#spyware
"🚀 #ChromeSecurityUpdate: Google Thwarts Spyware Vendor Exploiting New Zero-Day 🚀"
Google has promptly patched a fresh security flaw in Chrome, exploited by a commercial spyware vendor. The update, version 117.0.5938.132, rolled out for Windows, macOS, and Linux, addressing ten vulnerabilities. The most critical among them is CVE-2023-5217, a "heap buffer overflow in vp8 encoding in libvpx," reported by Clement Lecigne from Google's Threat Analysis Group. This flaw was already weaponized in real-world attacks, marking the sixth Chrome zero-day patched in 2023. 🛡️💻
The exploit was leveraged by a commercial surveillance vendor, reminiscent of a recent operation delivering Predator spyware to an Egyptian opposition politician using various zero-days and MitM attacks on mobile devices. 🕵️📱
Source: SecurityWeek
Tags: #CyberSecurity #GoogleChrome #ZeroDay #CVE20235217 #Spyware #CyberAttack #PatchTuesday #InfoSec #VulnerabilityManagement #MitM #RealWorldExploits
Sept 29th: the day when #twitter #exbirdsite introduces #biometrics #id verification for premium users, apparently as a voluntary option. https://www.bbc.co.uk/news/technology-66679922. What is not optional is that #personaldata will be handled by tech company AU10TIX from #Israel, the free country that brought us #Pegasus #spyware (targeting heads of state, journalists & activists). https://www.aljazeera.com/news/2023/8/21/x-blue-users-will-need-to-send-selfie-data-to-israeli-software-company. It is clearly only a matter of time until ID verification is extended to all #Xusers
Temu, l’e-commerce cinese nasconde uno #spyware? Tutti gli indizi che fanno una prova https://www.cybersecurity360.it/nuove-minacce/temu-le-commerce-cinese-nasconde-uno-spyware-tutti-gli-indizi-che-fanno-una-prova/
BingGPT is now infested with malware
https://www.bleepingcomputer.com/news/security/bing-chat-responses-infiltrated-by-ads-pushing-malware/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Bing_Chat #Malvertising #Malware #Microsoft #Scanner #Search #virus_removal #malware_removal #computer_help #technical_support
He left a cup of coffee in her car.
She moved across the country to get away from him, and one morning she comes out, and there's a steaming cup of Starbucks sitting in her vehicle.
It was the exact kind of coffee she always ordered.
https://lockdownyourlife.mykajabi.com/protectprivacy
#harassment #stalking #domesticviolence #safety #security #privacy #infosec #tech #stalkerware #spyware
Beware: Substack newsletter links may contain spyware, malware and viruses
https://venera.social/display/85a863ed-1065-1493-5f0c-8f5785821354
#technology #privacy #spyware #Spyware_attacks #ads #onlineads Online Ads Can Infect Your Device with Spyware
An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it
So not only that ads are invasive and can infect devices through #malvertising, they can be also used for #spying
https://www.scientificamerican.com/article/online-ads-can-infect-your-device-with-spyware/?utm_source=newsletter&utm_medium=email&utm_campaign=tech&utm_content=link&utm_term=2023-09-26_top-stories
If you have concerns about the privacy of your data being compromised by spyware potentially be installed or concealed on your device or cloud servers, explore our cutting-edge technology driven by #ConfidentialComputing and #E2E encryption at TopSecret.Chat
With Confidential Computing, regardless of the circumstances, your sensitive data remains secure within an isolated memory enclave, over which you maintain exclusive control.
#DataPrivacy #Spyware #Cybersecurity
https://www.euronews.com/2023/09/25/are-we-about-to-lose-the-last-pillar-of-our-digital-security
#Sherlock: el #spyware que infecta equipos a través de la #publicidad al abrir los #sitiosweb https://telegra.ph/Sherlock-el-spyware-que-infecta-equipos-a-trav%C3%A9s-de-la-publicidad-al-abrir-los-sitios-web-09-27
Un motivo más para bloquear las #publicidades y usar #sistemasoperativos libres. :rickroll: #Insanet #Haaretz #Israel #Android #iOS #Windows
4/5 📢 We're not the only ones saying it!
