2014, Passwords and Surveillance - Cyber Security Informer

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

RedTorch Formed from Ashes of Norse Corp.

Krebs on Security

MARCH 22, 2021

By 2014 it was throwing lavish parties at top Internet security conferences. An ad for RedTorch’s “Cheetah” counter-surveillance tech. Victims of those breaches lost a lot of private data including passwords, and Frigg will help them secure their private data in the future.

Surveillance

Surveillance Computers and Electronics Internet Internet

FBI is searching for contractors to monitor social media

Security Affairs

AUGUST 12, 2019

The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them. “Such a tool would likely violate the companies’ ban against using their data for surveillance.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Media

Media Surveillance Advertising Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. Pierluigi Paganini.

Firmware

Firmware Surveillance Manufacturing Advertising

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Surveillance IoT Passwords

One million cracked Poshmark accounts being sold online

Security Affairs

SEPTEMBER 2, 2019

The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc. The compromised data included email addresses, names, usernames , genders, locations and passwords stored as bcrypt hashes.

Accountability

Accountability Data breaches Passwords Advertising

Saudi caller ID Dalil app exposed data of more than 5 million users

Security Affairs

MARCH 10, 2019

The Android caller ID app Dalil exposed online data belonging over 5 million users, security experts discovered a MongoDB database left accessible on the web without a password. The availability of this data represents a serious threat to the privacy of the users, threat actors could use it for surveillance activity.

Passwords

Passwords Advertising Surveillance Encryption

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

JULY 25, 2019

The list of functionalities implemented by the spyware includes: Track device location Get nearby cell tower info Retrieve accounts and associated passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Advertising

Lab test provider LifeLabs disclose a data breach that exposed personal info of 15M customers

Security Affairs

DECEMBER 18, 2019

“Through proactive surveillance, LifeLabs recently identified a cyber-attack that involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results.” ” said Brown. Pierluigi Paganini.

Data breaches

Data breaches Identity Theft Insurance Advertising

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

Once hacked vulnerable systems, attackers could steal personal information and conduct a wide range of malicious activities, including lock or unlock doors and gates, control elevator access, trigger alarms, intercept video surveillance streams, and manipulate HVAC systems and lights, disrupt operations. Pierluigi Paganini.

Hacking

Hacking Advertising Surveillance Data collection

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

Israel surveillance firm NSO group can mine data from major social media. Slack resetting passwords for roughly 1% of its users. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

Small Business

Small Business Media Spyware DNS

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

NOVEMBER 15, 2022

Penchukov was named in a 2014 indictment by the U.S. The JabberZeus crew’s name is derived from the malware they used, which was configured to send them a Jabber instant message each time a new victim entered a one-time password code into a phishing page mimicking their bank.

Banking

Banking Small Business Accountability Cybercrime

Security Affairs newsletter Round 225 and Important Update

Security Affairs

AUGUST 4, 2019

million fine for selling flawed surveillance technology to the US Gov. DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Cisco to pay $8.6 Pierluigi Paganini.

Data breaches

Data breaches eCommerce Hacking Malware

Security Affairs newsletter Round 209 – News of the week

Security Affairs

APRIL 14, 2019

Experts spotted the iOS version of the Exodus surveillance app. WPA3 attacks allow hackers to hack Wi-Fi password. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. LimeRAT spreads in the wild. Yahoo proposes $117.5

Data breaches

Data breaches DNS Advertising Surveillance

Parental control spyware app Family Orbit hacked, pictures of hundreds of monitored children were exposed

Security Affairs

SEPTEMBER 4, 2018

The company that sells the parental control spyware app Family Orbit has been hacked, the pictures of hundreds of monitored children were left online only protected by a password. The data was protected by an easy-to-guess password only. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Hacking Data breaches Passwords

Russia’s SolarWinds Attack

Schneier on Security

DECEMBER 28, 2020

We don’t know how, but last year the company’s update server was protected by the password “solarwinds123” — something that speaks to a lack of security culture.) North Korea attacked Sony in 2014. If anything, the US’s prioritization of offense over defense makes us less safe.

Hacking

Hacking Government Internet Internet

Security Affairs newsletter Round 215 – News of the week

Security Affairs

MAY 26, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO. G Suite users passwords stored in plain-text for more than 14 years. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Surveillance Ransomware Passwords

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. To succeed, the attacker must authenticate on the device—which is made easier by the fact that many affected devices have the default username and password combination (admin:888888).”

Firmware

Firmware Surveillance Authentication Technology

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs

JULY 25, 2018

AVTech is one of the world’s leading CCTV manufacturers, it is the largest public-listed company in the Taiwan surveillance industry. The security expert Ankit Anubhav who discovered the Death botnet revealed that outdated firmware versions expose the passwords of the AVTech device in cleartext. ” Stay tuned.

