Pinboard search: spyware

Money-saving smart tech could be enabling smart domestic abuse | The Independent
via Axios https://www.axios.com/top/
close icon
Brian Krebs:

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware. Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication. A list of data points that can be slurped from a mobile device that is secretly running mSpy’s software. Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. The private key would allow anyone to track and view details of a mobile device running the software, Shah said.

It's like rain on your wedding day, isn't it.
This Windows file may be secretly hoarding your passwords and emails | ZDNet
via Fast Company https://www.fastcompany.com
For second Time in three Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records • Krebs on Security
via BleepingComputer https://www.bleepingcomputer.com/
How mobile tech, social media can stalk, harass and control you
Moreover, an idle Android phone running the Chrome browser sends back to Google nearly fifty times as many data requests per hour as an idle iOS phone running Safari.
For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records — Krebs on Security
"someone develops an extension that gains a large amount of users, but doesn’t necessarily make any money. That developer is approached by a company that will pay a large amount of money to purchase the extension. If the developer accepts the purchase, the new company modifies the extension to insert advertisements and tracking, uploads it to the Chrome Web Store as an update, and all the existing users are now using the new company’s extension—with no warning. This happened to Particle for YouTube" "In the past, we might have said that the Web Developer extension was safe because it was legitimate. However, the developer fell for a phishing attack and the extension became malicious. It’s a good reminder that, even if you could trust someone not to sell their extension to a shady company, you’re relying on that person for your security. If that person slips up and allows their account to be hijacked, you’ll end up dealing with the consequences—and they could be a lot worse than what happened with the Web Developer extension."
For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records — Krebs on Security
Honey developer. How malware companies make money:[[Most are generating $ from advertising or data. Approaches I've seen include:replace you default new tab contents their searchreplace existing links with affiliate linksadd new affiliate text links all over the place that look similar to the double underline ones used by some publishersreplace ads across the internetgenerate phantom traffic to websites a user never sees (similar to botnet)capture ALL browsing data including post data (many uses I could speculate on but wont get into here)]]
Researchers find way to spy on remote screens—through the webcam mic | Ars Technica
Chrome store but the business model of the buyer is simple – they buy popular add-ons, inject affiliate links and the bulk of users would never notice this since the Chrome browser automatically updates add-ons in the background. And there are no changelogs either.
Israeli spyware company is back to hacking journalists to impress clie
via Fast Company https://www.fastcompany.com
Unsophisticated Android Spyware Monitors Device Sensors
An Amnesty International employee was the target of a "sophisticated surveillance campaign," the group believes, after the employee received a suspicious WhatsApp message containing a link that, if opened, would have installed "Pegasus" - a spyware tool developed by the NSO Group, an Israeli company known for developing the surveillance tool, which is the same one used to target UAE human rights rights activist Ahmed Mansoor, a.k.a. the “Million Dollar Dissident.” https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ Amnesty: "In early June 2018, an Amnesty International staff member received a suspicious WhatsApp message in Arabic. The text contained details about an alleged protest outside the Saudi embassy in Washington D.C., followed by a link to a website. Investigations by Amnesty International’s technology team revealed that clicking the link would have, according to prior knowledge, installed 'Pegasus', a sophisticated surveillance tool developed by the Israel-based company NSO Group...The WhatsApp message was sent to Amnesty International in a week when the organization was campaigning for the release of six women’s rights activists detained in Saudi Arabia...The link, if clicked, would have allowed the Pegasus software to infect the user’s smartphone, tracking keystrokes, taking control of the phone’s cameras and microphone and accessing contact lists. Amnesty International’s investigation also discovered that another Saudi Arabia rights activist received a similar malicious message." Read more at the blog post linked above or access Amnesty's full research report here https://www.amnesty.org/en/latest/research/2018/08/amnesty-international-among-targets-of-nso-powered-campaign/.
Spyware Company Exposed ‘281 Gigabytes’ of Children’s Photos Online - Motherboard
What Onavo Protect DoesOnavo Protect was purchased by Facebook in 2013, for the express purpose of…you guessed it: mining your data.See, Facebook can track a lot of what you do on the web, but it can’t track what you do in other apps on your phone. When you turn Onavo Protect on, however, you are routing all of your internet traffic through Facebook’s servers, where the information is decrypted for them to see. The Wall Street Journalpublished an article about this last year, but you don’t even need to dig that much to find this out—Onavo Protect tells you about it when you first open the app.
Don’t Use Software to Spy on Your Spouse - Motherboard
Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed. The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that "most" is not "all." Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the "Lenovo Service Engine." Lenovo's own description of what the software did differs depending on whether the affected system is a desktop or a laptop. On desktops, the company claims that the software only sends some basic information (the system model, region, date, and a system ID) to a Lenovo server. This doesn't include any personally identifying information, but the system ID should be unique to each device. Lenovo says that this is a one-time operation and that the information gets sent only on a machine's first connection to the Internet. For laptops, however, the software does rather more. LSE on laptops installs the OneKey Optimizer (OKO) software that Lenovo bundles on many of its machines. OneKey Optimizer arguably falls into the "crapware" category. While OKO does do some somewhat useful system maintenance—it can update drivers, for example—it also offers to perform performance "optimizations" and cleaning "system junk files," which both seem to be of dubious value. Making this rather worse is that LSE and/or OKO appear to be insecure. Security issues, including buffer overflows and insecure network connections, were reported to Lenovo and Microsoft by researcher Roel Schouwenberg in April. In response, Lenovo has stopped including LSE on new systems (the company says that systems built since June should be clean). It has provided firmware updates for affected laptops and issued instructions on how to disable the option on desktops and clean up the LSE files.
Spyware Company That Marketed To Domestic Abusers Gets Hacked - Motherboard
Yes; but with the BS going on with telemetry, it wouldn't surprise me if they tried to buy GitHub to get everyone to use something with built-in spying functionality.

