#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

surveillance software | Breaking Cybersecurity News | The Hacker News

President Biden Signs Executive Order Restricting Use of Commercial Spyware

President Biden Signs Executive Order Restricting Use of Commercial Spyware

Mar 28, 2023 Spyware / Cyber Security
U.S. President Joe Biden on Monday  signed an executive order  that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." It also seeks to ensure that the government's use of such tools is done in a manner that's "consistent with respect for the rule of law, human rights, and democratic norms and values." To that end, the order lays out the various criteria under which commercial spyware could be disqualified for use by U.S. government agencies. They include - The purchase of commercial spyware by a foreign government or person to target the U.S. government, A commercial spyware vendor that uses or discloses sensitive data obtained from the cyber surveillance tool without authorization and operates under the control of a foreign g
Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

Jun 24, 2022
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in  Google Play Protect  — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group (TAG)  said  in a Thursday report. Hermit, the work of an Italian vendor named RCS Lab, was  documented  by Lookout last week, calling out its modular feature-set and its abilities to harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages. Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, besides abusing its permissions to accessibility services on Android to keep tabs on various foreground apps used by the victims. Its modularity also enab
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
NSO Confirms Pegasus Spyware Used by at least 5 European Countries

NSO Confirms Pegasus Spyware Used by at least 5 European Countries

Jun 23, 2022
The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a  report  from Politico. Acknowledging that it had "made mistakes," the company also stressed on the need for an international standard to regulate the government use of spyware. The disclosure comes as a special inquiry committee was  launched in April 2022  to investigate alleged breaches of E.U. law following revelations that the company's Pegasus spyware is being used to snoop on phones belonging to politicians, diplomats, and civil society members. "The committee is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was us
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware

E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware

Apr 12, 2022
Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a  new report  from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the commercial spyware against them or what information was obtained following the attacks. NSO Group said in a statement shared with Reuters that it was not responsible for the hacking attempts, adding that the targeting "could not have happened with NSO's tools." The intrusions are said to have come to light after Apple notified the victims of state-sponsored attacks last November as part of its efforts to stop the Israeli surveillance firm from targeting its customers. That same month, the iPhone maker  filed a lawsuit  against NSO Group, seeking a court-issued injunction
Police Raided German Spyware Company FinFisher Offices

Police Raided German Spyware Company FinFisher Offices

Oct 14, 2020
German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8. For those unaware, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists, political dissidents and journalists. FinSpy malware can target both desktop and mobile operating systems, including And
Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government

Cisco 'Knowingly' Sold Hackable Video Surveillance System to U.S. Government

Aug 01, 2019
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies. It's believed to be the first payout on a ' False Claims Act ' case over failure to meet cybersecurity standards. The lawsuit began eight years ago, in the year 2011, when Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies even after knowing that the software was vulnerable to multiple security flaws. According to the court documents seen by The Hacker News, Glenn and one of his colleagues discovered multiple vulnerabilities in Cisco Video Surveillance Manager (VSM) suite in September 2008 and tried to report them to the company in October 2008. Cisco Video Surveillance Manager (VSM) suite allows customers to manage multiple video cameras at different
China's Border Guards Secretly Installing Spyware App on Tourists' Phones

China's Border Guards Secretly Installing Spyware App on Tourists' Phones

Jul 03, 2019
Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang (XUAR) is an autonomous territory and home to many Muslim ethnic minority groups where China is known to be conducting massive surveillance operations, especially on the activities of Uighurs, a Muslim Turkic minority group of about 8 million people. The Chinese government has blamed the Muslim Turkic minority group for Islamic extremism and deadly attacks on Chinese targets. According to a joint investigation by New York Times , the Guardian, Süddeutsche Zeitung and more, the surveillance app has been designed to instantly extract emails, texts, calendar entries, call records, contacts and insecurely uploads them to a local server set-up at the check-point only. This suggests that the spyware app has not been designed to continuously and remotely t
Chinese Spying Chips Found Hidden On Servers Used By US Companies

