Krebs on Security

AUGUST 5, 2019

This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint , Plaid , Yodlee , YNAB and others to surveil and drain consumer accounts online. “If the account is active, hackers then can go to the next stage for 2FA phishing or social engineering, or linking the accounts with another.”

Banking 276

Banking Passwords Risk Accountability 276

Security Affairs

MARCH 25, 2021

Facebook has taken action against a series of accounts used by a China-linked cyber-espionage group, tracked as Earth Empusa or Evil Eye, to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.

Surveillance 115

Surveillance Social Engineering Malware Accountability 115

Security Boulevard

DECEMBER 20, 2021

Police all over the nation are using the infamous Stingray device to surveil suspects. For example, Boston police (despite Stingray use being effectively illegal in Massachusetts). The post Boston Cops buy Stingray Spy Stuff—Spending Secret Budget appeared first on Security Boulevard.

Surveillance 136

Surveillance Social Engineering Engineering Security Awareness 136

Security Affairs

AUGUST 17, 2021

The identifier could be obtained via social engineering. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs. “The vulnerabilities described in this post affect a core component of the Kalay platform.

IoT 124

IoT Hacking Social Engineering Firmware 124

Joseph Steinberg

JULY 13, 2022

Additionally, keep in mind that while Lockdown Mode may make it more difficult for attackers to exploit social engineering in order to compromise devices, until Apple more strictly controls what apps it allows in its app store , potential government spying remains a major problem.

Cybersecurity 258

Cybersecurity Artificial Intelligence Government Social Engineering 258

Security Boulevard

SEPTEMBER 2, 2021

The Australian government has given itself an enormous surveillance tool. Five Eyes means that rules in Oz can be used here, too. The post Secret Govt. Spy Powers Coming Here—via Australia appeared first on Security Boulevard.

Surveillance 119

Surveillance Government Social Engineering IoT 119

Security Affairs

SEPTEMBER 3, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Social Engineering 126

Social Engineering Spyware Data breaches Malware 126

eSecurity Planet

OCTOBER 8, 2024

Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance. law enforcement for surveillance purposes. The hackers, identified by U.S.

Surveillance 114

Surveillance Government Phishing Cybersecurity 114

Security Affairs

FEBRUARY 9, 2025

Malware Malicious packages deepseeek and deepseekai published in Python Package Index Coyote Banking Trojan: A Stealthy Attack via LNK Files Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques Semantic Entanglement-Based Ransomware (..)

Spyware 61

Spyware Cybercrime Scams Social Engineering 61

Security Affairs

SEPTEMBER 11, 2022

The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against individuals and organizations of strategic interest to Teheran. ” The surveillance operations conducted by the APT group involved the distribution of Android malware such as VINETHORN and PINEFLOWER.

Surveillance 100

Surveillance Social Engineering Phishing Government 100

Security Affairs

JUNE 9, 2023

Stealth Soldier is surveillance software that allows operators to spy on the victims and exfiltrate collected data. “Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.”

Surveillance 98

Surveillance Malware Social Engineering Engineering 98

SecureWorld News

NOVEMBER 6, 2023

As more personal and organizational data ends up online—whether through social media oversharing, high-profile breaches, or surveillance capitalism—the OSINT surface area continues to grow. OSINT threats should be considered alongside network and social engineering threats when evaluating your overall security posture."

Social Engineering 108

Social Engineering Surveillance Media Education 108

Schneier on Security

FEBRUARY 6, 2023

This is bulk surveillance and can easily operate on this massive scale. This includes writing vulnerability-free software, designing user interfaces that help resist social engineering, and building computer networks that aren’t full of holes. On the other hand, computer hacking has to be conducted one target computer at a time.

Encryption 268

Encryption Hacking Software Social Engineering 268

Security Boulevard

JANUARY 28, 2022

It should be worth pointing out that on the vast majority of occasions the majority of IM-based encryption protocols are perfectly suited to respond and actually protect against a large portion of modern eavesdropping and surveillance campaigns. Possible physical security and network-based attack scenarios: - physical device compromise .

Encryption 105

Encryption Cybercrime Social Engineering Mobile 105

Security Boulevard

NOVEMBER 14, 2021

Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage. ** Links mentioned on the show ** Robinhood Trading App Suffers Data Breach Exposing 7 Million (..)

Data breaches 59

Data breaches Social Engineering Surveillance Engineering 59

Malwarebytes

AUGUST 26, 2021

The Bahrain government and groups linked to them—such as LULU , a known operator of Pegasus, and others like them who are associated with a separate government—were tagged as culprits of the surveillance activity. Dubbed by Citizen Lab as FORCEDENTRY, this iMessage exploit is said to have been in use since February 2021.

Spyware 105

Spyware Surveillance Social Engineering Government 105

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. “The adversary might be tied to Iran’s Islamic regime since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten, and Rampant Kitten. fn= hxxp://hr.dedyn.io/upload2.aspx

Surveillance 111

Surveillance Social Engineering Ransomware Cybercrime 111

Security Affairs

NOVEMBER 26, 2021

Upon opening the app, it requests that the user grant the app permissions to perform surveillance actions such as to access to the microphone to record audio and all files stored on the device. The malicious apps use social engineering to ask the user to grant advanced permissions.

Spyware 120

Spyware Social Engineering Surveillance Engineering 120

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. The cyber espionage campaigns were carried out by Iran-linked Chafer APT (also known as APT39 or Remix Kitten). ” continues the report.