500+ journalists are also urging MEPs to meaningfully protect journalists by including a complete ban on #spyware in the #EMFA ✊
Read their statement: https://edri.org/wp-content/uploads/2023/09/Journalists-call-to-ban-spyware-in-EU.pdf
2/5 🤔 Why a total ban on #spyware against journalists?
🚨 It endangers journalism, #FreedomOfExpression & EU's democratic values
👁️ Violates our #RightToPrivacy by accessing all communications, photos & online behaviour
🚫 No legal safeguard can prevent governments from abusing it
1/4 📰 @edri and 77 civil society and journalists' associations are calling on @Europarl_EN to ensure that journalists are completely protected from #spyware in the European #MediaFreedom Act #EMFA.
Read the open letter: https://edri.org/wp-content/uploads/2023/09/open-letter-EMFA-organisations-publishers-ban-spyware.pdf
"There's One More Reason to Use Mozilla Firefox Now!"
https://news.itsfoss.com/mozilla-firefox-progress/
I don't need further reasons to use #Firefox.
As #chrome is actually #spyware I #avoidChrome and suggest to #UninstallChrome
I like the latest spyware and adware released from Microsoft, known as Windows 11 —It has helped so many people try and eventually switch to Linux.
Exiled Russian journalist claims "European state" hacked her iPhone with Pegasus spyware.
Read more in my article on the Bitdefender blog:
#EMFA : 500 #journalists call on MEPs to ban #spyware surveillance
The recent arrestation of #ArianneLavrilleux in #France show that this subject is very important
Hotel hackers redirect guests to fake Booking.com to steal cards
https://www.bleepingcomputer.com/news/security/hotel-hackers-redirect-guests-to-fake-bookingcom-to-steal-cards/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Credit_Card #Phishing #Travel #virus_removal #malware_removal #computer_help #technical_support
If you are using Microsoft Windows, you are not using an operating system (OS) —You are using adware and spyware that happens to coincidentally act like an OS.
Use a real OS —Use Linux.
I work and play without adware or spyware. I use, Linux.
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks – Source: www.securityweek.com https://ciso2ciso.com/predator-spyware-delivered-to-ios-android-devices-via-zero-days-mitm-attacks-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Mobile&Wireless #securityweekcom #securityweek #FEATURED #exploit #Spyware #zeroday
Staatstrojaner "Predator" auf ägyptischen Präsidentschaftsbewerber angesetzt | Security https://www.heise.de/news/Staatstrojaner-Predator-auf-aegyptischen-Praesidentschaftsbewerber-angesetzt-9314956.html #Malware #Spyware #Tracking #Pegasus #NSO #NSOgroup #Predator #Intellexa
CISA Adds Three Known Exploited Vulnerabilities to Catalog: https://www.cisa.gov/news-events/alerts/2023/09/25/cisa-adds-three-known-exploited-vulnerabilities-catalog
These were exploited by surveillance vendor Intellexa to deliver Predator spyware to Egyptian presidential candidate Ahmed Eltantawy.
Tags: #CVE202341991 #CVE202341992 #CVE202341993 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA #Zeroday #eitw #Intellexa #predator #spyware
From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese – Source:thehackernews.com https://ciso2ciso.com/from-watering-hole-to-spyware-evilbamboo-targets-tibetans-uyghurs-and-taiwanese-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Watering #Spyware
EvilBamboo has exploited zero-day vulnerabilities, such as the one in the WebKit browser engine of the Apple mobile operating system, to deliver spyware strains like Insomnia.
#Uyghurs #Cybersecurity #Tibetans #Android #Taiwanese #Spyware #EvilBamboo
🇪🇺 An independent #Russian news outlet whose founder was hacked in #Germany earlier this year through military-grade #spyware has said it believes a #European state was most likely behind the #cyberattack, raising thorny questions about an EU member state’s possible use of a blacklisted cyberweapon against a journalist.
https://www.theguardian.com/world/2023/sep/25/latvia-russia-meduza-phone-hack-galina-timchenko
The Citizen Lab (@citizenlab@mastodon.social) & Google Threat Analysis Group has disclosed a new targeted spy campaign that utilizes newly disclosed zero day in iOS. These zero days contain a privilege escalation flaw in the OS kernel along with a WebKit flaw allows attackers to install spyware & snoop on victim devices.