Chinese Spying Chips Found Hidden On Servers Used By US Companies

Oct 04, 2018
A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon. The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China. The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon. "Apple made its discovery of suspi
This is How CIA Disables Security Cameras During Hollywood-Style Operations

This is How CIA Disables Security Cameras During Hollywood-Style Operations

Aug 03, 2017
In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence. Whenever I see such scenes in a movie, I wonder and ask myself: Does this happen in real-life? Yes, it does, trust me—at least CIA agents are doing this. WikiLeaks has just unveiled another classified CIA project, dubbed ' Dumbo ,' which details how CIA agents hijack and manipulate webcams and microphones in Hollywood style "to gain and exploit physical access to target computers in CIA field operations." The Dumbo CIA project involves a USB thumb drive equipped with a Windows hacking tool that can identify installed webcams and microphones, either connected locally, wired or wirelessly via Bluetooth or Wi-Fi. Once identified, the Dumbo program allows the CIA agents to: Mute all microphones Disables all network ad
Police Arrested Suspected Hacker Who Hacked the 'Hacking Team'

Police Arrested Suspected Hacker Who Hacked the 'Hacking Team'

Feb 01, 2017
Remember the Hacker who hacked Hacking Team ? In 2015, a hacker named Phineas Fisher hacked Hacking Team – the Italy-based spyware company that sells spying software to law enforcement agencies worldwide – and exposed some 500 gigabytes of internal data for anyone to download. Now, the Spanish authorities believe that they have arrested Phineas Fisher, who was not just behind the embarrassing hack of Hacking Team, but also hacked the UK-based Gamma International, another highly secretive company which sells the popular spyware called " FinFisher ." During an investigation of a cyber attack against Sindicat De Mossos d'Esquadra (SME), Spain's Catalan police union, police in Spain have arrested three people, one of which detained in the city of Salamanca is suspected of being Fisher, according to local newspaper ARA . The cyber attack was carried out in May last year when Fisher announced via his own Twitter account that he had hacked the SME and also publ
Facebook, Twitter and Instagram Share Data with Location-based Social Media Surveillance Startup

Facebook, Twitter and Instagram Share Data with Location-based Social Media Surveillance Startup

Oct 12, 2016
Facebook, Instagram, Twitter, VK, Google's Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes, the ACLU disclosed Tuesday. Government records obtained by the American Civil Liberties Union (ACLU) revealed that the big technology corporations gave "special access" to Geofeedia. Geofeedia is a controversial social media monitoring tool that pulls social media feeds via APIs and other means of access and then makes it searchable and accessible to its clients, who can search by location or keyword to quickly find recently posted and publicly available contents. The company has marketed its services to 500 law enforcement and public safety agencies as a tool to track racial protests in Ferguson, Missouri, involving the 2014 police shooting death of Mike Brown. With the help of a public records request, the
Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Oct 08, 2016
Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI? The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order. Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization. Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccounta
New Rules Require FBI to Get Warrant for Spying With ‘Stingrays’ Cell Phone Trackers

New Rules Require FBI to Get Warrant for Spying With 'Stingrays' Cell Phone Trackers

Sep 04, 2015
Remember StingRays ? The controversial cell phone spying tool , known as " Stingrays " or " IMSI catchers ," has been used by authorities to track criminal suspects most of the times without obtaining court orders. But now, the Federal law agencies will have to be more transparent about their use of Stingrays to spy on cell phones. Thanks to the new policy announced Thursday by the US Department of Justice. For years, local police and federal authorities have used and spent over $350,000 on Stingrays , which essentially mimic mobile phone tower, to track cell phones in countless investigations. What is Stingray? Stingrays , made by the Harris Corporation, has capabilities to access user's unique IDs and phone numbers, track and record locations, and sometimes even intercept Internet traffic and phone calls, send fake texts and install spyware on phones. The authorities used these tracking tools for years to breach people's privacy
German Spy-Agency Trades Citizens' Metadata in Exchange for NSA's Xkeyscore

