Spyware firms target iOS, Android, and Windows devices due to their widespread usage, making them lucrative targets for gathering sensitive information.
Each platform offers unique exploitation opportunities, with iOS and Android dominating the mobile market, while Windows remains a primary operating system for computers.
This complete scenario provides diverse avenues for surveillance and data collection.
Recently, Meta Platforms acted against eight surveillance-for-hire firms in Italy, Spain, and the U.A.E., as per the Q4 2023 “Adversarial Threat Report.”
Cybersecurity researchers at Meta Platform have reported that spyware from these companies has been actively targeting iPhones, Android, and Windows devices.
DocumentLive Account Takeover Attack Simulation
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.
The malware used by spyware firms has stealthy features and capabilities that enable threat actors or operators to collect sensitive information from the targeted devices.
The following device information was accessed and collected by the malware:-
Location
Photos
Media
Contacts
Calendar
Email
SMS
Social media
Messaging apps
Besides this, it also enables and gives threat actors accessibility to these elements of the targeted devices: microphones, cameras, and screenshots.
Spyware Firms Involved
Here below, we have mentioned all the spyware firms involved:-
Cy4Gate/ELT Group
RCS Labs
IPS Intelligence
Variston IT
TrueL IT
Protect Electronic Systems
Negg Group
Mollitiam Industries
Cybersecurity researchers asserted that all the above-mentioned spyware firms are also found to be engaged in scraping, social engineering, and phishing activity that targets a wide range of social platforms.
Fake personas linked to RCS Labs deceived users for phone numbers, email addresses, and surveillance.
Now removed, Variston IT’s Facebook and Instagram accounts aided exploit development and testing.
Meta reports that Variston IT is discontinuing operations. Negg Group and Mollitiam Industries were also identified for spyware testing and data collection.
Swedish telecom security firms suspect that the cyber attack method involves a unique binary SMS (MM1_notification.REQ) notifying of MMS, retrieved via MM1_retrieve.REQ and MM1_retrieve.RES, embedding device info in GET request as a fingerprint.
Moreover, it has potential for spyware deployment, tailored exploits, and phishing campaigns, but no recent evidence of exploitation in the wild.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and exposing other customers’ footage is definitely not OK.
It’s not OK, but yet here we are again. On February 17, TheVerge reported that history had repeated itself. Wyze co-founder David Crosby confirmed that users were able to briefly see into a stranger’s property because they were shown an image from someone else’s camera.
Crosby told The Verge:
“We have now identified a security issue where some users were able to see thumbnails of cameras that were not their own in the Events tab.”
So, it’s not a full feed and just a thumbnail, you might think. Is that such a big deal? Well, it was a bit more than that. Users got notification alerts for events in their house. I don’t know how you feel when you get one of those while you know there shouldn’t be anyone there, but it’s enough to make me nervous.
Imagine your surprise when you then see someone else’s house as the cause for that notification.
Wyze blames the issue on overload and corruption of user data after an AWS outage. However, AWS did not report an outage during the time Wyze cameras were having these problems.
And, while the company originally said it had identified 14 instances of the security issue, the number of complaints on Reddit and the Wyze forums indicated that there must have been a lot more.
This turned out to be the case. In an email sent to customers, Wyze revealed that it was actually around 13,000 people who got an unauthorized peek at thumbnails from other people’s homes.
Wyze chalks up the incident to a recently-integrated third-party caching client library which caused the issue when they brought back cameras online after an outage at AWS.
“This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”
Wyze says it has added an extra layer of verification before users can view Event videos.
So, all we can do is hope we don’t have to write another story like this one in a few months.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
A new update has started rolling out to the OnePlus 12R, and it improves the phone’s camera, its performance, and more. This update is marked as OxygenOS 14.0.0.307, and it’s coming to Europe, the US, and India regions. It’s basically a global update.
Before we get to the changelog, do note that this update is rolling out in stages. That’s something we’re used to when it comes to updates at this point. OnePlus also has a tendency to roll out such updates a bit slower just to make sure no bugs pop up.
