Encryption, Firmware, Internet and Surveillance

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Who controls these servers?

Surveillance

Surveillance Hacking Firmware Manufacturing

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” and QTS 4.4.1. “QNAP® Systems, Inc.

Ransomware

Ransomware Internet Internet Firmware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

Brute-force attacks on services that use SSH, a more advanced protocol that encrypts traffic, can yield similar outcomes. User files were encrypted, with the device’s interface displaying a ransom note demanding payment of 0.03 BTC to recover the data. Regrettably, vendors could have done a much better job fixing those.

IoT

IoT DDOS Passwords Malware

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware

Firmware Passwords Manufacturing Mobile

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

The Internet of Things presents us with both convenience and inconvenience at the same time, suddenly everything is smart is hackable again with startups sometimes repeating security mistakes made decades ago in the rush to market toys. The question is, who is hacking the internet of things today, and how does one even get started?

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

The Internet of Things presents us with both convenience and inconvenience at the same time, suddenly everything is smart is hackable again with startups sometimes repeating security mistakes made decades ago in the rush to market toys. The question is, who is hacking the internet of things today, and how does one even get started?

IoT

IoT Hacking Internet Internet

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The vulnerability is in MSHTML, the Internet Explorer engine. At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists.

Malware

Malware Banking Energy and Utilities Accountability

ETHERLED: Air-Gapped Systems Can Send Signals via Network Card LEDs

SecureWorld News

AUGUST 24, 2022

Air-gapping a device or system is thought of as a way to isolate your device from the internet, or other public-facing networks, so that it is highly secure and untouchable to threat actors. If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands.

Firmware

Firmware Social Engineering Surveillance Malware

What is Malware? Definition, Purpose & Common Protections

eSecurity Planet

OCTOBER 21, 2022

Today, malware is a common threat to the devices and data of anyone who uses the Internet. Ransomware is one of the most virulent forms of malware on the modern Internet. Activation: The ransomware begins encrypting sensitive files or locking down the system. Firmware rootkits are also known as “hardware rootkits.”.

Malware

Malware Adware Spyware Antivirus

Exposed security cameras in Israel and Palestine pose significant risks

Security Affairs

OCTOBER 10, 2023

The Cybernews research team has found at least 165 exposed internet-connected RTSP cameras in Israel and 29 exposed RTSP cameras in Palestine, which are open and accessible to anyone. While this communication system is useful for transferring real-time data, it offers neither encryption nor lockout mechanisms against password-guessing.

Risk

Risk Encryption VPN Passwords

Cyber Security Informer

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Webinars

Trending Sources

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Webinars

MoonBounce: the dark side of UEFI firmware

Overview of IoT threats in 2023

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

IT threat evolution Q3 2021

ETHERLED: Air-Gapped Systems Can Send Signals via Network Card LEDs

What is Malware? Definition, Purpose & Common Protections

Exposed security cameras in Israel and Palestine pose significant risks

Stay Connected