German Spy-Agency Trades Citizens' Metadata in Exchange for NSA's Xkeyscore

Aug 27, 2015
This is Really Insane!! Germany's top intelligence agency handed over details related to German citizen metadata just in order to obtain a copy of the National Security Agency's Main XKeyscore software , which was first revealed by Edward Snowden in 2013. According to the new documents obtained by the German newspaper Die Zeit, the Federal Office for the Protection of the Constitution ( BfV - Bundesamtes für Verfassungsschutz ) traded data of its citizens for surveillance software from their US counterparts. Germany and the United States signed an agreement that would allow German spies to obtain a copy of the NSA's flagship tool Xkeyscore, to analyse data gathered in Germany. So they covertly illegally traded access to Germans' data with the NSA. XKeyscore surveillance software program was designed by the National Security Agency to collect and analyse intercepted data it obtains traveling over a network. The surveillance software is powerful
Tip — Installing Windows 10‬? Fix 35+ Privacy Issues With Just One Click

Tip — Installing Windows 10‬? Fix 35+ Privacy Issues With Just One Click

Aug 06, 2015
So you finally upgraded your system to Windows 10 and became one those 70 Million users. No doubt, Windows 10 is the Windows best version released by Microsoft, but you need to know that it does not offer much privacy by default. Windows 10 is making many headlines these days, even it made me to write two detailed articles about Windows 10's most controversial options, i.e. Windows Wi-Fi sense and Windows 10 stealing users' Bandwidth to deliver updates. I noticed over 35 more privacy issues that come enabled by default in Windows 10, which has permission to send your vast amount of data back to Microsoft. While Installation, a click through " Express Settings " allows Windows 10 operating system to gather up your contacts, text and touch input, calendar details, and a lot more, including: Location Data Biometrics and Handwriting data Advertisement and its Tracking Code Apps access to your personal information Windows Defender and Sample subm
How Hacking Team and FBI planned to Unmask A Tor User

How Hacking Team and FBI planned to Unmask A Tor User

Jul 15, 2015
The huge cache of internal files recently leaked from the controversial Italian surveillance software company Hacking Team has now revealed that the Federal Bureau of Investigation (FBI) purchased surveillance software from the company. The leaked documents contains more than 1 Million internal emails, including emails from FBI agent who wanted to unmask the identity of a user of Tor , the encrypted anonymizing network widely used by activists to keep their identities safe, but also used to host criminal activities. Unmasking Tor User In September last year, an FBI agent asked Hacking Team if the latest version of its Remote Control System (RCS), also known as Galileo - for which the company is famous for, would be capable to reveal the True IP address of a Tor user. The FBI agent only had the proxy IP address of the target, as according to FBI, the target may be using Tor Browser Bundle (TBB) or some other variant. So, the agent wanted to infect the target
How Google Is Tracking Your Movie and Event Activities

How Google Is Tracking Your Movie and Event Activities

Jun 23, 2015
No doubt, You must be aware that Google tracks you, but what you probably did not realize is how precisely and till what extent it tracks you. Well, Google knows which movies I watched where, when, at what time and with how many of my friends , and knows it so well — even my eyebrows raised slightly in surprise! Yes, you heard right. If you are using your Gmail account like I do, receiving all movie booking and tickets, Google can easily track your movie flavors and frequent hangout places without access to GPS. GOOGLE READ MY EMAILS FOR EVENT INFORMATION I was feeling bored last night, so I decided to watch a movie and moved towards Google to search newly released films. As I googled " Movies 2015 "... Holy Crap! What I saw on the monitor was unbelievable. In Google search results, I was able to see the list of all my past movie booking event activities and even my future bookings ( shown below ), and it was so, so accurate. If you have Google acc
Cybersecurity Resources