Citizen Lab & Google urges iPhone & iPad users to update to iOS 17.0.1 as soon as possible.
https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
https://support.apple.com/en-us/HT213926
#infosec #cybersecurity #cyberespionage #spyware #ios #zeroday #citizenlab #Google
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware – Source: www.securityweek.com https://ciso2ciso.com/researchers-discover-attempt-to-infect-leading-egyptian-opposition-politician-with-predator-spyware-source-www-securityweek-com/ #rssfeedpostgeneratorecho #Tracking&LawEnforcement #CyberSecurityNews #securityweekcom #securityweek #Spyware
Staatstrojaner "Predator" auf ägyptischen Präsidentschaftsbewerber angesetzt
Ein ägyptischer Politiker tritt als Präsidentschaftskandidat an. Kurz darauf beginnen gezielte Angriffe auf sein Smartphone, um eine Spyware zu installieren.
Neben dem #Staatstrojaner #Pegasus wurde auch die #Spyware #Predator über kürzlich geschlossene #iOS-Lücken eingeschleust. https://winfuture.de/news,138655.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
@Macerkopf #Spyware ist inklusive!
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware https://www.securityweek.com/researchers-discover-attempt-to-infect-leading-egyptian-opposition-politician-with-predator-spyware/ #Tracking&LawEnforcement #spyware
Report from The Conversation: #Spyware can infect your phone or computer via the ads you see online https://theconversation.com/spyware-can-infect-your-phone-or-computer-via-the-ads-you-see-online-report-213685 #Privacy #InfoSec
#Spyware can infect your phone or computer via the ads you see online 👇️:2001:
📱 iPhone iMessage "Zeroclick" Exploits (ie: FORCEDENTRY / BLASTPASS)
&
⚠️ UK Online Safety Bill Passes
#Apple #News #infosec #cybersecurity #privacy #Pegasus #NSOgroup #spyware #malware #iPhone #iMessage #FORCEDENTRY #BLASTPASS #UK #onlinesafetybill #UnitedKingdom #FreeSpeech #FreeExpression #tech #Peertube
#Spyware can infect your phone or computer via the ads you see online ⚠️
As if politics in #Egypt couldn't get any more corrupt, one of the presidential candidates who happens to be the most vocal about police brutality and thug-like behavior from the current government, literally had his sim card exploited and it's unencrypted traffic redirected to #spyware. I hate it here.
#Cybersecurity #Egypt #Spyware #Predator #Cytrox: "- Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections.
- In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.
- During our investigation, we worked with Google’s Threat Analysis Group (TAG) to obtain an iPhone zero-day exploit chain (CVE-2023-41991, CVE-2023-41992, CVE-2023-41993) designed to install Predator on iOS versions through 16.6.1. We also obtained the first stage of the spyware, which has notable similarities to a sample of Cytrox’s Predator spyware we obtained in 2021. We attribute the spyware to Cytrox’s Predator spyware with high confidence.
- Given that Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the network injection attack to the Egyptian government with high confidence.
- Eltantawy’s phone was additionally infected with Cytrox’s Predator spyware two years prior, in November 2021, via a text message containing a link to a Predator website."
🚨 ALERT: #iPhone spyware attack!
Former Egyptian parliament member Ahmed Eltantawy targeted by Predator #spyware using 3 recent zero-day vulnerabilities.
#cybersecurity #informationsecurity #technology
https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html?m=1
6/ Without brave victims like Ahmed Tantawy getting checked & coming forwards, these recent exploits would not have been found.
Billions of apple devices would still be vulnerable.
Including yours.
#egypt #elections #democracy #infosec #cybersecurity #predator #spyware #apple #ios #osx #update
5/ Pulling back the lens from the tech side of this #Predator attack:
Mercenary #spyware is autocrat fuel.
When you hack a pro-democracy presidential hopeful in an autocracy... you are doing dictatorship.
And spyware companies know exactly who they are selling to.
3/. This kind of exploit delivery through injection DOES NOT require a target to click as our collaborator, the brilliant
Maddie stone points out in her post.
It's a seriously dangerous kind of attack & hard to protect against.
#google #spyware #predator #zeroday #exploit #cybersecurity #infosec
@citizenlab @maddiestone
🚨UPDATE your #Apple products now!
