Accountability, Firmware, Internet and Surveillance

Accountability

Firmware

Internet

Surveillance

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. In the last year, there have been several public accounts on the ongoing trend of UEFI threats. What happened?

Firmware

Firmware Malware Encryption Passwords

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware

Firmware Passwords Manufacturing Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. This was determined through static analysis of the firmware shipping with the device.

Firmware

Firmware Surveillance IoT Passwords

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Korenix has developed another firmware that the organization incorporates in its JetNet industrial switches. These vulnerabilities include: Backdoor account. Surveillance.

Firmware

Firmware Energy and Utilities Cyber Attacks Surveillance

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Disconnect printers from internet access until a patch becomes available. and a medium (CVSS 4.3)

IoT

IoT Internet Internet Ransomware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

The Security Ledger

NOVEMBER 11, 2019

» Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Terry is a former NSA employee who specializes in firmware security. We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks.

Risk

Risk Surveillance Firmware Technology

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. ” The second vulnerability requires physical access to be triggered, it can be exploited by an attacker to load a tainted version of the firmware by inserting a microSD card into the vacuum.

Firmware

Firmware Surveillance Authentication Technology

What is Malware? Definition, Purpose & Common Protections

eSecurity Planet

OCTOBER 21, 2022

Today, malware is a common threat to the devices and data of anyone who uses the Internet. Ransomware is one of the most virulent forms of malware on the modern Internet. Firmware rootkits are also known as “hardware rootkits.”. Programs being opened or accessing the Internet without your permission.

Malware

Malware Adware Spyware Antivirus

Security experts disclosed Wyze data leak

Security Affairs

DECEMBER 29, 2019

Experts from Twelve Security claimed they found API tokens that would have allowed hackers to access Wyze user accounts from any iOS or Android device. The incident was independently verified by the authors of the blog IPVM that focuses on video surveillance products. on December 26 by a reporter at IPVM.com. ” continues Wyze.

IoT

IoT Accountability Advertising Wireless

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The vulnerability is in MSHTML, the Internet Explorer engine. At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists.

Malware

Malware Banking Energy and Utilities Accountability

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

The first accounts of its activity date back to March last year, in which archives carrying COVID-related decoy file names that contained a malicious executable were described in a tweet by MalwareHunterTeam. In this quarter we focused on researching and dismantling surveillance frameworks following malicious activities we detected.

Malware

Malware Government Surveillance Spyware

Cyber Security Informer

MoonBounce: the dark side of UEFI firmware

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Webinars

Trending Sources

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Webinars

Guardzilla Security Video System Footage exposed online

Botnet operators target multiple zero-day flaws in LILIN DVRs

Industrial Switches from different Vendors Impaired by Similar Exposures

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

What is Malware? Definition, Purpose & Common Protections

Security experts disclosed Wyze data leak

IT threat evolution Q3 2021

APT trends report Q3 2021

Stay Connected