O&O ShutUp10
Ad tracking / spyware platform for games
Teen phone monitoring app leaked thousands of user passwords | ZDNet
Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom’s network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online - Motherboard

Google Data Collection
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them
HPのPCにインストールされるスパイウェアの話。新しいSpectre 13を買う方へ傾いていたがどうしよう……。
I am one of the developers of a popular Chrome extension and we've been approached by malware companies that have tried to buy us. AMA! : IAmA
In a recent study we analyzed seven “session replay” services and revealed how they exfiltrate sensitive user data. Here we release the data behind our study, specifically, the list of websites from the Alexa top 1 million which embed scripts from analytics providers that offer session recording services. The appearance of a website on this list DOES NOT necessarily mean that session recordings occur, as website developers may choose not enable session recording functionality.
Selling a Google Chrome Extension is Easy but Monetizing is Tricky
InLinkUK kiosk
Amnesty International Targeted by NSO Spyware via WhatsApp
Everything with the topic 'When Spies Come Home' on Motherboard
How Israeli spyware tried to hack an Amnesty activist’s phone
Remove that horrific OnePlus ODM spyware. adb shell and thenpm uninstall -k --user 0 net.oneplus.odmAlso herehttps://www.chrisdcmoore.co.uk/post/oneplus-analytics/https://www.reddit.com/r/oneplus/comments/4t20ri/oxygenos_reports_back_tons_of_data_with/
Amnesty International staff targeted with malicious spyware
Use the Windows key + R keyboard shortcut to open the Run command, type regedit, and click OK to open the registry.Browse the following path:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows DefenderIf you don't see DWORD DisableAntiSpyware, right-click on an empty space, select New, and click on DWORD (32-bit) Value. Name the key DisableAntiSpyware.Double-click the newly created key, and set the value from 0 to 1.Then reboot--Testing 2017-10-10, because folders open, sort, etc. very slowly.With the registry value in place, folders sort etc. quickly again.
Don’t Use Facebook’s Onavo VPN: It’s Designed to Spy On You
Obviously, when your are purposely using FaceTime, you expect the webcam and mic to turn on —along with the green LED light. But Wardle's argument is that if another application, say a spyware, turns on right after that, the user has no way of knowing he or she is being spied on. Apple declined to comment. Wardle's new tool is called Oversight, and all it does is monitor webcam and mic usage to detect when an application tries to access them, and notifies the user, who can then decide to allow the stream to go on, or block it. If there's malware on your laptop that's designed to activate only when you turn on your webcam and mic, Oversight will pop up two notifications, one for when FaceTime, Skype or another similar app launches, and one for when the malware turns on
Spanish football league defends phone 'spying' - BBC News
Je mehr offene WLAN-Hotspots es gibt, desto wichtiger werden auch VPN-Apps. Sie schirmen Nutzer vor Schnüfflern im Netzwerk ab. Die von Onavo aber tut noch etwas anderes.
Lenovo used Windows anti-theft feature to install persistent crapware | Ars Technica
BY BILL BUDINGTON, JEREMY GILLULA, AND NATE CARDOZOAPRIL 3, 2017 This post is an UPDATE to a piece we originally published last week. Verizon recently rolled out a new pilot project to pre-install on customers’ devices an app launcher/search tool that, we believe, is really just spyware. This software, called AppFlash, is preloaded on a new model of LG device—the LG K20 V—rather than in all of their Android line as we previously reported. The software allows Verizon and its partners to track the apps you have downloaded and then sell ads to you across the Internet based what those apps say about you, like which bank you use and whether you’ve downloaded a fertility app.
GitHub on Twitter: "We're thrilled to announce that we've entered into an acquisition agreement with @Microsoft! https://t.co/4DezuXTJfV… " | https://twitter.com/
'free' educational apps as way to harvest personal data (location data, access to contacts, etc.)
China crams spyware on phones in Muslim-majority province | The Register
Destroy-Windows-10-Spying - Destroy Windows Spying tool
Red Shell
you more stuff
Apps for online safety are counterproductive