We @citizenlab w/TAG's @maddiestone caught #predator #spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.
Apple rushed a patch.
Attacks used network injection to drop the 3 #zeroday chain on his #iphone
We attribute the tech used for the injection to #sandvine's packetlogic.
PREDATOR IN THE WIRES - Ahmed Eltantawy Targeted with #Predator #Spyware After Announcing Presidential Ambitions
V citizenlab.ca
https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
@briankrebs Please note that The Citizen Lab published a separate blog detailing how former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. They attribute the network injection attack to the Egyptian government with high confidence.
Link: https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
#freethewhales #citizenlab #CVE202341991 #CVE202341992 #CVE202341993 #Cytrox #predator #spyware #Egypt
More urgent #Apple patches: @citizenlab in collaboration with #Google TAG @maddiestone uncovered #predator attacks against Egyptian pro-democracy politician Ahmed #Eltantawy. Worth a read, especially Bill #Marczak's phenomenal localization of the #spyware injection to a #Sandvine middlebox.
@ellavescent What if one declines these changes after reading?
Will they disable the car??
Shit like this is why I want all my vehicles to be stupid and why I won't buy anything built after 2017 when the #Govware & #Spyware #eCall was made mandatory...
Deswegen ist ein generelles ablehnen & sperren von Online-Werbung, egal welches System, ein Vorteil. Abgesehen von dessen optisch störenden Faktor ist es ein Sicherheitslücke.
»Sherlock: Spyware kommt über Online-Werbung.
Die israelische Firma Insanet soll eine Spähsoftware entwickelt haben, die über gezielte Werbebanner auf Windows-PCs und gängige Smartphones ausgespielt wird.«
--
#onlinewerbung #online #werbung #pc #spyware #insanet #win #windows
Sherlock-Spyware: Wenn der Staatstrojaner per Online-Werbung kommt
Die israelische Firma Insanet soll eine Spähsoftware entwickelt haben, die über gezielte Werbebanner auf Windows-PCs und gängige Smartphones ausgespielt wird.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #37/2023 is out! It includes the following and much more:
➝ ☁️ 🔑 How #Google Authenticator made one company’s network #breach much, much worse
➝ 🇬🇧 🔓 30k primary pupils’ data may be at risk after #Capita cyber attack
➝ 🇬🇧 🔓 #Manchester Police officers' data exposed in #ransomware attack
➝ 🇺🇸 🎰 #Caesars Entertainment says customer data stolen in #cyberattack
➝ 🇺🇸 🎰 #MGM Resorts shuts down IT systems after cyberattack
➝ 🔓 #Rollbar discloses data breach after hackers stole access tokens
➝ 🇫🇷 🔓 #Airbus Launches Investigation After Hacker Leaks Data
➝ 🇮🇷 Microsoft: Iranian espionage campaign targeted satellite and defense sectors
➝ 💸 Hackers steal $53 million worth of #cryptocurrency from #CoinEx
➝ 🧨 After #Microsoft and X, Hackers Launch DDoS Attack on #Telegram
➝ 🇺🇸 ❌ #California passes first-in-the-nation data broker deletion tool
➝ 🇨🇴 💸 Several Colombian #government ministries hampered by ransomware attack
➝ 🇮🇪 💰 #TikTok slapped with $368 million fine over child privacy violations
➝ 📱 📡 #Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?
