware Surveillance Government Software

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

Does Apple really believe, for example, that NSO Group and its counterparts would find it easier to remotely enable spying on users of camera-lacking non-Internet-connected flip phones than on users of modern Apple devices? Flip phones are not totally immune from government surveillance and action either.).

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. Despite the Cable & Wireless bought by Vodafone in July 2012, the Nigella surveillance access point remained active as of April 2013. Source [link].

Wireless

Wireless Surveillance Telecommunications Advertising

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser engine. “We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors. .

Surveillance

Surveillance Government Internet Internet

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption

Encryption Government Artificial Intelligence Surveillance

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

OCTOBER 6, 2024

requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” ” The Salt Typhoon group targeted surveillance systems used by the US government to investigate crimes and threats to national security, including activities carried out by nation-state actors.

Hacking

Hacking Government Internet Internet

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

SEPTEMBER 20, 2024

German law enforcement agencies have been surveilling Tor network by operating their own servers for months. Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. ” reported the NDR.

Surveillance

Surveillance Data collection Media Hacking

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship.

Firewall

Firewall Surveillance Internet Internet

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords

Passwords Surveillance Manufacturing Accountability

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them. The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents.

Cybercrime

Cybercrime Surveillance Spyware Government

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The credential harvesting pages were designed to target Ukraine’s Ministry of Defence, European transportation infrastructures, and an Azerbaijani think tank. .”

Malware

Malware Phishing Surveillance Internet

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. Anyway, it is not the only one.

Spyware

Spyware Hacking Ransomware Surveillance

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. “We The politicians who inspired and commissioned these activities belong in prison.”

Spyware

Spyware Surveillance Hacking Government

Slovak police found wiretapping devices connected to the Govnet government network

Security Affairs

JUNE 10, 2020

” Investigators speculate wiretapping devices were used to spy on internet and telephony communications. the Head of the NASES Surveillance Center Ján K., Security Section of the Office of the Deputy Prime Minister for investment and informatization Jan M. The news site Aktuality.sk the Director of the Cyber ??Security

Government

Government Advertising Surveillance Internet

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs

FEBRUARY 22, 2021

Representatives of the Stanford Internet Observatory declared that users should assume all conversations are being recorded by the company, a circumstance that raises concerns because they have no information on how the conversations are stored. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

CSO

CSO Internet Internet Surveillance

A consumer-grade spyware app found in check-in systems of 3 US hotels

Security Affairs

MAY 22, 2024

The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Daigle discovered the commercial surveillance software on the hotel check-in systems while investigating consumer-grade spyware (aka stalkerware ).

Spyware

Spyware Surveillance Software Internet

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Security Affairs

JUNE 18, 2019

The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. Pegasus is a perfect tool for surveillance, it is able to steal any kind of data from smartphones and use them to spy on the surrounding environment through their camera and microphone.

Surveillance

Surveillance Spyware Software Advertising

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The threat actors gathered personal information on minority groups and potential political dissents. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Reduce the number of systems that can be reached over internet using SSH.

Media

Media Accountability Telecommunications Government

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. reads the analysis published by Amnesty International in October. .

Spyware

Spyware Surveillance Mobile Advertising

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” and QTS 4.4.1. “QNAP® Systems, Inc.

Ransomware

Ransomware Internet Internet Firmware

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Google Responds to Warrants for “About” Searches

Trending Sources

US NCSC and DoS share best practices against surveillance tools

Poland probes Pegasus spyware abuse under the PiS government

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Expert found Russia’s SORM surveillance equipment leaking user data

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

NSA buys internet browsing records from data brokers without a warrant

Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Internet disruption in Russia coincided with the introduction of restrictions

Snowden Ten Years Later

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Russia is going to disconnect from the internet as part of a planned test

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

An RCE in Annke video surveillance product allows hacking the device

Hundreds of malicious Chrome browser extensions used to spy on you!

European firm DSIRF behind the attacks with Subzero surveillance malware

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

3.5m IP cameras exposed, with US in the lead

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Russian spies are attempting to tap transatlantic undersea cables

Google: four zero-day flaws have been exploited in the wild

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

FBI warns swatting attacks on owners of smart devices

UN approves Russia-Cina sponsored resolution on new cybercrime convention

APT28 targets key networks in Europe with HeadLace malware

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Pegasus spyware used to spy on a Polish mayor

Slovak police found wiretapping devices connected to the Govnet government network

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

A consumer-grade spyware app found in check-in systems of 3 US hotels

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

A flaw in Dahua IP Cameras allows full take over of the devices

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Stay Connected