Facebook Has Lost the Plot – 500ish Words

BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?

‘Stalkerware’ Seller Shuts Down Apps ‘Indefinitely’ After Getting Hacked Again - Motherboard

Hacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of Customers - Motherboard

How Tech is Failing Victims of Intimate Partner Violence: Thomas Ristenpart at CITP

Hacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of Customers - Motherboard

Do Not, I Repeat, Do Not Download Onavo, Facebook's Vampiric VPN Service | Gizmodo Australia

A Hacker Has Wiped a Spyware Company’s Servers—Again - Motherboard

HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware

¿Cuál es la diferencia: malware, virus, gusanos, spyware, troyanos, ransomware, etc?

Yeelight, the Bluetooth LED Bedside Lamp from Xiaomi that Spies on You, Part One

HP quietly installs system-slowing spyware on its PCs

Permissionless data slurping: Why Google's latest bombshell matters • The Register

The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts | Privacy Online News

List of websites that have third-party “session replay” scripts

Downloads - Support - Lavasoft

Downloads - The home of Spybot-S&D!

Kids' smartwatches banned in Germany over spying concerns

German government bans children's smartwatches, tells parents to destroy them - Help Net Security

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable / Boing Boing

Obsolete phone boxes | West Norwood News

Sean Parker: Facebook was designed to exploit human "vulnerability" : technology

Security and Privacy Experiences and Practices of Survivors of Intimate Partner Abuse - IEEE Journals & Magazine

When Spies Come Home - Motherboard

Pi-hole®: A black hole for Internet advertisements – curl -sSL https://install.pi-hole.net | bash


How to Uninstall Carrier/OEM Bloatware Without Root Access

tin foil hat time | musings of a word of faith conspiracy theorist

How to permanently disable Windows Defender on Windows 10 | Windows Central

Ex-NSA Hacker Creates Tool To Warn You Of Webcam Spies

Axolotl: A Keylogger for iPhone and Android – Tomas Reimers – Medium

Onavo: Eine VPN-App spioniert für Facebook | ZEIT ONLINE

Over 1,000 Android apps found distributing SonicSpy spyware, including three in the Google Play Store, which silently record audio, take photos, and make calls (Danny Palmer/ZDNet)

EFF: An Update on Verizon's AppFlash: Pre-Installed Spyware Is Still Spyware

Disney Sued for Spying on Kids Using iPhone, Android Apps

The US Army is reportedly banning all drones made by China's DJI over security concerns — Quartz

Dictionary.com discreetly updates app permissions to spy on your phone

Warning: Your Browser Extensions Are Spying On You

GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool

Amazon patents way for drones to scan customers' homes, target them with adverts - Business Insider


2011 Copyright © www.Search24News.com Mobile version 2015 | PeterLife & company
Top Link Tags Stories: World. Business. Technology. Entertainment. Sports. Science. Health. Travel. Blogs.
Skimlinks helps publishers monetize editorial content through automated affiliate links for products. Affiliate programm.
Link at is mandatory if site materials are using fully or particulary.