➝ 🇺🇸 🔐 Washington summit grapples with securing #opensource software
➝ 🇷🇺 👀 Hacking #Meduza: Pegasus #spyware used to target #Putin’s critic
➝ ⚖️ 💻 The International Criminal Court will now prosecute #cyberwar crimes
➝ 🇵🇱 👀 Polish Senate says use of government spyware is illegal in the country
➝ 🦠 #Rust-Written 3AM Ransomware: A Sneak Peek into a New #Malware Family
➝ 🇺🇸 🥸 US Agencies Publish Cybersecurity Report on #Deepfake Threats
➝ 🐧 🦠 Password-stealing Linux malware served for 3 years and no one noticed
➝ 🍏 🦠 #MetaStealer Malware Targets Apple #macOS in Recent Attacks
➝ 🇮🇷 🦠 Iranian hackers #backdoor 34 orgs with new Sponsor malware
➝ 🩹 ☁️ Researchers Detail 8 Vulnerabilities in #Azure HDInsight Analytics Service
➝ 🍏 🔓 Mullvad #VPN Warns of Critical Firewall Flaw in Apple's MacOS #Sonoma
➝ ☁️ 🔓 New #Kubernetes #Vulnerabilities Enable Remote Attacks on Windows Endpoints
➝ 🇺🇸 💦 CISA offers free security scans for public water utilities
➝ 🩹 #Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
➝ 🩹 Google Patches #Chrome Zero-Day Reported by Apple, Spyware Hunters
➝ 🩹 Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
📚 This week's recommended reading is: "Extreme Privacy: What It Takes to Disappear" by Michael Bazzell
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-372023
Revealed: Israeli Cyber Firms Have Developed 'Insane' New #SpyWare Tool. No Defense Exists
“A Haaretz investigation reveals that Israeli cyber companies developed technology that exploits the advertising system at the heart of the online economy to monitor civilians, hack into their phones & computers, and spy on them. This terrifying capability, against which no defense currently exists, has already been sold to a nondemocratic country”
Block ads on your networks now.
The system designed to follow us around the net with ads is now a blinking #nationalsecurity & #humanrights threat.
And the incentives are all wrong. From platforms to publishers & ad networks they've spent every effort to make sure those ads get to our devices.
Now, predictably, the tech is going to dictators & being used to hack us.
#cybersecurity #hacking #spyware #malware #surveillance #advertising
Story: https://www.haaretz.com/israel-news/2023-09-14/ty-article-magazine/.highlight/revealed-israeli-cyber-firms-developed-an-insane-new-spyware-tool-no-defense-exists/0000018a-93cb-de77-a98f-ffdf2fb60000
BLASTPASS: Government agencies told to secure iPhones against spyware attacks.
Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/government-agencies-told-secure-iphones-against-spyware-attacks
Fake Signal and Telegram Apps in the Google Play Store
Google removed fake Signal and Telegram apps from its Play store.
An app with the name Signal Plus Messenger was... https://www.schneier.com/blog/archives/2023/09/fake-signal-and-telegram-apps-in-the-google-play-store.html
#cyberespionage #Uncategorized #opensource #espionage #Telegram #spyware #Signal
Pegasus: iPhone russischer Journalisten in Deutschland mit Spyware infiziert
Das iPhone der Inhaberin des russischen Exil-Nachrichtenmagazins Meduza wurde mit Pegasus infiziert – in Deutschland. Wer dahintersteckt, ist unklar.
Believing that #spyware and other invasive tools will only be used by the "good" guys against the "bad" guys is illusionary.
Technology which is made available will be abused. So it must be the duty of every lawful government to have #security problems fixed, in the name of #democracy.
#Pegasus #NSO #NSOGroup #ChatControl #Chatkontrolle
https://www.washingtonpost.com/technology/2023/09/13/pegasus-infection-meduza-founder/
NEW INVESTIGATION: Prominent #Putin critic & journalist from #Russia in exile hacked with #Pegasus #spyware in #Berlin.
#europe has spyware problem.
Yet many #EU countries have sat on the sidelines.
Still, hacks keep coming, harming EU #cybersecurity #humanrights & #nationalsecurity
Worse yet, #Germany thinks it can simultaneously be a Pegasus customer & not contribute to the problem.
Embarrassing.
We @citizenlab did analysis in investigation led by Access Now https://www.washingtonpost.com/technology/2023/09/13/pegasus-infection-meduza-founder/
😎 Good News: The FBI may have cleaned your computer(s) from botnet malware!👏👏👏
The not so good news: They may have done it without your knowledge & consent.🤔
#RuleOfLaw #FBI #InfoSec #DataSecurity #NetworkSecurity #Malware #Spyware #Trojans #Backdoors #Botnets #DDoS
Council of Europe now also against #spyware:
Five members to investigate cases of abuse, among them #Azerbaijan. A planned resolution by the Parliamentary Assembly should also address #Germany.
https://digit.site36.net/2023/09/11/council-of-europe-against-spyware-five-members-to-investigate-cases-of-abuse
@nixCraft If you need #Chrome but without the tracking, use ungoogled-chromium.
