Passwords and Surveillance - Cyber Security Informer

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking

Banking Passwords Risk Accountability

China officially condemns Pegasus spyware surveillance and accuses US

CyberSecurity Insiders

JULY 22, 2021

Chine Foreign Ministry has issued a public statement condemning the distribution and usage of Pegasus Spyware surveillance software by various countries. Now, to those uninitiated, Israel-based NSO Group developed Pegasus surveillance software that was meant for government organizations to spy on criminal suspects.

Surveillance

Surveillance Spyware Software Government

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing

Manufacturing Spyware Surveillance Marketing

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance

Surveillance IoT Accountability Passwords

Weekly Update 273

Troy Hunt

DECEMBER 11, 2021

Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online. (but I did a day and a half later!) After more than 11 years, it was finally time for a new profile photo (I really like this one 😊) You know what's not weird at all?

Password Management

Password Management Surveillance Passwords

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Threatpost

SEPTEMBER 21, 2020

A new Android malware strain has been uncovered, part of the Rampant Kitten threat group's widespread surveillance campaign that targets Telegram credentials and more.

Malware

Malware Passwords Surveillance Authentication

Weekly Update 165

Troy Hunt

NOVEMBER 17, 2019

References Scott Helme is running my Hack Yourself First workshop in Amsterdam on Dec 9 & 10 (he's getting awesome reviews on these too) Apparently, FinecoBank in Italy reckons you should Google your password and not use it if it appears 10 times or more (no, just don't) You'll also need to pay FinecoBank € 0.95

VPN

VPN Surveillance Passwords Banking

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Specifically, it was fetching account icons and defaulted to opening password reset pages over HTTP. Once bypassed, threat actors had high-level access and could view information such as user passwords and other stored credentials.

Surveillance

Surveillance Telecommunications Malware Data breaches

Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms

Security Boulevard

JUNE 4, 2023

Netflix plans to crack down on the widespread practice of password sharing among households. The post Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms appeared first on Security Boulevard.

Surveillance

Surveillance Passwords Data privacy InfoSec

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Duo's Security Blog

JULY 1, 2021

Tall Tale #1: PINs Are Just Passwords In Part 1 , we talked about how passwordless authentication is still multi-factor: Possession of a private key, ideally stored on a piece of secure hardware A biometric or PIN the authenticator uses to locally verify the user’s identity Reasoning about a PIN being used as a factor is simpler than a biometric.

Passwords

Passwords Surveillance Authentication Risk

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

It is interesting to note that an active Keepass (password manager) process gets killed before starting the keylogger. This is likely intended to force the user to restart the program and enter a master password that is then stolen via the keylogger. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

RedTorch Formed from Ashes of Norse Corp.

Krebs on Security

MARCH 22, 2021

An ad for RedTorch’s “Cheetah” counter-surveillance tech. Victims of those breaches lost a lot of private data including passwords, and Frigg will help them secure their private data in the future. The Guy Fawkes mask/Anonymous threat featured prominently and often on RedTorch’s website.

Surveillance

Surveillance Computers and Electronics Internet Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. Original post at [link]. After looking at 28 of the most popular manufacturers, our research team found 3.5

Surveillance

Surveillance Manufacturing Internet Internet

Password Encryption 101: Best Practices Guide for Orgs of All Sizes

SecureWorld News

APRIL 24, 2023

As the frequency of data breaches surges, it becomes increasingly imperative to guarantee the security and adequate encryption of passwords. In this article, I will provide an overview of password encryption, explaining its essence and modus operandi. What is password encryption? Why is password encryption necessary?

Encryption

Encryption Passwords Software Password Management

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

Disabling unnecessary protocols and services, avoiding default passwords, and verifying software integrity bolster resilience. Organizations should adopt secure password storage, phishing-resistant MFA, session token limits, and Role-Based Access Control (RBAC). “For are essential for protecting data.

Telecommunications

Telecommunications Government Mobile Cyber threats

When Security Takes a Backseat to Productivity

Krebs on Security

JUNE 17, 2020

The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data detailing the CIA’s capabilities to perform electronic surveillance and cyber warfare. Not allowing multiple users to share administrative-level passwords.

Data breaches

Data breaches Security Awareness Surveillance Media

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). A segment of a lawsuit Binns filed in 2020 against the CIA, in which he alleges U.S.

Cybercrime

Cybercrime Mobile Media Hacking

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

Security Affairs

MARCH 27, 2025

Compromised data includes usernames, passwords, security details, emails, and Firebase integration data. At this time, the group also listed the company Oregon Surveillance Network on the leak site. The ransomware group steals victims’ data to pressure them into paying a “generous fee.” million accounts.

Hacking

Hacking Telecommunications Data breaches Internet

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. Users should update their passwords on a regular basis.

Passwords

Passwords Surveillance Manufacturing Accountability

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

SEPTEMBER 12, 2023

Citizen Lab says the bug it discovered was being exploited to install spyware made by the Israeli cyber surveillance company NSO Group. “They could also conduct pass-the-hash attacks, where the attacker uses the hashed version of a password to authenticate themselves without needing to decrypt it.” and iPadOS 16.6.1.

