Check Before Opening Encrypted Microsoft Word Documents Emailed to You

Threat intelligence analysts have now reported a surge in the activity of the Paper Werewolf cluster, also known as GOFFEE, which uses infected Microsoft Windows Word documents to launch mostly espionage-driven, credential-compromising attacks.

Like so many other attack campaigns, Paper Werewolf uses phishing emails and brand impersonation to distribute its malicious payload. These messages contain an encrypted Microsoft Word document that prompts the recipient to enable macros in order to read it. If they do this, then the content of the document is decrypted, and the malicious program is installed on their device. The threat intelligence analysts said that, in some instances, they observed the use of PowerRAT, a remote access trojan, enabling the attackers to execute commands and carry out reconnaissance. more

Officials Deny Approving Sale of Israeli Spyware Firm to US Investors

Officials in the United States and Israel have denied reports their countries had signed off on the sale of Israeli spyware maker Paragon to Florida-based AE Industrial Partners... 

"The U.S. government never 'approved' this sale. This is a private transaction," the official said. "There wasn't some sort of green light given for this sale." The Israeli military also denied the reports... more

Smart Home Cameras Spying

According to a study conducted by Surfshark, outdoor security camera apps are some of the top offenders when it comes to collecting user data. These apps gather 12 data points on average, including sensitive details like email addresses, phone numbers, payment information and precise location. That’s 50% more than what other smart home devices typically collect.
Which apps collect the most data?
Among the apps that collect the most data, Deep Sentinel and Lorex stand out for outdoor security cameras, each collecting 18 out of a possible 32 data points. Nest Labs, which leads the pack for indoor cameras, collects 17 data points, with Ring and Arlo each gathering 15. more

Research Finds that Cellular Walkie Talkies Put Americans at Risk of Chinese Spying

Haloid Solutions, a leading provider of wireless communications equipment, is warning all business and government agencies about foreign espionage and business disruption risks from China-manufactured cellular two-way radios. These devices were sold in the United States from "pop up companies" that claimed the devices were private.

For the past year, we've researched and investigated the radio over cellular space, also known as Push-to-Talk Over Cellular, or PoC. We've encountered dozens of "pop up" U.S. companies selling China engineered, manufactured, and hosted devices for extremely low prices.

The devices are advertised as encrypted and marketed and sold to businesses and government agencies. 

We estimate millions of these devices are currently in operation. From our research, we've found that many of these companies' claims are misleading or false. For example, one Chinese manufacturer white labels its products under numerous U.S. names, and claims that the servers hosting its radios are on Amazon servers in the U.S. In reality, they are hosted by Alibaba, the Chinese tech conglomerate and are vulnerable to Chinese spying by sending back user data to China. more

Google Warns Millions Of Android Users—These Apps Are Spying On You

Google is narrowing the gap to iPhone on the security and privacy front with Android 15. A raft of welcome changes will better protect users, their devices and their data, including live threat detection to quickly flag malware and permission abuse, cellular network defense, and tighter controls of what apps are doing behind the scenes.

When we talk about permission abuse, we clearly mean the grey area between apps behaving well and outright spyware—of which there’s still plenty on Android. While Apple led the charge to restrict location tracking and access to sensitive phone functions like messaging, cameras and contacts, Google has followed. more

Using a Device to Track medical data?

Are you using a device to track medical data? Here’s who else might be watching...
Wearable technology—smartwatches, smart rings, fitness trackers and the like—monitors body-centric data such as your heart rate, steps taken and calories burned, and may record where you go along the way. Like Santa Claus, it knows when you are sleeping (and how well), it knows when you're awake, it knows when you've been idle or exercising, and it keeps track of all of it...

Health information has become a prime target for hackers seeking to extort health care agencies and individuals after accessing sensitive patient data...

The report "From Skin to Screen: Bodily Integrity in the Digital Age" recommends that existing data protection laws be clarified to encompass all forms of bodily data. It also calls for expanding national health privacy laws to cover health-related information collected from health apps and fitness trackers and making it easier for users to opt out of body-centric data collections. more

AI CCTV - Creating a Surveillance Society

Premiering in New York City in June 2002, Steven Spielberg’s critically acclaimed film Minority Report, starring Tom Cruise, depicted a society where police use psychic mutants to predict and prevent murderers from committing their crimes. Now, South Korean company Electronics and Telecommunications Research Institute (ETRI) is using AI to make it a reality. 