This OnePlus 12R update improves the camera performance, system performance in general & more
Having said that, let’s focus on the camera performance first. This update is supposed to improve the camera performance indoors. On top of that, it’s supposed to improve camera performance stability overall, says OnePlus.
The general stability and performance of OxygenOS 14 on the device have been improved, and the power consumption has also been optimized. The battery life should be a bit better now because of it.
OnePlus also tweaked the connectivity side of things. This update improves the stability and expands the compatibility of Bluetooth connections on the device. On top of that, it improves network stability and compatibility.
You’ll hardly find a better $500 smartphone out there
That’s basically everything that’s included in the changelog. Even without this update, we believed that the OnePlus 12R was the best $500 smartphone on the market, and with these improvements, it should become even better
The company really did manage to create a rather affordable smartphone considering what it offers on the inside. The Snapdragon 8 Gen 2 is used here, along with a truly great LTPO AMOLED display with a refresh rate of up to 120Hz. The camera performance is not bad at all, and so on. Overall, the phone managed to impress us during our review period, and you can read more about that here.
We got the first Android 15 Developer Preview last week. Yesterday, we reported that the next software version could pack a solution for annoying repetitive notifications. Now, a new feature on the forthcoming OS has been unearthed by Mishaal Rahman (via Android Authority). Android 15 could come with an additional measure to protect sensitive information from scammers.
Android 15 to protect your login codes from scammers
Almost all platforms and online accounts offer a two-factor authentication code (2FA). It adds an extra layer of security preventing user’s accounts from getting hacked. This method sends a one-time password (OTP) code to the user via text or email. It is easier to use but also less secure. Hence the codes can be intercepted by a malicious third party.
Rahman was digging through the Android 14 QPR3 Beta 1 update and found a new security feature that could possibly protect the login codes. For this, Google seems to be adding a new permission called RECIEVE_SENSITIVE_NOTIFICATIONS. It has a protection level of role|signature. This indicates that it will be restricted only to applications with the requisite role or to applications that the OEM signs. Rahman claims that this permission will work with a feature that will redact sensitive notifications from untrusted apps that implement NotificationsListenerService. This API allows apps to read or take actions on all notifications. It can only be enabled manually in the device’s settings.
Both the new permission and API are said to be powerful. Hence Google won’t let third-party apps access it. It remains to be seen what apps are considered untrusted and what notifications are deemed sensitive as per Google.
There’s also another feature to bolster security against scamsters
Rahman also unearthed a new feature called OTP_REDACTION in the source code of Android 14. This will hide OTP notifications on the lock screen. Meanwhile, the RECEIVE_SENSITIVE_PERMISSION will stop untrusted apps from reading notifications that contain 2FA codes.
With both these features Google could significantly improve the security of Android devices. A lot of apps including banking, social media, and more require sensitive data like OTP messages for logging in. Getting scammed is a rampant practice, especially with OTP messages. Things often get messy quickly after one wrong move.
Discover the Complete Story Behind the Collapse of the LockBit Ransomware Gang – From Infrastructure Seizures and Freezing Cryptocurrency Accounts to European Arrests, Charges, Indictments, and the Release of a Recovery Tool by Authorities.
In a groundbreaking operation, the United Kingdom’s National Crime Agency (NCA) has dismantled the notorious LockBit ransomware, one of the world’s most prolific ransomware groups – The takedown was part of “Operation Cronos.”
On 19 February 2024, Hackread.com’s in-depth report revealed that all dark web domains of LockBit ransomware had been seized. Now, according to the NCA’s press release, the latest development in this ongoing saga sees the agency taking control of LockBit’s primary administration environment, effectively cutting off the group’s ability to carry out further attacks.
Additionally, the agency has seized control of LockBit’s public-facing leak site on the dark web, repurposing it to expose the group’s tactics and operations.
