surveillance | Breaking Cybersecurity News | The Hacker News

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named  GoldenJackal . Russian cybersecurity firm Kaspersky, which has been  keeping tabs  on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance. GoldenJackal is suspected to have been active for at least four years, although little is known about the group. Kaspersky said it has been unable to determine its origin or affiliation with known threat actors, but the actor's modus operandi suggests an espionage motivation. What's more, the threat actor's attempts to maintain a low profile and disappear into the shadows bears all the hallmarks of a state-sponsored g

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is  CVE-2018-9995  (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. "The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie," Fortinet  said  in an outbreak alert on May 1, 2023. "A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds." The network security company said it observed over 50,000 attempts to exploit TBK DVR devices using the flaw in the month of April 2023. Despite the availability of a proof-of-concept ( PoC ) exploit, there are no fixes that address the vulnerability. The flaw impacts TBK DVR4104

Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.

Entities in Armenia have come under a cyber attack using an updated version of a backdoor called  OxtaRAT  that allows remote access and desktop surveillance. "The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and desktop, remotely controlling the compromised machine with TightVNC, installing a web shell, performing port scanning, and more," Check Point Research  said  in a report. The latest campaign is said to have commenced in November 2022 and marks the first time the threat actors behind the activity have expanded their focus beyond Azerbaijan. "The threat actors behind these attacks have been targeting human rights organizations, dissidents, and independent media in Azerbaijan for several years," the cybersecurity firm noted, calling the campaign Operation Silent Watch. The late 2022 intrusions are significant, not least because of the changes in the infection chain, the s

The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the  Covered List  as of March 12, 2021. "The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here," FCC Chairwoman Jessica Rosenworcel  said  in a Friday order. "These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications." Pursuant to the ban, Hytera, Hikvision, and Dahua are required to document the safeguards the firms are putting in place on the sale of their devices for government use and surveillance of critical i

A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg  reported  Tuesday. He faces up to 20 years in prison when sentenced. The  verdict  comes nearly three years after Abouammo, along with Ali Alzabarah and Ahmed Almutairi (Ahmed Aljbreen) were  indicted in 2019  for acting as "illegal agents" of Saudi Arabia, with the former also charged with destroying, altering, and falsifying records in a federal investigation. Prosecutors accused Abouammo and Alzabarah, both of whom joined Twitter in 2013, of being enlisted by officials of the Kingdom of Saudi Arabia for  unmasking its critics  on the social media platform. According to court documents, both individuals leveraged their access to internal systems to unauthorizedly get hold of nonpubli

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import," Proofpoint  said  in a report shared with The Hacker News. The ultimate goal of the "sustained" intrusions, the enterprise security firm said, is to gain a competitive intelligence edge or spread disinformation and propaganda. Proofpoint said it identified two Chinese hacking groups, TA412 (aka  Zirconium  or Judgment Panda) and  TA459 , targeting media personnel with malicious emails containing web beacons and weaponized documents respectively that were used to amass information about the recipients' network environments and drop  Chinoxy  malware. In a simila

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the procedure requires the individuals to clear numerous internal security protocols. The contents of the letter, first  reported  by The New York Times, shares more details about TikTok's plans to address data security concerns through a multi-pronged initiative codenamed "Project Texas." "Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the m

A group of academics has designed a new system known as " Privid " that enables video analytics in a privacy-preserving manner to combat concerns with invasive tracking. "We're at a stage right now where cameras are practically ubiquitous. If there's a camera on every street corner, every place you go, and if someone could actually process all of those videos in aggregate, you can imagine that entity building a very precise timeline of when and where a person has gone," Frank Cangialosi, the lead author of the study and a researcher at the MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL),  said  in a statement. "People are already worried about location privacy with GPS — video data in aggregate could capture not only your location history, but also moods, behaviors, and more at each location," Cangialosi added. Privid is built on the foundation of  differential privacy , a  statistical technique  that makes it possibl

Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms operating in the nation are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper  Calcalist , now only includes 37 countries, down from the previous 102: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S. Notably missing from the list are countries such as Morocco, Bahrain, Saudi Arabia, and the U.A.E, which have been previously identified as customers of Israeli spyware vendor NSO Group. In curtailing the exports, the mov

The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were  broken  by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste or FE). German Chancellor Angela Merkel, the then-German Foreign Minister Frank-Walter Steinmeier, and the opposition leader at the time, Peer Steinbrück, are said to have been targeted through the Danish-American pact. Using the telephone numbers of politicians as search parameters, the report alleged that the NSA "intercepted everything from text messages to phone calls that passed through the ca

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation, among other types of sensitive information. The findings published by Lookout is the result of an analysis of 18GB of exfiltrated data that was publicly exposed from at least six insecurely configured command-and-control (C2) servers located in India. "Some notable targets included an individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force (PAF), as well as officers responsible for electoral rolls (Booth Level Officers) located in the Pulwama district of Kashmir," the researchers  said  in a Wednesday ana

Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage Hong Kong protesters. Since last week, millions of people in Hong Kong are fighting their political leaders over the proposed amendments to an extradition law that would allow a person arrested in Hong Kong to face trial elsewhere, including in mainland China. Many people see it as a fundamental threat to the territory's civic freedoms and the rule of law. Many people in Hong Kong are currently using Telegram's encrypted messaging service to communicate without being spied on, organize the protest, and alert each other about activities on the ground. According to Telegram, th

A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison. Reality Winner , a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, initially faced 10 years in prison and a $250,000 fine. However, in the U.S. District Court in Augusta, Georgia on Thursday, Winner agreed to a plea agreement that called for five years and three months in prison with three years of supervision after release. Back in May 2017, Winner printed out a top-secret document detailing about the Russian hacking into U.S. voting systems, smuggled the report out of the agency in her underwear, and then mailed it anonymously to The Intercept. The Intercept, an online publication that has been publishing classified NSA documents leaked by Edward Snow

Amnesty International, one of the most prominent non-profit human rights organizations in the world, claims one of its staff members has been targeted by a sophisticated surveillance tool made by Israel's NSO Group. The NSO Group is an Israeli firm that's mostly known for selling high-tech spyware and surveillance malware capable of remotely cracking into Apple's iPhones and Google's Android devices to intelligence apparatuses, militaries, and law enforcement around the world. The company's most powerful spyware called Pegasus for iPhone , Android , and other mobile devices has previously been used to target human rights activists and journalists, from Mexico to the United Arab Emirates. Pegasus has been designed to hack mobile phones remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, emails, WhatsApp messages , user's location, microphone, and camera —all without the victim's knowl

The U.S. Justice Department unsealed 16-count indictment charges on Wednesday against a computer programmer from Ohio who is accused of creating and installing spyware on thousands of computers for more than 13 years. According to the indictment, 28-year-old Phillip R. Durachinsky is the alleged author of FruitFly malware that was found targeting Apple Mac users earlier last year worldwide, primarily in the United States. Interestingly, Durachinsky was just 14 years old when he programmed the first version of the FruitFly malware, and this full-fledged backdoor trojan went largely undetected for several years, despite using unsophisticated and antiquated code. The malware was initially discovered in January 2017 by Malwarebytes and then Patrick Wardle, an ex-NSA hacker, found around 400 Mac computers infected with the newer strain of FruitFly. However, Wardle believed the number of infected Macs would likely be much higher. The malware is capable of advanced surveillance

Moscow-based cyber security firm Kaspersky Lab has taken the United States government to a U.S. federal court for its decision to ban the use of Kaspersky products in federal agencies and departments. In September 2017, the United States Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD) ordering civilian government agencies to remove Kaspersky Lab software from their computers and networks within 90 days. The order came amid mounting concern among United States officials that the Kaspersky antivirus software could be helping Russian government spy on their activities, which may threaten the U.S. national security. U.S. President Donald Trump also signed into law last week legislation that bans the use of Kaspersky products within the U.S. government, capping a months-long effort to purge Kaspersky from federal agencies amid concerns it's vulnerable to Kremlin influence. The Kaspersky's appeal is part of an ongoing campaign by the c

The United States Department of Homeland Security (DHS) has recently accused Da-Jiang Innovations (DJI), one of the largest drone manufacturers, of sending sensitive information about U.S. infrastructure to China through its commercial drones and software. A copy memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) has begun circulating online more recently, alleging "with moderate confidence" that DJI drones may be sending US critical infrastructure and law enforcement data back to China. However, the bureau accessed "with high confidence" that this critical data collected by the DJI systems could then be used by the Chinese government to conduct physical or cyber attacks against the U.S. critical infrastructure and its population. The memo goes on to specify the targets the Chinese Government has been attempting to spy on, which includes rail systems, water systems, hazardous material storage facilities, and constructio

Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware. Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware. According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC. The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader. Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classi

Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a " comprehensive transparency initiative ," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor. Earlier this month another story published by the New York Times claimed that Israeli government hackers hacked into Kaspersky 's network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky. US officials have long been suspicious that Kaspersky antivirus firm may have ties to Russian intelligence agencies. Back in July, the company offered to turn over the source code for the U.S. government to audit. However, the offer did not stop U.S. Dep

No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit. Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks. Almost every Internet activity starts with a DNS query, making it a fundamental building block of the Internet. DNS works as an Internet's phone book that resolves human-readable web addresses, like thehackernews.com, against their IP addresses. DNS queries and responses are sent in clear text (using UDP or TCP) without encryption, which makes it vulnerable to eavesdropping and compromises privacy. ISPs by default resolve DNS queries from their servers. So when you type a website name in your browser, the query first goes to their DNS servers to find the website's IP address, which eventually exposes this information (metada