Government 127

Government Social Engineering Hacking Advertising 127

SecureWorld News

AUGUST 24, 2022

The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The attack may attack video surveillance, closed-circuit TV, or IP camera positioned in a location with a line of sight with the transmitting computer. ".

Firmware 98

Firmware Social Engineering Surveillance Malware 98

CyberSecurity Insiders

DECEMBER 18, 2021

Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organizational data. Information on individual employees should be anonymized and unmasked only on a strict “need to know” basis.

Risk 134

Risk Social Engineering Surveillance Data collection 134

Malwarebytes

MARCH 4, 2022

There are rootkits, Trojans, worms, viruses, ransomware, phishing, identity theft, and social engineering to worry about. If you are concerned about surveillance or censorship, use privacy-first software like the Tails operating system , Tor browser , and Signal messenger. And that’s not a comprehensive list.

Backups 104

Backups Password Management Identity Theft Passwords 104

Hacker's King

MAY 20, 2023

However, if hackers gain access to these tokens through social engineering, phishing attacks, or other means, they can bypass 2FA by directly entering the codes, granting them unauthorized access. Social Engineering: Guarding Against Manipulation Social engineering remains a potent tool in hackers’ arsenal.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

Google Security

MAY 15, 2024

Advanced cellular security to fight fraud and surveillance We’re adding new advanced cellular protections in Android 15 to defend against abuse by criminals using cell site simulators to snoop on users or send them SMS-based fraud messages. These features require device OEM integration and compatible hardware.

Scams 77

Scams Threat Detection Social Engineering Surveillance 77

eSecurity Planet

FEBRUARY 22, 2022

There is no need for social engineering , as the program can implant backdoors directly without forced consent. Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle.

Spyware 126

Spyware Software Government Social Engineering 126

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. FinSpy is an infamous, commercial surveillance toolset that is used for “legal surveillance” purposes.

Malware 138

Malware Mobile Spyware Surveillance 138

SecureList

NOVEMBER 28, 2024

The second, an article published in 2024 by the Google Threat Analysis Group, described the business model of various companies that provide commercial surveillance solutions. The first, published in 2021 by Motherboard and Citizen Lab, shared the first evidence and indicators related to the software.

Malware 116

Malware Government Software Spyware 116

Chicago CyberSecurity Training

MAY 23, 2024

Phishing and Social Engineering : Tactics used to trick employees into revealing sensitive information or downloading malicious software. Lack of Monitoring : Insufficient monitoring allows threats to remain undetected, enabling persistent access and long-term surveillance.

Social Engineering 52

Social Engineering Cyber threats Surveillance Passwords 52

Krebs on Security

NOVEMBER 6, 2018

But Ferri said once the REACT Task Force got involved in his case, it became clear that video surveillance footage from the date and time of his SIM swap showed no such evidence of anyone entering the store to present a fake ID.

Mobile 268

Mobile Cryptocurrency Accountability Passwords 268

eSecurity Planet

APRIL 20, 2023

Physical security vulnerability assessment: This form of assessment focuses on finding weaknesses in physical security, including perimeter security, access controls, and surveillance systems. Social engineering methods include phishing , baiting, and tailgating.

Social Engineering 98

Social Engineering Data breaches Wireless Software 98

SecureList

APRIL 27, 2021

The group’s operations were exposed in 2018, showing that it was conducting surveillance attacks against individuals in the Middle East. Interestingly, some of the TTPs used by this threat actor are reminiscent of other groups operating in the domain of dissident surveillance. Final thoughts.

Malware 145

Malware Government Spyware Social Engineering 145

Security Boulevard

JULY 23, 2024

Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable. The post EFF Angry as Google Keeps 3rd-Party Cookies in Chrome appeared first on Security Boulevard.

Social Engineering 135

Social Engineering Advertising Marketing Surveillance 135

Security Boulevard

FEBRUARY 14, 2024

I❤️POE: Does your home security need a rethink? Wireless cameras are kinda useless, say cops. The post ALERT: Thieves❤️Wi-Fi Camera Jammers appeared first on Security Boulevard.

Wireless 132

Wireless Social Engineering Internet Internet 132

Security Boulevard

FEBRUARY 18, 2021

Oracle Corp. stands accused of selling analytics to Chinese police forces that’s being used to hunt down political dissidents and lock up Uyghur Muslims. The post Oracle is Said to Help China Find Dissidents and Jail Minorities appeared first on Security Boulevard.

Social Engineering 142

Social Engineering Surveillance Engineering Risk 142

Security Boulevard

MARCH 1, 2024

EKEN IoT FAIL: Amazon, Sears and Shein still sell security swerving stuff. The post Cheap Video Doorbell Cams: Tools of Stalkers and Thieves appeared first on Security Boulevard.

IoT 130

IoT Social Engineering Internet Internet 130

Hacker's King

OCTOBER 21, 2024

Government and Law Enforcement Surveillance Another situation where phones can be legally hacked is during government surveillance. While ethical hackers have the tools to access phones, their work is strictly legal and requires permission from the device’s owner or company.

Hacking 52

Hacking Cybersecurity Penetration Testing Surveillance 52

Security Affairs

SEPTEMBER 15, 2023

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Access to Contacts: Apps with access to your contacts may misuse this information for spamming, social engineering, or selling your contact details to third parties without your consent.

Accountability 131

Accountability Mobile Surveillance Information Security 131