finspy | Breaking Cybersecurity News | The Hacker News

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a  UEFI  (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux developed by Anglo-German firm Gamma International and supplied exclusively to law enforcement and intelligence agencies. But like with NSO Group's Pegasus, the software has also been used to  spy on Bahraini activists  in the past allegedly and delivered as part of  spear-phishing campaigns  in September 2017. FinFisher is equipped to harvest user credentials, file listings, sensitive documents, record keystrokes, siphon email messages from Thunderbird, Outlook, Apple Mail, and Icedove, intercept Skype contacts, chats, calls and transferred files, and capture audio and video

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8. For those unaware, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists, political dissidents and journalists. FinSpy malware can target both desktop and mobile operating systems, including And

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company , FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists. FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data. According to the human rights organization Amnesty International , the newly discovered campaign is not linked to 'NilePhish,' a hacking group known for attacking Egyptian NGOs in a ser

One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy —also known as FinFisher —has been discovered in the wild targeting users in Myanmar. Created by German company Gamma International, FinSpy is spying software that can target various mobile platforms including iOS and Android, we well as desktop operating systems. Gamma Group reportedly sells its controversial FinSpy espionage tool exclusively to government agencies across the world, but also gained notoriety for targeting human rights activists in many countries. The FinSpy implant is capable of stealing an extensive amount of personal information from targeted mobile devices, such as SMS/MMS messages, phone call recordings, emails, contacts, pictures, files, and GPS location data. In its latest report published today, Kaspersky researchers revealed a cyber-espionage campaign that involves targeting Myanmar users with the latest versions of FinSpy impl

Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate? Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSpy. FinSpy is a highly secret surveillance tool that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies across the world. The spyware has extensive spying capabilities on an infected computer, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types with a keylogger, intercepting Skype calls, and exfiltration of files. In order to get into a target's machine, FinFisher usually uses various attack vectors, including spear phishing, manual installat

Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot. Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian targets since at least this January. The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post , revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft. For those unaware, the vulnerability (CVE-2017-0199) is a code execution flaw in Word that could allow an attacker to take over a fully patched and up to date computer when the victim opens a Word document containing a booby-trapped OLE2link object, which downloads a malicious HTML app from a