Aptly named ‘Dejaview,’ ETRI’s high-tech platform blends AI with real-time CCTV to predict crimes before they transpire. But whereas the Pre-Crime department Tom Cruise heads in Minority Report focused on criminal intention, Dejaview is instead concerned with probability. 

ETRI says the platform can discern patterns and anomalies in real-time scenarios, allowing it to predict incidents from petty offences to drug trafficking with a sci-fi-esque 82% accuracy rate. more

Fry Spy: What's Done in an Air Fryer Doesn't Stay in an Air Fryer

UK consumer champion Which? wants you to know that your air fryer might be spying on you and sharing your data with third parties for marketing purposes.

The perhaps not-so-surprising findings from the buyer's friend are that smart devices in general are engaged in surveillance of their owners, and that data collection often goes "well beyond" what is necessary for the functioning of the product...

Testing out products across four categories, the outfit discovered that all three air fryers it looked at wanted permission to record audio on the user's phone, for no specified reason.

One wanted to know gender and date of birth when setting up an owner account, while the Xiaomi app linked to its air fryer was found to be connected with trackers from Facebook, Pangle (the ad network of TikTok for Business), and Chinese tech giant Tencent.

Air fryers from brands Aigostar and Xiaomi both sent the owner's personal data to servers in China – although this was flagged in the privacy notice, for what it's worth. more

Spies Can Eavesdrop on Phone Calls by...

 ... sensing vibrations with radar.

An off-the-shelf millimetre wave sensor can pick out the tiny vibrations made by a smartphone's speaker, enabling an AI model to transcribe the conversation, even at a distance in a noisy room.

Spies can eavesdrop on conversations by using radar to detect tiny vibrations in smartphones and employing artificial intelligence to accurately transcribe them. The trick even works in noisy rooms, as the radar homes in on the phone’s movement and is entirely unaffected by background hubbub.

Millimetre wave sensing is a form of radar that can measure movements of less than 1 mm by transmitting pulses of electromagnetic wave energy and detecting the reflected beams.

Suryoday Basak at Pennsylvania State University and his colleagues used a commercially available sensor operating between 77 and 81 gigahertz to pick up the tiny vibrations in a Samsung Galaxy S20 earpiece speaker playing audio clips. They then converted the signal to audio and passed it through an AI speech recognition model, which transcribed the speech. more$

Chinese Hackers Breached US Court Wiretap Systems

Chinese hackers accessed the networks of U.S. broadband providers and obtained information from systems the federal government uses for court-authorized wiretapping, the Wall Street Journal reported on Saturday.

Verizon Communications, AT&T and Lumen Technologies), are among the telecoms companies whose networks were breached by the recently discovered intrusion, the newspaper said, citing people familiar with the matter.

The hackers might have held access for months to network infrastructure used by the companies to cooperate with court-authorized U.S. requests for communications data, the Journal said. It said the hackers had also accessed other tranches of internet traffic. more

Thousands of Corporate Secrets Were Left Exposed

This Guy Found Them All...

If you know where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data.

In total, Demirkapi has found more than 15,000 active secrets of all kinds.

Within the vast number of exposed keys were those that could give an attacker access to the digital assets of companies and organizations, including the potential to obtain sensitive data. For instance, a member of Nebraska’s Supreme Court had uploaded details of usernames and passwords linked to its IT systems, and Stanford University Slack channels could be accessed using API keys. more

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

IN MODERN MICROCHIPS, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. 

A few photons from a stray beam of light can be enough to knock those electrons out of place and glitch a computer's programming. Or that same optical glitching can be achieved more purposefully—say, with a very precisely targeted and well timed blast from a laser. Now that physics-bending feat of computer exploitation is about to become available to far more hardware hackers than ever before.

At the Black Hat cybersecurity conference in Las Vegas next week, Sam Beaumont and Larry “Patch” Trowell, both hackers at the security firm NetSPI, plan to present a new laser hacking device they're calling the RayV Lite. 

Their tool, whose design and component list they plan to release open source, aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies. more

Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication....

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions...

