"🚀 #ChromeSecurityUpdate: Google Thwarts Spyware Vendor Exploiting New Zero-Day 🚀"

Google has promptly patched a fresh security flaw in Chrome, exploited by a commercial spyware vendor. The update, version 117.0.5938.132, rolled out for Windows, macOS, and Linux, addressing ten vulnerabilities. The most critical among them is CVE-2023-5217, a "heap buffer overflow in vp8 encoding in libvpx," reported by Clement Lecigne from Google's Threat Analysis Group. This flaw was already weaponized in real-world attacks, marking the sixth Chrome zero-day patched in 2023. 🛡️💻

The exploit was leveraged by a commercial surveillance vendor, reminiscent of a recent operation delivering Predator spyware to an Egyptian opposition politician using various zero-days and MitM attacks on mobile devices. 🕵️📱

Source: SecurityWeek

Tags: #CyberSecurity #GoogleChrome #ZeroDay #CVE20235217 #Spyware #CyberAttack #PatchTuesday #InfoSec #VulnerabilityManagement #MitM #RealWorldExploits

10 hours ago

Sept 29th: the day when #twitter #exbirdsite introduces #biometrics #id verification for premium users, apparently as a voluntary option. What is not optional is that #personaldata will be handled by tech company AU10TIX from #Israel, the free country that brought us #Pegasus #spyware (targeting heads of state, journalists & activists). It is clearly only a matter of time until ID verification is extended to all #Xusers

18 hours ago

He left a cup of coffee in her car.

She moved across the country to get away from him, and one morning she comes out, and there's a steaming cup of Starbucks sitting in her vehicle.

It was the exact kind of coffee she always ordered.

#harassment #stalking #domesticviolence #safety #security #privacy #infosec #tech #stalkerware #spyware

Steve Maclellan
2 days ago

Beware: Substack newsletter links may contain spyware, malware and viruses

Substack newsletter trracking
Substack newsletter warning
2 days ago

#technology #privacy #spyware #Spyware_attacks #ads #onlineads Online Ads Can Infect Your Device with Spyware
An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it
So not only that ads are invasive and can infect devices through #malvertising, they can be also used for #spying

TopSecret Chat - OTR Messenger
2 days ago

If you have concerns about the privacy of your data being compromised by spyware potentially be installed or concealed on your device or cloud servers, explore our cutting-edge technology driven by #ConfidentialComputing and #E2E encryption at TopSecret.Chat

With Confidential Computing, regardless of the circumstances, your sensitive data remains secure within an isolated memory enclave, over which you maintain exclusive control.

#DataPrivacy #Spyware #Cybersecurity

2 days ago

4/5 📢 We're not the only ones saying it!

500+ journalists are also urging MEPs to meaningfully protect journalists by including a complete ban on #spyware in the #EMFA

Read their statement:

2 days ago

3/5 💪 @Europarl_EN has a unique opportunity to protect journalists and their sources from #spyware surveillance.

This is why we're calling on MEPs to include a total ban on spyware against journalists in the #EMFA when they vote on it next week.

2 days ago

2/5 🤔 Why a total ban on #spyware against journalists?

🚨 It endangers journalism, #FreedomOfExpression & EU's democratic values
👁️ Violates our #RightToPrivacy by accessing all communications, photos & online behaviour
🚫 No legal safeguard can prevent governments from abusing it

2 days ago

1/4 📰 @edri and 77 civil society and journalists' associations are calling on @Europarl_EN to ensure that journalists are completely protected from #spyware in the European #MediaFreedom Act #EMFA.

Read the open letter:

@EFJEurope @liberties

Journalists at work with EU flag in the background
Paolo Redaelli
2 days ago

"There's One More Reason to Use Mozilla Firefox Now!"

I don't need further reasons to use #Firefox.
As #chrome is actually #spyware I #avoidChrome and suggest to #UninstallChrome

Firefox logo over blue background
Linux Is Best
2 days ago

I like the latest spyware and adware released from Microsoft, known as Windows 11 —It has helped so many people try and eventually switch to Linux.

