Krebs on Security

AUGUST 5, 2019

This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint , Plaid , Yodlee , YNAB and others to surveil and drain consumer accounts online. “If the account is active, hackers then can go to the next stage for 2FA phishing or social engineering, or linking the accounts with another.”

Banking 275

Banking Passwords Risk Accountability 275

Security Boulevard

DECEMBER 20, 2021

Police all over the nation are using the infamous Stingray device to surveil suspects. For example, Boston police (despite Stingray use being effectively illegal in Massachusetts). The post Boston Cops buy Stingray Spy Stuff—Spending Secret Budget appeared first on Security Boulevard.

Surveillance 136

Surveillance Social Engineering Engineering Security Awareness 136

Joseph Steinberg

JULY 13, 2022

Additionally, keep in mind that while Lockdown Mode may make it more difficult for attackers to exploit social engineering in order to compromise devices, until Apple more strictly controls what apps it allows in its app store , potential government spying remains a major problem.

Cybersecurity 258

Cybersecurity Artificial Intelligence Government Social Engineering 258

Security Affairs

MARCH 25, 2021

Facebook has taken action against a series of accounts used by a China-linked cyber-espionage group, tracked as Earth Empusa or Evil Eye, to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.

Surveillance 113

Surveillance Social Engineering Malware Accountability 113

Security Boulevard

SEPTEMBER 2, 2021

The Australian government has given itself an enormous surveillance tool. Five Eyes means that rules in Oz can be used here, too. The post Secret Govt. Spy Powers Coming Here—via Australia appeared first on Security Boulevard.

Surveillance 119

Surveillance Government Social Engineering IoT 119

Security Affairs

AUGUST 17, 2021

The identifier could be obtained via social engineering. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs. “The vulnerabilities described in this post affect a core component of the Kalay platform.

IoT 123

IoT Hacking Social Engineering Firmware 123

Security Affairs

SEPTEMBER 3, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Social Engineering 124

Social Engineering Data breaches Spyware Malware 124

eSecurity Planet

OCTOBER 8, 2024

Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance. law enforcement for surveillance purposes. The hackers, identified by U.S.

Surveillance 115

Surveillance Government Phishing Cybersecurity 115

Security Affairs

SEPTEMBER 11, 2022

The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against individuals and organizations of strategic interest to Teheran. ” The surveillance operations conducted by the APT group involved the distribution of Android malware such as VINETHORN and PINEFLOWER.

Surveillance 100

Surveillance Social Engineering Phishing Government 100

Security Affairs

FEBRUARY 9, 2025

Malware Malicious packages deepseeek and deepseekai published in Python Package Index Coyote Banking Trojan: A Stealthy Attack via LNK Files Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques Semantic Entanglement-Based Ransomware (..)

Spyware 60

Spyware Cybercrime Scams Social Engineering 60

Security Affairs

JUNE 9, 2023

Stealth Soldier is surveillance software that allows operators to spy on the victims and exfiltrate collected data. “Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.”

Surveillance 98

Surveillance Malware Social Engineering Engineering 98

Schneier on Security

FEBRUARY 6, 2023

This is bulk surveillance and can easily operate on this massive scale. This includes writing vulnerability-free software, designing user interfaces that help resist social engineering, and building computer networks that aren’t full of holes. On the other hand, computer hacking has to be conducted one target computer at a time.

Encryption 270

Encryption Hacking Software Social Engineering 270

SecureWorld News

NOVEMBER 6, 2023

As more personal and organizational data ends up online—whether through social media oversharing, high-profile breaches, or surveillance capitalism—the OSINT surface area continues to grow. OSINT threats should be considered alongside network and social engineering threats when evaluating your overall security posture."

Social Engineering 106

Social Engineering Surveillance Media Education 106

Security Boulevard

NOVEMBER 14, 2021

Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage. ** Links mentioned on the show ** Robinhood Trading App Suffers Data Breach Exposing 7 Million (..)

Data breaches 59

Data breaches Social Engineering Surveillance Engineering 59

Security Boulevard

JANUARY 28, 2022

It should be worth pointing out that on the vast majority of occasions the majority of IM-based encryption protocols are perfectly suited to respond and actually protect against a large portion of modern eavesdropping and surveillance campaigns. Possible physical security and network-based attack scenarios: - physical device compromise .

Encryption 105

Encryption Cybercrime Social Engineering Mobile 105

Krebs on Security

MARCH 29, 2022

In a blog post about their recent hack, Microsoft said LAPSUS$ succeeded against its targets through a combination of low-tech attacks, mostly involving old-fashioned social engineering — such as bribing employees at or contractors for the target organization.

Accountability 292

Accountability Government Hacking Social Engineering 292

Malwarebytes

AUGUST 26, 2021

The Bahrain government and groups linked to them—such as LULU , a known operator of Pegasus, and others like them who are associated with a separate government—were tagged as culprits of the surveillance activity. Dubbed by Citizen Lab as FORCEDENTRY, this iMessage exploit is said to have been in use since February 2021.

Spyware 109

Spyware Surveillance Social Engineering Government 109

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. “The adversary might be tied to Iran’s Islamic regime since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten, and Rampant Kitten. fn= hxxp://hr.dedyn.io/upload2.aspx

Surveillance 110

Surveillance Social Engineering Ransomware Cybercrime 110

Security Affairs

NOVEMBER 26, 2021

Upon opening the app, it requests that the user grant the app permissions to perform surveillance actions such as to access to the microphone to record audio and all files stored on the device. The malicious apps use social engineering to ask the user to grant advanced permissions.