Firmware

Firmware Passwords IoT Advertising

Security Affairs newsletter Round 229 – News of the week

Security Affairs

SEPTEMBER 1, 2019

Expert found Russias SORM surveillance equipment leaking user data. Foxit Software discloses a data breach that exposed user passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

eCommerce

eCommerce Data breaches Malware Advertising

The author of the LuminosityLink RAT sentenced to 30 Months in Prison

Security Affairs

OCTOBER 18, 2018

Among other malicious features, LuminosityLink allowed Grubbs’ customers to record the keys that victims pressed on their keyboards, surveil victims using their computers’ cameras and microphones, view and download the computers’ files, and steal names and passwords used to access websites.” Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Cybercrime Advertising Marketing

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by Kaspersky. “The version that we named “B” was compiled in 2018 and again at the end of 2019. . Pierluigi Paganini.

Malware

Malware Media Advertising Surveillance

Security Affairs newsletter Round 175 – News of the week

Security Affairs

AUGUST 12, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. Security Affairs – Newsletter ).

Firmware

Firmware DNS Advertising Surveillance

Homebuyers Being Targeted by Money Transfer Scam

Security Affairs

SEPTEMBER 21, 2018

He intended to wire upward of $1 million to the seller of the property but was unaware that his conversations were under surveillance by scammers. These measures include a frequent change in passwords, using mismatched and uncommon characters to avoid predictability. His business partner was equally unaware. Pierluigi Paganini.

Scams

Scams Advertising Accountability Surveillance

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

PagerDuty Operations performance 2014 NYSE: PD Auth0 Identity management 2014 Acquired: Okta. Notable cybersecurity exits for the company include Forescout, Imperva, Webroot, Tenable, and Crowdstrike; and Accel’s other successful investments include Atlassian, Cloudera, Etsy, and Meta. Accel Investments. NightDragon.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

The stealthy email stealer in the TA505 hacker group’s arsenal

Security Affairs

MAY 16, 2019

During the last month, our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. The malicious executable is substantially an email stealer, in fact, the only purpose is to retrieve all the emails and passwords accounts present inside the victim machine.

Banking

Banking Malware Surveillance Retail

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

Malwarebytes

APRIL 14, 2021

They fell foul to password reuse. This means criminals figuring out the passwords to other criminals’ web shells could also potentially access the compromised servers. The FBI requested a rule change for expanded access powers back in 2014 , and it was granted in 2016.

Malware

Malware Hacking Phishing Passwords

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. The first domain was “ ns0.idm.net.lb

DNS

DNS Internet Internet Government

Advanced threat predictions for 2022

SecureList

NOVEMBER 17, 2021

Blackberry released a report centered around an entity they call Zebra 2104 and which appears to be an “initial access broker” According to their research, Zebra 2014 has provided ransomware operators with an initial foothold into some of their victims. And now, we turn our attention to the future.

Mobile

Mobile Surveillance Ransomware Government

What To Know About Privacy Data

Identity IQ

JANUARY 17, 2023

Electronic Communications Privacy Act (ECPA): This act generally restricts the surveillance of electronic communication methods. When you add this type of data to cloud storage, ensure your account is protected with more than just a password. It also restricts the government from wiretapping phone calls and emails.

Data privacy

Data privacy Identity Theft Accountability Banking

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Malwarebytes

MAY 9, 2023

It contained a Russian name (redacted for privacy) followed by the DNR letters (probably Donetskaya Narodnaya Respublika, referring to one of the cities declared independent in 2014, and a known target to the group). Attackers made a great and long surveillance of this victim, which extended until Jan 2023.

Surveillance

Surveillance Accountability DNS Encryption

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists. logins, passwords, etc.), Gamers beware. an invoice).

Malware

Malware Banking Energy and Utilities Accountability

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources.

IoT

IoT DDOS Malware Internet

Cyber Security Informer

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

RedTorch Formed from Ashes of Norse Corp.

Webinars

Trending Sources

FBI is searching for contractors to monitor social media

Webinars

Botnet operators target multiple zero-day flaws in LILIN DVRs

Guardzilla Security Video System Footage exposed online

One million cracked Poshmark accounts being sold online

Saudi caller ID Dalil app exposed data of more than 5 million users

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Lab test provider LifeLabs disclose a data breach that exposed personal info of 15M customers

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs newsletter Round 223 – News of the week

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Security Affairs newsletter Round 225 and Important Update

Security Affairs newsletter Round 209 – News of the week

Parental control spyware app Family Orbit hacked, pictures of hundreds of monitored children were exposed

Russia’s SolarWinds Attack

Security Affairs newsletter Round 215 – News of the week

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs newsletter Round 229 – News of the week

The author of the LuminosityLink RAT sentenced to 30 Months in Prison

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs newsletter Round 175 – News of the week

Homebuyers Being Targeted by Money Transfer Scam

Top VC Firms in Cybersecurity of 2022

The stealthy email stealer in the TA505 hacker group’s arsenal

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Advanced threat predictions for 2022

What To Know About Privacy Data

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

IT threat evolution Q3 2021

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

Stay Connected