#Windows11 #Windows #Spyware #Adware #Linux

Graham Cluley
3 days ago

Exiled Russian journalist claims "European state" hacked her iPhone with Pegasus spyware.

Read more in my article on the Bitdefender blog:

#cybersecurity #malware #spyware #pegasus

Meduza on iPhone
Linux Is Best
3 days ago

If you are using Microsoft Windows, you are not using an operating system (OS) —You are using adware and spyware that happens to coincidentally act like an OS.

Use a real OS —Use Linux.

I work and play without adware or spyware. I use, Linux.

#Windows #Microsoft #Adware #Spyware #Linux

4 days ago

CISA Adds Three Known Exploited Vulnerabilities to Catalog:
These were exploited by surveillance vendor Intellexa to deliver Predator spyware to Egyptian presidential candidate Ahmed Eltantawy.

Tags: #CVE202341991 #CVE202341992 #CVE202341993 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA #Zeroday #eitw #Intellexa #predator #spyware

Pyrzout :vrfd:
4 days ago
4 days ago

EvilBamboo has exploited zero-day vulnerabilities, such as the one in the WebKit browser engine of the Apple mobile operating system, to deliver spyware strains like Insomnia.

#Uyghurs #Cybersecurity #Tibetans #Android #Taiwanese #Spyware #EvilBamboo

Russia-Ukraine Daily News
4 days ago

🇪🇺 An independent #Russian news outlet whose founder was hacked in #Germany earlier this year through military-grade #spyware has said it believes a #European state was most likely behind the #cyberattack, raising thorny questions about an EU member state’s possible use of a blacklisted cyberweapon against a journalist.

#russia #europe #hacking #journalism

deltatux :donor:
5 days ago

The Citizen Lab ( & Google Threat Analysis Group has disclosed a new targeted spy campaign that utilizes newly disclosed zero day in iOS. These zero days contain a privilege escalation flaw in the OS kernel along with a WebKit flaw allows attackers to install spyware & snoop on victim devices.

Citizen Lab & Google urges iPhone & iPad users to update to iOS 17.0.1 as soon as possible.

#infosec #cybersecurity #cyberespionage #spyware #ios #zeroday #citizenlab #Google

Pyrzout :vrfd:
5 days ago
heise Security
5 days ago

Staatstrojaner "Predator" auf ägyptischen Präsidentschaftsbewerber angesetzt

Ein ägyptischer Politiker tritt als Präsidentschaftskandidat an. Kurz darauf beginnen gezielte Angriffe auf sein Smartphone, um eine Spyware zu installieren.

#Spyware #Trojaner #news

@Macerkopf #Spyware ist inklusive!

Pyrzout :vrfd:
5 days ago

Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware #Tracking&LawEnforcement #spyware
5 days ago

Report from The Conversation: #Spyware can infect your phone or computer via the ads you see online #Privacy #InfoSec 📚
6 days ago

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator #apple #0day #iphone #spyware #predator

mah:~ $
6 days ago

As if politics in #Egypt couldn't get any more corrupt, one of the presidential candidates who happens to be the most vocal about police brutality and thug-like behavior from the current government, literally had his sim card exploited and it's unencrypted traffic redirected to #spyware. I hate it here.

Miguel Afonso Caetano
6 days ago

#Cybersecurity #Egypt #Spyware #Predator #Cytrox: "- Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections.

- In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.

- During our investigation, we worked with Google’s Threat Analysis Group (TAG) to obtain an iPhone zero-day exploit chain (CVE-2023-41991, CVE-2023-41992, CVE-2023-41993) designed to install Predator on iOS versions through 16.6.1. We also obtained the first stage of the spyware, which has notable similarities to a sample of Cytrox’s Predator spyware we obtained in 2021. We attribute the spyware to Cytrox’s Predator spyware with high confidence.

- Given that Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the network injection attack to the Egyptian government with high confidence.

- Eltantawy’s phone was additionally infected with Cytrox’s Predator spyware two years prior, in November 2021, via a text message containing a link to a Predator website."

Anonymous :anarchism: 🏴
6 days ago

🚨 ALERT: #iPhone spyware attack!

