2018, Firmware and Surveillance - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. percent from 2018. Firmware is on everything from hard drives, motherboards and routers to office printers and smart medical devices.

Firmware

Firmware Hacking Software Surveillance

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. This was determined through static analysis of the firmware shipping with the device.

Firmware

Firmware Surveillance IoT Passwords

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Threatpost

SEPTEMBER 17, 2018

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

Surveillance

Surveillance Firmware IoT Hacking

U.S. Organizations Continue to Use Banned Chinese Tech

SecureWorld News

SEPTEMBER 30, 2021

Cybersecurity and Infrastructure Security Agency (CISA) recently warned administrators about a vulnerability that would allow threat actors to take control of devices produced by Hikvision, a Chinese state-owned video surveillance company. In 2018, the U.S. agencies and organizations using Chinese technology.

Firmware

Firmware Surveillance Government Technology

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices.

Encryption

Encryption Firmware Surveillance Technology

Security Affairs newsletter Round 180 – News of the week

Security Affairs

SEPTEMBER 16, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy.

Firmware

Firmware Advertising Surveillance Data breaches

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. The two vulnerabilities have been tracked as CVE-2018-10987 and CVE-2018-10988 , the former could be exploited by a remote attacker meanwhile the latter needs physical access to the device.

Firmware

Firmware Surveillance Authentication Technology

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs. Pierluigi Paganini.

Surveillance

Surveillance Firmware Mobile Advertising

Sony addresses remotely exploitable flaws in Sony IPELA E Network Cameras

Security Affairs

JULY 23, 2018

The first vulnerability, tracked as CVE-2018-3937, is a command injection issue that affects the measurementBitrateExec features implemented in the IPELA E Series Network Camera. Both vulnerabilities effects Sony IPELA E series G5 firmware 1.87.00, the tech giant released an update last week to address them.

Advertising

Advertising Firmware Hacking Surveillance

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists.

Malware

Malware Banking Energy and Utilities Accountability

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2018, we got some broader exemptions for all data, all devices all types of devices. The Mirai botnet contributed to a massive denial of service attack that brought parts of the Internet to a standstill, what was remarkable was that Mariah was constructed from 1000s of Internet of Things devices, namely surveillance cameras.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2018, we got some broader exemptions for all data, all devices all types of devices. The Mirai botnet contributed to a massive denial of service attack that brought parts of the Internet to a standstill, what was remarkable was that Mariah was constructed from 1000s of Internet of Things devices, namely surveillance cameras.

IoT

IoT Hacking Internet Internet

APT annual review 2021

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. Moreover, the malware mentioned by Google matched ThreatNeedle – malware that we have been tracking since 2018. Firmware vulnerabilities.

Malware

Malware Mobile Spyware Surveillance

APT trends report Q1 2022

SecureList

APRIL 27, 2022

We had initially analyzed this Delphi malware in April 2018. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology. Some capabilities we analyzed are similar to those provided in other notorious post-exploitation toolkits. Other interesting discoveries.

Malware

Malware Firmware Government Phishing

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources. Probably not.

IoT

IoT DDOS Malware Internet

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

On June 3, Check Point published a report about an ongoing surveillance operation targeting a Southeast Asian government, and attributed the malicious activities to a Chinese-speaking threat actor named SharpPanda. Lyceum is a threat group operating against high-profile targets in the Middle East since at least 2018. Middle East.

Malware

Malware Government Surveillance Spyware

Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Trending Sources

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Beastmode Mirai botnet now includes exploits for Totolink routers

Guardzilla Security Video System Footage exposed online

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

U.S. Organizations Continue to Use Banned Chinese Tech

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Security Affairs newsletter Round 180 – News of the week

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Expert found Russia’s SORM surveillance equipment leaking user data

Sony addresses remotely exploitable flaws in Sony IPELA E Network Cameras

IT threat evolution Q3 2021

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

APT annual review 2021

APT trends report Q1 2022

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

APT trends report Q3 2021

Stay Connected