LockBit Source Code and Backend
Crucially, the NCA has obtained the source code of the LockBit platform and a wealth of intelligence on the group’s activities and affiliates. This trove of information not only sheds light on LockBit’s modus operandi but also provides insight into the individuals and organizations complicit in their criminal enterprises.
One noteworthy disclosure from the NCA’s investigation is the discovery that some of the data on LockBit’s systems belonged to victims who had already paid ransom demands. This highlights the harsh reality that even compliance with ransom demands does not guarantee the safe return of stolen data—a fact often glossed over by cybercriminals.
LockBit ransomware’s dark web domains are now being used to expose the gang’s modus operandi (Screenshot credit: Hackread.com)
Arrests and Indictments
The crackdown on LockBit extends beyond digital infiltration, with law enforcement agencies in multiple countries executing arrests and freezing cryptocurrency accounts linked to the group.
In a coordinated effort led by Europol, two LockBit actors from Poland and Ukraine have been apprehended, while the US Department of Justice has brought criminal charges against two Russian nationals Artur Sungatov and Ivan Kondratyev, alias Bassterlord, for deploying LockBit against multiple victims across the United States.
These victims include businesses spanning various industries nationwide, such as manufacturing, alongside global victims in sectors like semiconductors.
It is worth noting that in June 2023, Ruslan Magomedovich Astamirov (20), a Russian national, was also arrested and charged with conspiring to commit LockBit ransomware attacks against U.S. and foreign businesses. To date, the LockBit ransomware gang targeted over 2,000 victims and received more than $120 million in ransom payments.
A platform for LockBit victims
It is also crucial to mention that the FBI has established an online platform for victims of LockBit ransomware. This platform caters to both U.S. victims and non-U.S. victims interested in engaging with the U.S. LockBit prosecutions. Whether it’s to submit a victim-impact statement or to claim restitution, individuals can access the platform here: Lockbitvictims.ic3.gov.
This is what the LockBit ransomware’s dark web domains look like (Screenshot credit: Hackread.com)
Japanese LockBit Recovery Tool
The Japanese Police, with support from Europol, has developed a specialized recovery tool aimed at restoring files encrypted by the LockBit 3.0 Black Ransomware. To utilize this recovery solution effectively, users are instructed to execute the provided binary file on their affected machines, initiating an initial assessment process.
The tool will be available on the No More Ransomware platform soon. Alternatively, if you are a victim and based in the United Kingdom send an email to the NCA at [email protected]. Those in the United States can visit Lockbitvictims.ic3.gov.
The NCA’s Director General, Graeme Biggar, hailed the operation as a testament to the agency’s relentless pursuit of cybercriminals, emphasizing that no criminal enterprise is beyond its reach. Home Secretary James Cleverly echoed this sentiment, commending the NCA for disrupting LockBit’s operations and signalling the UK’s unwavering commitment to combatting cyber threats.
US Attorney General Merrick B. Garland emphasized the collaborative nature of the operation, highlighting the partnership between US and UK law enforcement agencies in dismantling LockBit’s criminal infrastructure. FBI Director Christopher A. Wray echoed these sentiments, underscoring the bureau’s dedication to defending against cyber threats and holding perpetrators accountable.
Reaction from Experts
For insights into the latest development, we reached out to Ryan McConechy, CTO of Barrier Networks, who expressed appreciation for law enforcement’s role in combating cybercrime, particularly the escalating threat of ransomware.
“These actions demonstrate the efforts law enforcement is placing on fighting ransomware, but the seizure of LockBit’s servers is undoubtedly one of the biggest accomplishments so far.”
Ryan warned that seizing infrastructure and arrests does not mean the gang can not return. However, strengthening your cybersecurity measures can defend businesses against such threats.
“Organisations must act before it is too late,” he emphasised. “This involves training on threats, implementing MFA to secure employee credentials, keeping systems up to date with patches, and getting a well-oiled and comprehensive incident response plan in place, so everyone can step straight into effective action, even when attacks do occur,” Ryan advised.