Former Egyptian parliament member Ahmed Eltantawy targeted by Predator #spyware using 3 recent zero-day vulnerabilities.

#cybersecurity #informationsecurity #technology

John Scott-Railton ☕
6 days ago

6/ Without brave victims like Ahmed Tantawy getting checked & coming forwards, these recent exploits would not have been found.

Billions of apple devices would still be vulnerable.

Including yours.

#egypt #elections #democracy #infosec #cybersecurity #predator #spyware #apple #ios #osx #update

@maddiestone @citizenlab

John Scott-Railton ☕
6 days ago

5/ Pulling back the lens from the tech side of this #Predator attack:

Mercenary #spyware is autocrat fuel.

When you hack a pro-democracy presidential hopeful in an autocracy... you are doing dictatorship.

And spyware companies know exactly who they are selling to.

#cybersecurity #infosec #democracy #elections

@maddiestone @citizenlab

John Scott-Railton ☕
6 days ago

3/. This kind of exploit delivery through injection DOES NOT require a target to click as our collaborator, the brilliant
Maddie stone points out in her post.

It's a seriously dangerous kind of attack & hard to protect against.

#google #spyware #predator #zeroday #exploit #cybersecurity #infosec
@citizenlab @maddiestone

John Scott-Railton ☕
6 days ago

🚨UPDATE your #Apple products now!

We @citizenlab w/TAG's @maddiestone caught #predator #spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.

Apple rushed a patch.

Attacks used network injection to drop the 3 #zeroday chain on his #iphone

We attribute the tech used for the injection to #sandvine's packetlogic.

#cybersecurity #infosec #hacking #egypt

Kriszta Satori
1 week ago

PREDATOR IN THE WIRES - Ahmed Eltantawy Targeted with #Predator #Spyware After Announcing Presidential Ambitions

1 week ago

@briankrebs Please note that The Citizen Lab published a separate blog detailing how former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. They attribute the network injection attack to the Egyptian government with high confidence.

#freethewhales #citizenlab #CVE202341991 #CVE202341992 #CVE202341993 #Cytrox #predator #spyware #Egypt

More urgent #Apple patches: @citizenlab in collaboration with #Google TAG @maddiestone uncovered #predator attacks against Egyptian pro-democracy politician Ahmed #Eltantawy. Worth a read, especially Bill #Marczak's phenomenal localization of the #spyware injection to a #Sandvine middlebox.

@ellavescent What if one declines these changes after reading?

Will they disable the car??

Shit like this is why I want all my vehicles to be stupid and why I won't buy anything built after 2017 when the #Govware & #Spyware #eCall was made mandatory...

1 week ago

Deswegen ist ein generelles ablehnen & sperren von Online-Werbung, egal welches System, ein Vorteil. Abgesehen von dessen optisch störenden Faktor ist es ein Sicherheitslücke.

»Sherlock: Spyware kommt über Online-Werbung.
Die israelische Firma Insanet soll eine Spähsoftware entwickelt haben, die über gezielte Werbebanner auf Windows-PCs und gängige Smartphones ausgespielt wird.«

#onlinewerbung #online #werbung #pc #spyware #insanet #win #windows

heise online
2 weeks ago

Sherlock-Spyware: Wenn der Staatstrojaner per Online-Werbung kommt

Die israelische Firma Insanet soll eine Spähsoftware entwickelt haben, die über gezielte Werbebanner auf Windows-PCs und gängige Smartphones ausgespielt wird.

#Malware #Spyware #news

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #37/2023 is out! It includes the following and much more:

➝ ☁️ 🔑 How #Google Authenticator made one company’s network #breach much, much worse
➝ 🇬🇧 🔓 30k primary pupils’ data may be at risk after #Capita cyber attack
➝ 🇬🇧 🔓 #Manchester Police officers' data exposed in #ransomware attack
➝ 🇺🇸 🎰 #Caesars Entertainment says customer data stolen in #cyberattack
➝ 🇺🇸 🎰 #MGM Resorts shuts down IT systems after cyberattack
➝ 🔓 #Rollbar discloses data breach after hackers stole access tokens
➝ 🇫🇷 🔓 #Airbus Launches Investigation After Hacker Leaks Data
➝ 🇮🇷 Microsoft: Iranian espionage campaign targeted satellite and defense sectors
➝ 💸 Hackers steal $53 million worth of #cryptocurrency from #CoinEx
➝ 🧨 After #Microsoft and X, Hackers Launch DDoS Attack on #Telegram
➝ 🇺🇸 ❌ #California passes first-in-the-nation data broker deletion tool
➝ 🇨🇴 💸 Several Colombian #government ministries hampered by ransomware attack
➝ 🇮🇪 💰 #TikTok slapped with $368 million fine over child privacy violations
➝ 📱 📡 #Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?
➝ 🇺🇸 🔐 Washington summit grapples with securing #opensource software
➝ 🇷🇺 👀 Hacking #Meduza: Pegasus #spyware used to target #Putin’s critic
➝ ⚖️ 💻 The International Criminal Court will now prosecute #cyberwar crimes
➝ 🇵🇱 👀 Polish Senate says use of government spyware is illegal in the country
➝ 🦠 #Rust-Written 3AM Ransomware: A Sneak Peek into a New #Malware Family
➝ 🇺🇸 🥸 US Agencies Publish Cybersecurity Report on #Deepfake Threats
➝ 🐧 🦠 Password-stealing Linux malware served for 3 years and no one noticed
➝ 🍏 🦠 #MetaStealer Malware Targets Apple #macOS in Recent Attacks
➝ 🇮🇷 🦠 Iranian hackers #backdoor 34 orgs with new Sponsor malware
➝ 🩹 ☁️ Researchers Detail 8 Vulnerabilities in #Azure HDInsight Analytics Service
➝ 🍏 🔓 Mullvad #VPN Warns of Critical Firewall Flaw in Apple's MacOS #Sonoma
➝ ☁️ 🔓 New #Kubernetes #Vulnerabilities Enable Remote Attacks on Windows Endpoints
➝ 🇺🇸 💦 CISA offers free security scans for public water utilities
➝ 🩹 #Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
➝ 🩹 Google Patches #Chrome Zero-Day Reported by Apple, Spyware Hunters
➝ 🩹 Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws

📚 This week's recommended reading is: "Extreme Privacy: What It Takes to Disappear" by Michael Bazzell

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

2 weeks ago

Revealed: Israeli Cyber Firms Have Developed 'Insane' New #SpyWare Tool. No Defense Exists

“A Haaretz investigation reveals that Israeli cyber companies developed technology that exploits the advertising system at the heart of the online economy to monitor civilians, hack into their phones & computers, and spy on them. This terrifying capability, against which no defense currently exists, has already been sold to a nondemocratic country”

#CyberSecurity #surveillance

John Scott-Railton ☕
2 weeks ago

Block ads on your networks now.

The system designed to follow us around the net with ads is now a blinking #nationalsecurity & #humanrights threat.

And the incentives are all wrong. From platforms to publishers & ad networks they've spent every effort to make sure those ads get to our devices.

Now, predictably, the tech is going to dictators & being used to hack us.

#cybersecurity #hacking #spyware #malware #surveillance #advertising

Graham Cluley
2 weeks ago

BLASTPASS: Government agencies told to secure iPhones against spyware attacks.

Read more in my article on the Tripwire blog:

#cybersecurity #malware #spyware #vulnerability #nsogroup

iPhone with an icon of some kind of blast... the background is some weird geometric thing.
Schneier on Security RSS
2 weeks ago

Fake Signal and Telegram Apps in the Google Play Store

Google removed fake Signal and Telegram apps from its Play store.
An app with the name Signal Plus Messenger was...

#cyberespionage #Uncategorized #opensource #espionage #Telegram #spyware #Signal

heise online
2 weeks ago

Pegasus: iPhone russischer Journalisten in Deutschland mit Spyware infiziert

Das iPhone der Inhaberin des russischen Exil-Nachrichtenmagazins Meduza wurde mit Pegasus infiziert – in Deutschland. Wer dahintersteckt, ist unklar.