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations. more

Interesting: AI Can Reveal What’s on Your Screen (sort of)

Hackers can intercept electromagnetic radiation leaking from the cable between your monitor and computer and decode what you are seeing on screen with the help of artificial intelligence. Such attacks are probably taking place in the real world, says the team behind the work, but ordinary computer users have little to worry about...

Federico Larroca at the University of the Republic in Montevideo, Uruguay, and his colleagues have developed an AI model that can reconstruct an image from digital signals that were intercepted a few metres away from an HDMI cable...

Around 30 per cent of characters were misinterpreted by the eavesdropping process, but that is low enough that humans can read most of the text accurately, the team says. This error rate is about 60 per cent lower than the previous state-of-the-art attack, the researchers add. more

Karma Files: Multi-platform Spyware Provider Spytech Gets Hacked

Second spyware provider hacked this month...

Minnesota-based spyware provider Spytech has been hacked, with files stolen from the company's servers containing detailed device activity logs from a global pool of mostly Windows PCs but also some Macs, Chromebooks, and even Android devices. 

The total number of spyware victims impacted by Spytech and noted by TechCrunch analyzing the scale of the breach is "more than 10,000 devices since 2013," and this cross-platform invasion of privacy stretches across the entire globe, including the US, EU, the Middle East, Africa, Asia, and Australia. 

Spytech provides a brand of spyware best known as "stalkerware" since it's typically installed by a person with physical access to the victim's device. more

One Way Corporate Espionage Spies Cover Their Tracks

Residential proxy IP: The invisible cloak in corporate espionage.
From the IP vendor's ad...

"In the fiercely competitive business battlefield, information is power, and how to obtain and use this information has become a problem that every company needs to face. In this spy war without gunpowder, residential proxy IP is like an invisible cloak, providing strong protection and support for enterprises.

Imagine that you are an intelligence analyst at an emerging technology company, and your task is to collect and analyze the latest developments of competitors so that the company can make more informed decisions. However, the online world is not a smooth road, and your IP address can easily expose your true identity and intentions, making your actions subject to various restrictions. At this time, residential proxy IP is like a capable assistant, helping you to move forward invisibly in this spy war.

Residential proxy IP, as the name suggests, is to use the IP address of an ordinary home network environment for network access. Because these IP addresses come from real home users, they are difficult to identify and track. By using residential proxy IP, enterprises can hide their real IP address and avoid being discovered by competitors or network monitoring agencies. In this way, enterprises can access target websites, crawl data, analyze competitors' strategies, etc. more freely without worrying about being blocked by anti-crawler mechanisms or IP being blocked." more

Karma Files: Data Breach Exposes Millions of mSpy Spyware Customers

A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it.

Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service.

The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker’s Zendesk-powered customer support system.

mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. more

Silicon Valley Steps Up Screening on Chinese Employees to Counter Espionage

Leading U.S. technology companies reportedly have increased security screening of employees and job applicants, which experts say is necessary to counter the cyber espionage threat from China.

While the enhanced screening is being applied to employees and applicants of all races, those with family or other ties to China are thought to be particularly vulnerable to pressure from the Beijing government.

But at least one Chinese computer science graduate student at a U.S. university is hoping to make his ties to China an asset. Zheng, who does not want to reveal his first name for fear of retaliation from the Chinese government, says he recently changed his focus to cybersecurity in hopes of improving his job prospects in the United States. more

Security Director Alert: China Enforcing Electronic Device Inspection Law

China is enforcing a new law on Monday that allows national security authorities to inspect electronic devices on suspicion of espionage.

The Ministry of State Security is implementing the legislation that stipulates powers to crack down on spying.

The law states procedures to inspect mobile phones, personal computers and other devices of individuals and organizations. more

TeamViewer Confirms Cyberattack

TeamViewer, the prominent provider of remote access tools, has confirmed a significant cyberattack on its corporate network. 

This attack has been attributed to APT29, a hacking group allegedly linked to Russian intelligence. The breach, discovered on June 26, involved compromised credentials of an employee account, marking another sophisticated cyber-espionage campaign executed by state-sponsored hackers.

According to TeamViewer’s investigation, the breach began with the compromise of credentials from a standard employee account within their corporate IT environment. 

The company has emphasized that the attack was contained within its corporate network, assuring that their internal network and customer systems are separate...Despite these assurances, the company’s investigation is ongoing. more