Unfortunately, #Firefox tracks you by default, including #Google tracking. While Firefox is less bad than Chrome, it's sadly not ideal. Thankfully, this can be mitigated (see https://spyware.neocities.org/articles/firefox).
#IceCat is also an option. This is a Firefox fork without #tracking.
Montag: Kündigungen nach Homeoffice-Ende, Vorratsdatenspeicherung bleibt Thema
Büropflicht ohne Mitarbeiter + SPD weiter für VDS + iRobots Cabrio-Wischer + Drucker-Treiber in Windows + Prüfung von PV-Anlagen + Desinteresse an Pegasus & Co
#Balkonkraftwerk #Datenschutz #Drucker #Energie #Homeoffice #Internet #Microsoft #Pegasus #SmartHome #Spyware #Trojaner #Vorratsdatenspeicherung #Windows #news
@Frederik_Borgesius 14.5 and 14.10 seem conflicting?
We should stop the digital arms trade, selling #0days and / or #spyware should always be illegal.
Without this there will be no #CyberSecurity
In case you’re wondering, Google has been a spyware company for a long time now…
@mattsheffield Google has been a spyware company for a long time now…
🚨 Update your #apple products immediately!
Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.
(No clicking required to infect latest iOS with #spyware
Found while checking civil society.
Disclosed to Apple which rushed a patch.
Takeway? Yet again scrappy civil society = the #cybersecurity early warning system for billions of users.
#iOS #iPhone #applewatch #macos
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
BREAKING: #Poland's Senate investigation into #Pegasus hacking released.
Found "gross violations of constitutional standards"
Says 2019 elections where #Pegasus was used against opposition leadership were not fair.
Says procurement & use of Pegasus was illegal under Polish law & asks prosecutor to investigate current and former ministers.
#polska #pis #spyware #cybersecurity #hacking
(Pics: Machine translated) Report:
https://www.senat.gov.pl/aktualnoscilista/art,15764,komisja-nadzwyczajna-ds-inwigilacji-przyjela-raport-ze-swoich-prac.html
"Bad news: your car is a spy. If your vehicle was made in the last few years, you’re probably driving around in a data-harvesting machine that may collect personal information as sensitive as your race, weight, and sexual activity." #privacy #spyware #mozilla #surveillance https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416
As if there was any doubt, #googlechrome has revealed its skin as being full-on Google #spyware
The good work of @ddosecrets showing up in the news:
Another major spyware app has been hacked, with thousands of victims saved
https://sg.news.yahoo.com/another-major-spyware-app-hacked-090611219.html
#Cybersecurity #Hacking #Spyware #Brazil #WebDetetive: "Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. WebDetetive is also the latest phone spyware company in recent months to have been hacked.
In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws in the spyware maker’s web dashboard — used by abusers to access the stolen phone data of their victims — the hackers said they enumerated and downloaded every dashboard record, including every customer’s email address.
The hackers said that dashboard access also allowed them to delete victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. “Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in the note."
https://techcrunch.com/2023/08/26/brazil-webdetetive-spyware-deleted/
Stalkerware-Anbieter gehackt: Opfer entfernt, Daten zur Kundschaft geleakt
Ein Anbieter von Stalkerware wurde gehackt und Angreifer haben die Verbindungen zu den infizierten Geräten gekappt. Daten zur Kundschaft wurden dagegen geleakt.
Privacy-invading LetMeSpy stalkerware announces it is shutting down after hack. Oh dear, what a shame, never mind.
Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/privacy-invading-letmespy-stalkerware-announces-it-is-shutting-down-after-hack/
I cannot configure watch faces on my #Fitbit Sense2 without disabling my ad-blocking DNA server on my phone. It pretends there is no internet connection at all of it cannot reach Google ad servers.
There is no reasonable justification for this. I would say "shame on them" but this is Google. If they had any shame, the world wouldn't be as fucked as it is now.
So I'll just say "avoid Fitbit products, because they are mandatory #Spyware."