#Pegasus #Pressefreiheit #Spionage #Spyware #news

Marcel Waldvogel
2 weeks ago

Believing that #spyware and other invasive tools will only be used by the "good" guys against the "bad" guys is illusionary.

Technology which is made available will be abused. So it must be the duty of every lawful government to have #security problems fixed, in the name of #democracy.

#Pegasus #NSO #NSOGroup #ChatControl #Chatkontrolle

John Scott-Railton ☕
2 weeks ago

NEW INVESTIGATION: Prominent #Putin critic & journalist from #Russia in exile hacked with #Pegasus #spyware in #Berlin.

#europe has spyware problem.

Yet many #EU countries have sat on the sidelines.

Still, hacks keep coming, harming EU #cybersecurity #humanrights & #nationalsecurity

Worse yet, #Germany thinks it can simultaneously be a Pegasus customer & not contribute to the problem.


We @citizenlab did analysis in investigation led by Access Now

Arena Cops 🇺🇦✌
2 weeks ago

😎 Good News: The FBI may have cleaned your computer(s) from botnet malware!👏👏👏

The not so good news: They may have done it without your knowledge & consent.🤔

#RuleOfLaw #FBI #InfoSec #DataSecurity #NetworkSecurity #Malware #Spyware #Trojans #Backdoors #Botnets #DDoS 📚
3 weeks ago

CISA ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. #apple #imessage #pegasus #spyware #iphone

Matthias Monroy
3 weeks ago

Council of Europe now also against #spyware:
Five members to investigate cases of abuse, among them #Azerbaijan. A planned resolution by the Parliamentary Assembly should also address #Germany.

3 weeks ago

@nixCraft If you need #Chrome but without the tracking, use ungoogled-chromium.

Unfortunately, #Firefox tracks you by default, including #Google tracking. While Firefox is less bad than Chrome, it's sadly not ideal. Thankfully, this can be mitigated (see

#IceCat is also an option. This is a Firefox fork without #tracking.

#Spyware #Chromium #Chrome #Privacy

heise online
3 weeks ago

Montag: Kündigungen nach Homeoffice-Ende, Vorratsdatenspeicherung bleibt Thema

Büropflicht ohne Mitarbeiter + SPD weiter für VDS + iRobots Cabrio-Wischer + Drucker-Treiber in Windows + Prüfung von PV-Anlagen + Desinteresse an Pegasus & Co

#Balkonkraftwerk #Datenschutz #Drucker #Energie #Homeoffice #Internet #Microsoft #Pegasus #SmartHome #Spyware #Trojaner #Vorratsdatenspeicherung #Windows #news

Katze liegt auf Schreibtisch neben Laptop und Maus; Montag: Grindr-Exodus, VDS-Bestreben, Roomba-Combo, Windows-Drucker, PV-Prüfung & Staatstrojaner-Ermüdung
M Dell
3 weeks ago

@Frederik_Borgesius 14.5 and 14.10 seem conflicting?

We should stop the digital arms trade, selling #0days and / or #spyware should always be illegal.

Without this there will be no #CyberSecurity

The Citizen Lab
3 weeks ago


We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group’s #Pegasus #spyware

Aral Balkan
3 weeks ago

In case you’re wondering, Google has been a spyware company for a long time now…

#spyware #google #chrome #spyware2point0

Aral Balkan
3 weeks ago

@mattsheffield Google has been a spyware company for a long time now…

#spyware #google #chrome #spyware2point0

Jan Penfrat
3 weeks ago


We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group’s #Pegasus #spyware.

From @citizenlab

melanie ensign
3 weeks ago

Pro tip: If waiting around for someone to publish IOCs for the latest mobile #spyware isn’t your jam, you can download @iverify & get an automatic mobile forensics scan every 10 minutes.

Oh! And it doesn’t require a root profile. #privacy

John Scott-Railton ☕
3 weeks ago

🚨 Update your #apple products immediately!

Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.

(No clicking required to infect latest iOS with #spyware

Found while checking civil society.

Disclosed to Apple which rushed a patch.

Takeway? Yet again scrappy civil society = the #cybersecurity early warning system for billions of users.