Spyware

Spyware Software Surveillance Authentication

Privacy Roundup: Week 9 of Year 2025

Security Boulevard

MARCH 3, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The surveillance tech waiting for workers as they return to the office ArsTechnica RTO continues to pick up steam. In pursuit of "more productivity," some employers are leaning heavily into surveillance tech.

Surveillance

Surveillance Data breaches Firmware Encryption

US Journalist Detained When Returning to US

Schneier on Security

JULY 4, 2019

After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico.

Passwords

Passwords Media Encryption Internet

Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

FEBRUARY 6, 2019

This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance. Ubiquitous surveillance. It’s a healthy thing that a captain of industry can see this. Advanced use cases.

Surveillance

Surveillance Technology Retail Artificial Intelligence

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

There's just one specific in the law that's not subject to the attorney general's interpretation: Default passwords are not allowed. Once this kind of sorting is possible, companies will, in all likelihood, return to their profitable surveillance capitalism practices on those who are still fair game. This law is not a panacea.

IoT

IoT Manufacturing Internet Internet

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication. On June 11, 2017, Terpin’s phone went dead.

Mobile

Mobile Cryptocurrency Accountability Authentication

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

Hacking

Hacking Ransomware Banking Accountability

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-.

Firmware

Firmware Surveillance Manufacturing Advertising

Privacy Roundup: Week 7 of Year 2025

Security Boulevard

FEBRUARY 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Introducing Bitwarden Cupid Vault to securely share (and unshare) passwords with loved ones Bitwarden Bitwarden has already had the ability to securely share passwords. Tips for finding old accounts.

Surveillance

Surveillance Data breaches VPN Malware

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. “ The bad news is that the vendor hasn’t yet addressed the flaw.

Firmware

Firmware Surveillance IoT Passwords

Who’s Hacking You?

Webroot

MARCH 9, 2021

Pretending to be someone else, these hackers manipulate their victims into opening doors to systems or unwittingly sharing passwords or banking details. However, cybercriminals can also use legal DNS traffic surveillance to their advantage. Today’s cybercriminals are masters at exploiting basic human trust.

Hacking

Hacking DNS Surveillance Cybercrime

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware

Spyware Manufacturing Small Business Surveillance

FBI is searching for contractors to monitor social media

Security Affairs

AUGUST 12, 2019

The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them. “Such a tool would likely violate the companies’ ban against using their data for surveillance.” ” reads the Solicitation Proposal Number DJF194750PR0000369.

Media

Media Surveillance Advertising Passwords

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

The vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group on 2023-09-25, a circumstance that suggests it was exploited by a nation-state actor or by a surveillance firm. _clem1 discovered another ITW 0-day in use by a commercial surveillance vendor: CVE-2023-5217.

Surveillance

Surveillance Spyware Passwords Hacking

Security company ADT announces security breach of customer data

Malwarebytes

AUGUST 9, 2024

Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” Change your password. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Passwords Phishing Password Management

One million cracked Poshmark accounts being sold online

Security Affairs

SEPTEMBER 2, 2019

The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc. The compromised data included email addresses, names, usernames , genders, locations and passwords stored as bcrypt hashes.

Accountability

Accountability Data breaches Passwords Advertising

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

Malwarebytes

SEPTEMBER 4, 2024

After using passwords obtained from one of the countless breaches as a lure to trick victims into paying, the “Hello pervert” sextortion scammers have recently introduced two new pressure tactics: Name-dropping the infamous Pegasus spyware and adding pictures of your home environment. The scammer says they know “your password.”

Scams

Scams Spyware Passwords Password Management

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

AUGUST 7, 2018

Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication.

Mobile

Mobile Cryptocurrency Computers and Electronics Scams

The Risk of Weak Online Banking Passwords

China officially condemns Pegasus spyware surveillance and accuses US

Trending Sources

US NCSC and DoS share best practices against surveillance tools

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Weekly Update 273

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Weekly Update 165

Privacy Roundup: Week 12 of Year 2025

Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Ferocious Kitten: 6 years of covert surveillance in Iran

European firm DSIRF behind the attacks with Subzero surveillance malware

RedTorch Formed from Ashes of Norse Corp.

3.5m IP cameras exposed, with US in the lead

Password Encryption 101: Best Practices Guide for Orgs of All Sizes

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

When Security Takes a Backseat to Productivity

Canadian Man Arrested in Snowflake Data Extortions

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

FBI warns swatting attacks on owners of smart devices

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Privacy Roundup: Week 9 of Year 2025

US Journalist Detained When Returning to US

Episode 188: Crowdsourcing Surveillance with Flock Safety

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

New IoT Security Regulations

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

Hanging Up on Mobile in the Name of Security

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Botnet operators target multiple zero-day flaws in LILIN DVRs

Privacy Roundup: Week 7 of Year 2025

Guardzilla Security Video System Footage exposed online

Who’s Hacking You?

Security Affairs newsletter Round 377

FBI is searching for contractors to monitor social media

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security company ADT announces security breach of customer data

One million cracked Poshmark accounts being sold online

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone Episode 188: Crowdsourcing Surveillance with Flock Safety

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

Florida Man Arrested in SIM Swap Conspiracy

Stay Connected