As the dust settles on this major takedown, the NCA and its international partners stand ready to assist LockBit victims in recovering encrypted data and pursuing justice. With LockBit now effectively locked out, the NCA remains alert, knowing that the group may attempt to regroup and rebuild its criminal empire.
However, with the combined efforts of law enforcement agencies worldwide, the message to cybercriminals is clear: there is no safe haven for those who seek to profit from extortion and cybercrime.
Heads up, Microsoft users! It’s now time to update your devices as Microsoft rolled out its monthly Patch Tuesday updates for February 2024. This time, the tech giant addressed over 70 different vulnerabilities, including two zero-day flaws.
Microsoft February Patch Tuesday Updates Released
The most important security fixes in the February 2024 Patch Tuesday update bundle address two Microsoft zero-day vulnerabilities. The tech giant described both vulnerabilities as security feature bypass. Specifically, these include the following.
CVE-2024-21412 (CVSS 8.1): An important severity vulnerability affecting the Internet Shortcut Files. An adversary could exploit the flaw by tricking the target user into opening a maliciously crafted file designed to bypass displayed security checks. Microsoft confirmed detecting exploitation attempts for this flaw prior public disclosure.
CVE-2024-21351 (CVSS 7.6): A moderate severity vulnerability affecting Windows SmartScreen, compromising the Mark of the Web feature. An adversary could exploit the flaw by tricking the target user into opening a maliciously crafted file that could bypass Windows SmartScreen. Once done, the attacker could gain code execution on the target system. The tech giant confirmed detecting active exploitation of this vulnerability as well.
Besides these noteworthy security fixes, Microsoft released patches for three critical severity vulnerabilities. These include CVE-2024-21380 (CVSS 8.0) – an information disclosure flaw affecting the Microsoft Dynamics Business Central/NAV, CVE-2024-21357 (CVSS 7.5) – a remote code execution vulnerability in the Windows Pragmatic General Multicast (PGM), and CVE-2024-20684 (CVSS 6.5) – a Windows Hyper-V denial of service vulnerability.
In addition, the February Patch Tuesday update bundle addressed 66 other vulnerabilities, including 59 important severity issues and two moderate severity flaws. Moreover, the update bundle also includes numerous security fixes from third parties, facilitating users to patch their devices accordingly.
While these updates would automatically reach all eligible devices, users should still check for any updates manually to receive all bug fixes in time.
The gaming industry is experiencing unprecedented growth, propelled by technological advancements and shifting consumer preferences. As the paradigm shifts, the significance of data privacy and security in B2B gaming data transactions cannot be overstated. This article will delve into the intricacies of navigating data privacy and security in B2B gaming data, highlighting key challenges, regulatory requirements, and best practices.
Data privacy and security are paramount in the gaming industry, where companies handle sensitive information such as player profiles, in-game transactions, and gameplay analytics. With the surge in B2B data transactions, ensuring the confidentiality, integrity, and availability of data has become a primary concern for gaming companies. By addressing these challenges, companies can establish trust with their partners and players, ensuring compliance with regulations and safeguarding their reputation.
The ever-changing regulatory environment adds complexity to data privacy and security in B2B gaming data transactions. Regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) impose stringent requirements on data collection, processing, and protection. Non-compliance can lead to severe penalties and reputational harm, underscoring the importance for gaming companies to stay abreast of regulations and maintain compliance.
Data Privacy Regulations in Gaming
Data privacy regulations have significantly impacted how gaming companies handle B2B data transactions. These regulations aim to protect individuals’ privacy rights and ensure responsible data handling. For gaming companies, this entails implementing robust data protection measures, securing explicit consent for data processing, and empowering individuals with control over their data.
Compliance with data privacy regulations is not only a legal obligation but also vital for fostering trust and credibility with players and partners. By demonstrating a commitment to data privacy and security, gaming companies can distinguish themselves in a competitive market and cultivate long-term relationships founded on trust and transparency.