#iOS #iPhone #applewatch #macos

Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware. The BLASTPASS Exploit Chain

We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

We expect to publish a more detailed discussion of the exploit chain in the future. Disclosure to Apple & GVEs

Citizen Lab immediately disclosed our findings to Apple and assisted in their investigation. Apple issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061) Update Apple Devices Now

Apple has just issued an update for Apple products including iPhones, iPads, Mac comput- ers, and Apple Watches.

We urge everyone to immediately update their devices.

We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode.

We commend Apple for their rapid investigative response and patch cycle, and we acknowl- edge the victim and their organization for their collaboration and assistance.
John Scott-Railton ☕
3 weeks ago

BREAKING: #Poland's Senate investigation into #Pegasus hacking released.

Found "gross violations of constitutional standards"

Says 2019 elections where #Pegasus was used against opposition leadership were not fair.

Says procurement & use of Pegasus was illegal under Polish law & asks prosecutor to investigate current and former ministers.

#polska #pis #spyware #cybersecurity #hacking

(Pics: Machine translated) Report:,15764,komisja-nadzwyczajna-ds-inwigilacji-przyjela-raport-ze-swoich-prac.html

3 weeks ago

"Bad news: your car is a spy. If your vehicle was made in the last few years, you’re probably driving around in a data-harvesting machine that may collect personal information as sensitive as your race, weight, and sexual activity." #privacy #spyware #mozilla #surveillance

4 weeks ago

As if there was any doubt, #googlechrome has revealed its skin as being full-on Google #spyware

An "Ad privacy feature" modal dialog upon Google Chrome startup with the following text:

Turn on an ad privacy feature We're launching new privacy features that give you more choice over the ads that you see. Ad topics help sites show you relevant ads while protecting your browsing history and identity. Chrome can note topics of interest based on your recent browsing history. Later, a site that you visit can ask Chrome for relevant topics to personalise the ads that you see. You can see ad topics in settings and block the ones that you don't want shared with sites. Chrome also auto-deletes ad topics that are older than four weeks. More about ad topics v You can change your mind at any time in Chrome settings

No, thanks Turn it on

The good work of @ddosecrets showing up in the news:

Another major spyware app has been hacked, with thousands of victims saved

#spyware #hacking #hacktivism #news #hacks #leaks

Miguel Afonso Caetano
1 month ago

#Cybersecurity #Hacking #Spyware #Brazil #WebDetetive: "Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. WebDetetive is also the latest phone spyware company in recent months to have been hacked.

In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws in the spyware maker’s web dashboard — used by abusers to access the stolen phone data of their victims — the hackers said they enumerated and downloaded every dashboard record, including every customer’s email address.

The hackers said that dashboard access also allowed them to delete victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. “Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in the note."

heise online
1 month ago

Stalkerware-Anbieter gehackt: Opfer entfernt, Daten zur Kundschaft geleakt

Ein Anbieter von Stalkerware wurde gehackt und Angreifer haben die Verbindungen zu den infizierten Geräten gekappt. Daten zur Kundschaft wurden dagegen geleakt.

#Hacking #Spionage #Spyware #news

Hände an Smartphone im Dunklen
Graham Cluley
2 months ago

Privacy-invading LetMeSpy stalkerware announces it is shutting down after hack. Oh dear, what a shame, never mind.

Read more in my article on the Bitdefender blog:

#cybersecurity #privacy #spyware #stalkerware

Larry Garfield
2 months ago

I cannot configure watch faces on my #Fitbit Sense2 without disabling my ad-blocking DNA server on my phone. It pretends there is no internet connection at all of it cannot reach Google ad servers.

There is no reasonable justification for this. I would say "shame on them" but this is Google. If they had any shame, the world wouldn't be as fucked as it is now.

So I'll just say "avoid Fitbit products, because they are mandatory #Spyware."

