One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8463833 |
| Date de publication | 2024-03-14 10:00:00 (vue: 2024-03-14 15:07:48) |
| Titre | Spyware commercial: la menace furtive Commercial spyware: The stealthy threat |
| Texte | It can be difficult to over-estimate the benefits that we accrue from the use of technology in our day to day lives. But these benefits have come at a price which has redefined what we expect in terms of privacy. As a member of Generation X, which came of age at the dawn of the Internet era and witnessed the rise of an entire industry built on consumer information analytics, I have on occasion struck my own Faustian bargains, offering up my personal data in exchange for convenience. As have we all. In doing so we are implicitly trusting the organization that runs the website or app in question to safeguard our information effectively. Spyware, as the name suggests, is software designed to covertly gather data about a victim without their consent. Spyware can infect both computers and mobile devices, infiltrating them through malicious or hacked websites, phishing emails, and software downloads. Unlike other forms of malware that may seek to disrupt or damage systems, spyware operates discreetly, often evading detection while silently siphoning off sensitive information. When deployed against individuals this data can range from browsing habits and keystrokes to login credentials and financial information. Spyware can access microphones and cameras for purposes of gathering intelligence or evidence when deployed by government agencies, or capturing content for purposes of sale, blackmail, or other monetization schemes if deployed by threat actors. The effects of which can be devastating. The proliferation of commercial spyware poses significant risks to companies as well. Commercial spyware is a niche industry which develops and markets software for the purpose of data collection. Their products use many of the same methods as other kinds of malware. Often, commercial spyware leverages zero-day exploits that were either developed by the vendor in question or purchased from independent researchers. For example, in a recent report, Google researchers concluded that approximately half of the zero-day vulnerabilities targeting their products over the past decade were the work of “Commercial Surveillance Vendors” (https://www.scmagazine.com/news/spyware-behind-nearly-50-of-zeros-days-targeting-google-products). |
| Envoyé | Oui |
| Condensat | “commercial “double 010 2017 about access accrue actor actors addition additional against age agencies agency ago all also analytics app applicable approach approximately apps are associated attackers auctioned audiences awareness bargains based bear been before behavioral behind benefits blackmail both brokers browsing built business but came cameras can capabilities capturing cases cause changed collection com/news/spyware combat come commercial companies computers concluded conduct consent consumer consumers content convenience costs could covertly creates creating credentials damage data date dawn day days decade defense deployed designed detect detection devastating developed develops devices difficult disclose disclosed discovering discreetly disrupt does doing download downloads effectively effects either emails enable enacted encrypting encryption ensure entire environment era essential established estimate evading evaluate events ever evidence example exchange exercised exfiltration expect exploit exploits exposure extension extortion” faustian financial fines firstly focus following: forms from fronts further gather gathering generation google government greater groups habits hacked had half harm has have help https://www hunting identifiable impacted implicitly include inconvenience increased increasing independent individuals industry infect infection infections infiltrating information install endpoint intellectual intelligence internet issues keep keystrokes kinds known later laws least led legislation leverages limited links litigation lives login long longer look looking malicious malware many market markets may mechanism member memory methods microphones minimize mobile monetization more ms17 multi name nearly niche not occasion off offering often ongoing only operates operating organization organizations other over own past patches penalties persistence personal personally phishing policies poses potential practice present preserving previously price prior privacy privilege proactive products proliferation pronged property protect protected protecting purchased purpose purposes putting question range ransomware real reboot recent redefined regular regularly remediated remediation remember remove report reputed require requires researchers resident responsible responsibly result resulting retention rise risk risks runs safe safeguard safeguarding sale same scanning schemes scmagazine secondly security seek sensitive sentinelone several shadow shareholders shifted significant signs silently since siphoning software some sources spread spyware spyware: stealing stealthy strong struck success such suggests surveillance suspicious system systems tactics targeting technology terms than them these those threat threats through time times tools trusted trusting try two ultimately under undisclosed unintended unknown unlike unpatched unreported unscrupulous unsolicited use vendor vendors vendors” victim vigilance vulnerabilities wary weaponizing website websites well what when whether which who wide wikipedia within without witnessed work years yet your zero zeros |
| Tags | Ransomware Malware Tool Vulnerability Threat Legislation Mobile Commercial |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.