Implementing data privacy regulations can be intricate and resource-intensive for gaming companies, necessitating a comprehensive understanding of regulatory requirements, meticulous planning, and ongoing compliance efforts. However, investment in data privacy and security is crucial for mitigating risks, protecting sensitive information, and upholding a positive reputation in the gaming industry.
Ensuring Data Security in B2B Gaming Data Transactions
Data security is integral to data privacy in B2B gaming data transactions, encompassing measures to protect data from unauthorized access, disclosure, alteration, or destruction. With the escalating sophistication of cyber threats, gaming companies must deploy robust data security measures to safeguard their B2B data transactions.
Encryption serves as a fundamental tool for ensuring data security in B2B gaming data transactions, converting data into a coded format decipherable only by authorized parties. By encrypting sensitive data in transit and at rest, gaming companies can mitigate the risk of unauthorized access and data breaches.
Access controls are another vital component of data security in B2B gaming data transactions, involving policies and technologies to restrict data access based on the principle of least privilege. By granting access solely to authorized individuals or systems, gaming companies can minimize the risk of insider threats and unauthorized data access.
Data masking is a technique employed to anonymize sensitive data in B2B gaming data transactions, replacing identifiable information with fictional yet realistic data. By masking sensitive data such as personal identifiers or financial information, gaming companies can uphold data privacy while facilitating legitimate data processing and analysis.
Implementing data security measures necessitates a holistic approach encompassing the entire data lifecycle, from collection to disposal. It involves identifying and assessing potential security risks, implementing suitable security controls, and regularly monitoring and updating security measures to counter evolving threats. By prioritizing data security in B2B gaming data transactions, companies can safeguard their data assets and maintain trust with their partners and players.
The ASUS ZenFone 11 Ultra just got certified prior to its launch. The phone got certified in Europe, it paid a visit to the EEC. The phone was certified with the AI2401 model number.
The ASUS ZenFone 11 Ultra gets certified prior to launch
That listing did not really reveal anything about the phone, though, other than it will launch in Europe. We do have plenty of information about the ASUS ZenFone 11 Ultra thus far, though. Not only did its design surface more than once, but its specs did too.
A Geekbench listing confirmed that the ASUS ZenFone 11 Ultra will be fueled by the Snapdragon 8 Gen 3 processor. It also confirmed that the 16GB RAM model will become a reality.
Unlike the ASUS ZenFone 9 and the ZenFone 10, the ASUS ZenFone 11 Ultra will be large. The other two phones are rather small, both of them have 5.9-inch displays. Well, they’re not small, but compact.
The phone will launch in Eternal Black, Desert Sienna, Misty Gray, Skyline Blue, and Verdure Green colors. You can see all those color options in the image provided below.
The ZenFone 11 Ultra specs also surfaced. Other than the SoC and RAM that we’ve already mentioned, the phone is expected to include a 6.78-inch fullHD+ 120Hz LTPO AMOLED display (up to 144Hz for gaming).
A 5,500mAh battery is expected, along with 65W wired charging
A 5,500mAh battery was also mentioned, as was 65W wired, and 15W wireless charging. The phone will also include a set of stereo speakers and an audio jack as well.
A 50-megapixel main camera will sit on the back, while a 13-megapixel ultrawide camera (120-degree FoV) will also be located there. ASUS is planning to include a 32-megapixel telephoto camera (3x optical zoom) as the third option.
Right now, we only know about two versions of Google Gemini. There’s the core version and there’s Gemini Advanced. However, it appears that Google is working on two more versions. According to a report, Google is going to launch Enterprise and Business Gemini plans.
This is something that was foreseen. Most AI products have some sort of enterprise version for people looking to run their business using AI. These offer the most robust plans that benefit teams rather than just one person. Going forward, a large chunk of businesses that are established will use AI in some way shape, or form, so we expect these Enterprise plans to really become popular.
