Collaborate Disseminate
Amnesty International revealed the existence of Linux and macOS variants of FinSpy, a commercially available spy suite used extensively by threat actors, as well as law enforcement agencies and government from around the world. Criminals are not respon… Continue reading Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty International
FinSpy has returned in new campaigns targeting dissident organizations in Egypt – and researchers uncovered new samples of the spyware targeting macOS and Linux users. Continue reading Mac, Linux Users Now Targeted by FinSpy Variants
The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more. Continue reading Latest FinSpy Modules Lift Data from Secure Messaging Apps
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy—also known as FinFisher—has been discovered in the wild targeting users in Myanmar.
Created by German company Gamma International,… Continue reading Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar
A new report details a widespread campaign targeting several Turkish activists and protesters, using the infamous government malware made by FinFisher. Continue reading Turkey’s Government Tried to Hack Hundreds of Protesters Over Twitter, Researchers Say
Adobe Systems released an emergency patch for a critical vulnerability in Flash Player that was being exploited in the wild through Microsoft Word documents to infect computers with a known surveillance tool. The vulnerability, tracked as CVE-2017-1129… Continue reading Adobe Fixes Critical Flash Player Vulnerability Exploited in the Wild
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis. Continue reading Adobe Patches Flash Zero Day Exploited by Black Oasis APT
Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate?
Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have … Continue reading ISPs May Be Helping Hackers to Infect you with FinFisher Spyware
This week saw a veritable patchwork quilt of updates to Microsoft products – including one zero-day Continue reading Microsoft patches second FinSpy zero-day exploit this year
A well-funded spy group appears to have recently acquired a highly sophisticated zero day vulnerability and used it to deploy a remote access trojan against a Russian-speaking “entity,” according to evidence discovered by U.S. cybersecurity firm FireEye. Researchers with FireEye found the disruptive software vulnerability, which affects recent versions of Microsoft Word, in July. The trojan, known as FinSpy, is made by infamous surveillance technology firm FinFisher, a blog post by FireEye says. The Word flaw remained unpatched until Tuesday afternoon, when Microsoft issued its monthly security update. This vulnerability, labeled CVE-2017-8759, was used as recently as late August to hack into systems, FireEye analyst Ben Read told CyberScoop. Analysts originally uncovered CVE-2017-8759 while examining a highly targeted phishing email that was written in Russian. The email contained an attachment that when opened exploited a software flaw in the word processor to remotely download FinSpy from a computer server controlled by the attacker. […]
The post New Microsoft Word zero day used in Russian-language spyware campaign, analysts say appeared first on Cyberscoop.
Continue reading New Microsoft Word zero day used in Russian-language spyware campaign, analysts say