Open Rights Group
2 months ago

Disappointment as peers fail to protect privacy on encrypted chats - A blog article by Dr Monica Horten on last night's proceedings in the Lords and the debate on the #OnlineSafetyBill #rights #surveillance #spyware #encryption #e2ee #privacy #humanrights

2 months ago

(The best part is this probably violates the #GDPR)

It turns out that there is no way to disable the **OTHER** #analytics #spyware that @grafana adds to #Loki

Start by adding `grafana-agent-operator.agent.enableReporting: false` to the last post. By default it installs and sets up the "Grafana Agent" and that flag must have slipped their minds in the release notes where this mess is nominally "documented". (Not in the docs. In the old *release notes*.)

Doesn't matter. There is no way to add 'enableReporting: false' to the GrafanaAgent CR itself. (Yay for non-standardization of flags.)

The "more fun" on this #privacy pile is in the same spot. It requests a LOT of permissions that look more related to their needs than mine:

It wants to scrape EVERYTHING. It wants to scrape stuff that I skip because its too noisy. What possible reason could the logger have for scraping ingress & cadvisor?

#monitoring #prometheus #kubernetes #k8s #grafana #helmchart #telemetry

Steve Herman
2 months ago

US government adds four foreign commercial #spyware firms to the Entity List “for engaging in activities contrary to the national security or foreign policy interests of the United States.”

Jon S. von Tetzchner
2 months ago

Meta has to stop surveillance based advertising... in Norway.

The Norwegian Data Protection Authority imposes a ban on Meta carrying out behavioral advertising based on the surveillance and profiling of users in Norway.

This is an important first step, although temporary. What we really need is clear regulation and no way to opt in, as that is always misused.

#Regulation #EU #Norway #Meta #Facebook #Instagram #Spyware

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #28/2023 is out! It includes the following and much more:

➝ 🇺🇸 ⚖️ #BreachForums owner #Pompompurin pleads guilty to hacking charges
➝ 🦠 🇺🇦 🇵🇱 PicassoLoader #Malware Used in Ongoing Attacks on #Ukraine and #Poland
➝ 🦠 🪷 #BlackLotus UEFI Bootkit Source Code Leaked on #GitHub ... or not
➝ 🔓 🙊 #WordPress plugin installed on 1 million+ sites logged plaintext #passwords
➝ 🇺🇸 🇧🇪 The Big Brother in your pocket: How a US company secretly tracks and rates half of the world's mobile users
➝ 🩹 🏭 #Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
➝ 🇺🇸 📝 Biden-⁠Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan
➝ 🇨🇳 🎮 Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
➝ 🇷🇺 🫡 Russian submarine commander on Ukraine blacklist assassinated
➝ 🇷🇺 🇺🇦 Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW
➝ 📨 🇨🇳 #Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
➝ 🇩🇪 🏦 #DeutscheBank confirms provider breach exposed customer data
➝ 🩹 Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
➝ 🇬🇧 ⚖️ Two Teens Accused of Masterminding Hacks on Grand Theft Auto and #Uber
➝ 🇺🇸 🩺 HCA #Healthcare reports #breach of 11 million patients’ personal data
➝ 🇹🇹 🔌 Trinidad and Tobago facing outages after #cyberattack
➝ 🇪🇺 🇺🇸 EU adopts more robust data privacy agreement with US
➝ 🍏 🩹 #Apple Ships Urgent #iOS Patch for #WebKit Zero-Day
➝ 🇫🇷 🕵🏻‍♂️ Liberté, Égalité, #Spyware: France okays cops snooping on phones
➝ 🥷🏻 🔓 PoC Exploit Published for Recent #Ubiquiti EdgeRouter Vulnerability
➝ 🦠 🌎 #RomCom RAT Targeting #NATO and Ukraine Support Groups
➝ 💸 🏧 Hackers Steal $20 Million by Exploiting Flaw in #Revolut's Payment Systems
➝ 🇮🇹 🏥 Luigi Vanvitelli hospital impacted by ransomware
➝ 🇺🇦 📰 #Twitter Blue accounts fuel Ukraine War misinformation
➝ 🇺🇸 💕 Top Suspect in 2015 #AshleyMadison Hack Committed Suicide in 2014

📚 This week's recommended reading is: "Battlefield Cyber: How China and Russia are Undermining Our Democracy and National Security" by Michael McLaughlin and Bill Holstein

Subscribe to the #newsletter to have it piping hot in your inbox every week-end ⬇️