Google will bring Business and Enterprise Gemini plans
Right now, information on these plans is a bit scarce. The information comes from a testing catalog and a post from Dylan Roussel on X. As for the post, Roussel stated, “Ability to edit and run Python code snippets directly from Gemini is really neat! The new plans are also awesome. What a crazy month for Gemini!”
As for the testing change logs, there are two of them, and they are both yet to be released. One of the changelogs is dated February 20th (Tuesday) and the other one is dated February 21st. So, Google did not intend for this information to be out just yet.
The one dated Wednesday has information about the Enterprise and Business plans. If you sign up for one of these plans, you’ll get access to Gemini Ultra 1.0 and administrators can manage settings via the Google Workspace admin console. These plans will give you access to a bunch of features, but we don’t know about all of them just yet. Since this has yet to be announced, we’re sure that Google is going to either post a video or post a lengthy blog post about them when the day comes.
These plans will be available in over 150 countries and territories. Also, conversations that people have will not be used to train the model. This is something that’s very important, as many people are going to be using this for their business. So, conversations recorded in Gemini should definitely not be used to train the model.
The other changelog is great for people who are into coding
On the other changelog, Google announced that, for Gemini Advance customers, the ability to run and edit Python code is coming. The changelog states that “…you can now edit and run Python code snippets directly in Gemini’s user interface. This allows you to experiment with code, see how changes affect the output, and verify that the code works as intended.”
So, if you’re a person who codes in Python, and you have Gemini Advanced, you should expect this functionality soon.
If you’re curious about Gemini Advanced, you can only access it through the Google One AI Premium plan. This plan costs $19.99/month, and it comes with 2TB of Google One Cloud storage along with other AI features. If you want to know how to sign up for Gemini Advanced, we have you covered. Also, if you want to know what Gemini Advance is, we also have you covered.
The European Union, a persistent challenge for tech giants, is once again making its presence felt. A recent report indicates that Apple might be facing a substantial fine (potentially reaching $539 million) imposed by the EU for creating “unfair trading conditions” for its rivals. Now, it seems TikTok is also under the EU’s scrutiny. Reuters reports that the European Union will launch an investigation into whether TikTok violated online content regulations designed to safeguard children and ensure transparent advertising. EU industry chief Thierry Breton decided after reviewing TikTok’s risk assessment report and its responses to information requests. If found guilty, TikTok could face a substantial fine.
Today we open an investigation into #TikTok over suspected breach of transparency & obligations to protect minors:
The EU’s Digital Services Act (DSA), which became effective for all online platforms on February 17, mandates that notably large online platforms and search engines take additional measures to combat illegal online content and protect public safety.If TikTok is found to have violated the rules outlined in the DSA, ByteDance, the owner of TikTok, could potentially face fines amounting to up to 6% of its global turnover. For context, statistics show that TikTok generated an estimated $9.4 billion in revenue in 2023. This could potentially result in a fine of around $500 million.
TikTok stated that it remains committed to collaborating with experts and the industry to ensure the safety of young people on its platform. The company also expressed its readiness to provide detailed explanations of its efforts to the European Commission. A TikTok spokesperson said:
TikTok has pioneered features and settings to protect teens and keep under 13s off the platform, issues the whole industry is grappling with.
The European Commission mentioned that the investigation will look into TikTok’s system design, including its algorithmic features, which might encourage addictive behaviors and lead to what’s known as the rabbit hole effect.
The rabbit hole effect is a metaphor that describes the phenomenon of becoming deeply engrossed in something, typically to the point of losing track of time or neglecting other responsibilities. It’s often used in the context of the internet, where algorithms and user engagement strategies can keep people clicking on related content for hours on end.
For reference, research shows that just on Android phones, we spent a whopping 2.3 trillion hours on social media in 2023, and TikTok is the king of the social media jungle.
The European Commission will also check if TikTok has set up measures that are suitable and proportional to guarantee a high level of privacy, safety, and security for minors. Apart from the concern for protecting minors, the Commission is examining whether TikTok offers a reliable database of ads on its platform, enabling researchers to analyze potential online risks. Stay tuned for updates.