Blog, Firmware and Surveillance - Cyber Security Informer

QNAP Devices Targeted in Ransomware Attack

Heimadal Security

JANUARY 26, 2022

is a Taiwanese company that specializes in network-attached storage equipment for applications such as file sharing, virtualization, storage management, and surveillance. The post QNAP Devices Targeted in Ransomware Attack appeared first on Heimdal Security Blog. QNAP Systems, Inc. What Happened? When […].

Ransomware

Ransomware Firmware Surveillance Encryption

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. In 2015, the hacker who breached the systems of the Italian surveillance firm Hacking Team leaked a 400GB package containing hacking tools and exploits codes.

Firmware

Firmware Spyware Surveillance Hacking

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. Since this is a convenient and cheap tool to surveil anything from a parking lot, a warehouse, your doorstep, or even monitor your child’s sleep using a baby camera, it’s not surprising to see a surge in IP camera usage.

Surveillance

Surveillance Manufacturing Passwords Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, The vulnerabilities were disclosed during the Hardwear.io

Firmware

Firmware Penetration Testing Manufacturing Authentication

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. CVE-2022-3038 , a sandbox escape in Chrome fixed in August 2022, in version 105 and found by Sergei Glazunov in June 2022.

Spyware

Spyware Surveillance Firmware Internet

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. To nominate, please visit:?

Ransomware

Ransomware Internet Internet Firmware

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

An attacker can hijack the robots to crash them into people and objects, use them to harass patients and staff, for surveillance purposes, to interfere with the delivery of critical patient medication, access patient medical records in violation of HIPAA, and more.

Mobile

Mobile Hacking Firmware Surveillance

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Security experts disclosed Wyze data leak

Security Affairs

DECEMBER 29, 2019

The incident was independently verified by the authors of the blog IPVM that focuses on video surveillance products. It was published in conjunction with a blog post from a private security company also published on December 26th.” “We were first contacted through a support ticket at 9:21 a.m.

IoT

IoT Accountability Advertising Wireless

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

In this blog post, we’ll discuss the results of a vulnerability research study focused on a popular model of smart pet feeder. The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process.

Firmware

Firmware Passwords Manufacturing Mobile

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client. The TCU deploys AI-based runtime threat-detection surveillance and remediation for enhanced tamper •. Threat detection. Traceability and accountability.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

APT annual review 2021

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. We confirmed that several infrastructures on the blog overlapped with our previously published reporting about Lazarus group’s ThreatNeedle cluster.

Malware

Malware Mobile Spyware Surveillance

APT trends report Q1 2022

SecureList

APRIL 27, 2022

In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology. Further analysis showed that the attackers modified a single component within the firmware to append a payload to one of its sections and incorporate inline hooks within particular functions.

Malware

Malware Firmware Government Phishing

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

This campaign was also covered by researchers at Zscaler in a blog post. We published a blog post at that time detailing the technical details of ShadowPad and its supply-chain attack campaign after its initial discovery, when it was deployed by an APT group known as Barium or APT41.

Malware

Malware Government Surveillance Spyware

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. In line with our predictions, we released two blog posts in 2022 introducing sophisticated low-level bootkits. Drone hacking!

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

QNAP Devices Targeted in Ransomware Attack

Second-ever UEFI rootkit used in North Korea-themed attacks

Webinars

Trending Sources

3.5m IP cameras exposed, with US in the lead

Webinars

HID Mercury Access Controller flaws could allow to unlock Doors

Google TAG shares details about exploit chains used to install commercial spyware

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security experts disclosed Wyze data leak

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

APT annual review 2021

APT trends report Q1 2022

APT trends report Q3 2021

Advanced threat predictions for 2023

Stay Connected