Disappointment as peers fail to protect privacy on encrypted chats
https://www.openrightsgroup.org/blog/disappointment-as-peers-fail-to-protect-privacy-on-encrypted-chats/ - A blog article by Dr Monica Horten on last night's proceedings in the Lords and the debate on the #OnlineSafetyBill #rights #surveillance #spyware #encryption #e2ee #privacy #humanrights
(The best part is this probably violates the #GDPR)
It turns out that there is no way to disable the **OTHER** #analytics #spyware that @grafana adds to #Loki
Start by adding `grafana-agent-operator.agent.enableReporting: false` to the last post. By default it installs and sets up the "Grafana Agent" and that flag must have slipped their minds in the release notes where this mess is nominally "documented". (Not in the docs. In the old *release notes*.)
Doesn't matter. There is no way to add 'enableReporting: false' to the GrafanaAgent CR itself. (Yay for non-standardization of flags.)
The "more fun" on this #privacy pile is in the same spot. It requests a LOT of permissions that look more related to their needs than mine: https://github.com/grafana/loki/blob/main/production/helm/loki/templates/monitoring/grafana-agent.yaml#L50-L74
It wants to scrape EVERYTHING. It wants to scrape stuff that I skip because its too noisy. What possible reason could the logger have for scraping ingress & cadvisor?
#monitoring #prometheus #kubernetes #k8s #grafana #helmchart #telemetry
US government adds four foreign commercial #spyware firms to the Entity List “for engaging in activities contrary to the national security or foreign policy interests of the United States.”
Meta has to stop surveillance based advertising... in Norway.
The Norwegian Data Protection Authority imposes a ban on Meta carrying out behavioral advertising based on the surveillance and profiling of users in Norway.
This is an important first step, although temporary. What we really need is clear regulation and no way to opt in, as that is always misused.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #28/2023 is out! It includes the following and much more:
➝ 🇺🇸 ⚖️ #BreachForums owner #Pompompurin pleads guilty to hacking charges
➝ 🦠 🇺🇦 🇵🇱 PicassoLoader #Malware Used in Ongoing Attacks on #Ukraine and #Poland
➝ 🦠 🪷 #BlackLotus UEFI Bootkit Source Code Leaked on #GitHub ... or not
➝ 🔓 🙊 #WordPress plugin installed on 1 million+ sites logged plaintext #passwords
➝ 🇺🇸 🇧🇪 The Big Brother in your pocket: How a US company secretly tracks and rates half of the world's mobile users
➝ 🩹 🏭 #Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
➝ 🇺🇸 📝 Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan
➝ 🇨🇳 🎮 Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
➝ 🇷🇺 🫡 Russian submarine commander on Ukraine blacklist assassinated
➝ 🇷🇺 🇺🇦 Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW
➝ 📨 🇨🇳 #Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
➝ 🇩🇪 🏦 #DeutscheBank confirms provider breach exposed customer data
➝ 🩹 Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
➝ 🇬🇧 ⚖️ Two Teens Accused of Masterminding Hacks on Grand Theft Auto and #Uber
➝ 🇺🇸 🩺 HCA #Healthcare reports #breach of 11 million patients’ personal data
➝ 🇹🇹 🔌 Trinidad and Tobago facing outages after #cyberattack
➝ 🇪🇺 🇺🇸 EU adopts more robust data privacy agreement with US
➝ 🍏 🩹 #Apple Ships Urgent #iOS Patch for #WebKit Zero-Day
➝ 🇫🇷 🕵🏻♂️ Liberté, Égalité, #Spyware: France okays cops snooping on phones
➝ 🥷🏻 🔓 PoC Exploit Published for Recent #Ubiquiti EdgeRouter Vulnerability
➝ 🦠 🌎 #RomCom RAT Targeting #NATO and Ukraine Support Groups
➝ 💸 🏧 Hackers Steal $20 Million by Exploiting Flaw in #Revolut's Payment Systems
➝ 🇮🇹 🏥 Luigi Vanvitelli hospital impacted by ransomware
➝ 🇺🇦 📰 #Twitter Blue accounts fuel Ukraine War misinformation
➝ 🇺🇸 💕 Top Suspect in 2015 #AshleyMadison Hack Committed Suicide in 2014
📚 This week's recommended reading is: "Battlefield Cyber: How China and Russia are Undermining Our Democracy and National Security" by Michael McLaughlin and Bill Holstein
Subscribe to the #newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-282023