Spyware 118

Spyware Social Engineering Surveillance Engineering 118

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. The cyber espionage campaigns were carried out by Iran-linked Chafer APT (also known as APT39 or Remix Kitten). ” continues the report.

Government 125

Government Social Engineering Hacking Advertising 125

SecureList

NOVEMBER 28, 2022

In the US, for example, the FTC has requested public comments on the “prevalence of commercial surveillance and data security practices that harm consumers” to inform future legislation. Companies will fight the human factor in cybersecurity to curb insider threat and social engineering to protect user data.

Insurance 136

Insurance Social Engineering IoT Data breaches 136

SecureWorld News

AUGUST 24, 2022

The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The attack may attack video surveillance, closed-circuit TV, or IP camera positioned in a location with a line of sight with the transmitting computer. ".

Firmware 98

Firmware Social Engineering Surveillance Malware 98

CyberSecurity Insiders

DECEMBER 18, 2021

Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organizational data. Information on individual employees should be anonymized and unmasked only on a strict “need to know” basis.

Risk 134

Risk Social Engineering Surveillance Data collection 134

Malwarebytes

MARCH 4, 2022

There are rootkits, Trojans, worms, viruses, ransomware, phishing, identity theft, and social engineering to worry about. If you are concerned about surveillance or censorship, use privacy-first software like the Tails operating system , Tor browser , and Signal messenger. And that’s not a comprehensive list.

Backups 105

Backups Password Management Identity Theft Passwords 105

Hacker's King

MAY 20, 2023

However, if hackers gain access to these tokens through social engineering, phishing attacks, or other means, they can bypass 2FA by directly entering the codes, granting them unauthorized access. Social Engineering: Guarding Against Manipulation Social engineering remains a potent tool in hackers’ arsenal.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

Security Affairs

SEPTEMBER 29, 2024

Treasury issued fresh sanctions against entities linked to the Intellexa Consortium Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812 Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries Chinese man charged for spear-phishing against NASA and US Government Data Breach Qilin ransomware attack on Synnovis (..)

Hacking 115

Hacking Ransomware Antivirus Cybercrime 115

Google Security

MAY 15, 2024

Advanced cellular security to fight fraud and surveillance We’re adding new advanced cellular protections in Android 15 to defend against abuse by criminals using cell site simulators to snoop on users or send them SMS-based fraud messages. These features require device OEM integration and compatible hardware.

Scams 76

Scams Threat Detection Social Engineering Surveillance 76

eSecurity Planet

FEBRUARY 22, 2022

There is no need for social engineering , as the program can implant backdoors directly without forced consent. Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle.

Spyware 126

Spyware Software Government Social Engineering 126

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. FinSpy is an infamous, commercial surveillance toolset that is used for “legal surveillance” purposes.

Malware 140

Malware Mobile Spyware Surveillance 140

SecureList

NOVEMBER 17, 2021

This year, the use of surveillance software developed by private vendors has come under the spotlight, as discussed above. This includes the use of social engineering to obtain credentials and brute-force attacks on corporate services, in the hope of finding poorly protected servers. And now, we turn our attention to the future.

Mobile 145

Mobile Surveillance Ransomware Government 145

SecureList

NOVEMBER 28, 2024

The second, an article published in 2024 by the Google Threat Analysis Group, described the business model of various companies that provide commercial surveillance solutions. The first, published in 2021 by Motherboard and Citizen Lab, shared the first evidence and indicators related to the software.

Malware 116

Malware Government Software Spyware 116

NetSpi Executives

OCTOBER 29, 2024

Through this, the film raises awareness about data privacy, the implications of corporate surveillance, and the moral complexities surrounding information access. And, the Empire’s reliance on technology and surveillance mirrors modern concerns about privacy and the misuse of data.

Cybersecurity 45

Cybersecurity Social Engineering Surveillance Technology 45

Chicago CyberSecurity Training

MAY 23, 2024

Phishing and Social Engineering : Tactics used to trick employees into revealing sensitive information or downloading malicious software. Lack of Monitoring : Insufficient monitoring allows threats to remain undetected, enabling persistent access and long-term surveillance.

Social Engineering 52

Social Engineering Cyber threats Surveillance Passwords 52

Krebs on Security

NOVEMBER 6, 2018

But Ferri said once the REACT Task Force got involved in his case, it became clear that video surveillance footage from the date and time of his SIM swap showed no such evidence of anyone entering the store to present a fake ID.

Mobile 265

Mobile Cryptocurrency Accountability Passwords 265

eSecurity Planet

APRIL 20, 2023

Physical security vulnerability assessment: This form of assessment focuses on finding weaknesses in physical security, including perimeter security, access controls, and surveillance systems. Social engineering methods include phishing , baiting, and tailgating.

Social Engineering 98

Social Engineering Data breaches Wireless Software 98

Security Boulevard

JULY 23, 2024

Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable. The post EFF Angry as Google Keeps 3rd-Party Cookies in Chrome appeared first on Security Boulevard.

Social Engineering 135

Social Engineering Advertising Marketing Surveillance 135

Security Boulevard

FEBRUARY 14, 2024

I❤️POE: Does your home security need a rethink? Wireless cameras are kinda useless, say cops. The post ALERT: Thieves❤️Wi-Fi Camera Jammers appeared first on Security Boulevard.

Wireless 132

Wireless Social Engineering Internet Internet 132