Encryption, Firmware, Passwords and Surveillance

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Who controls these servers?

Surveillance

Surveillance Hacking Firmware Manufacturing

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. It offers strong encryption and is considered secure for most applications.

Encryption

Encryption Firmware Surveillance Technology

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Unfortunately, users tend to leave these passwords unchanged.

IoT

IoT DDOS Passwords Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

ForrmBook is capable of key logging and capturing browser or email client passwords, but its developers continue to update the malware to exploit the latest Common Vulnerabilities and Exposures (CVS), such as CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability. AZORult's developers are constantly updating its capabilities.

Malware

Malware Banking Healthcare Penetration Testing

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists. logins, passwords, etc.), Gamers beware.

Malware

Malware Banking Energy and Utilities Accountability

ETHERLED: Air-Gapped Systems Can Send Signals via Network Card LEDs

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. user names, passwords, key-loggings) or binary (e.g.,

Firmware

Firmware Social Engineering Surveillance Malware

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It's like using a hash of your street address, as the password for your front door. So it gives you a lot of fertile ground to work on, as compared with the mostly heavily encrypted SSL, TLS web components that a lot of websites and apps use. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It's like using a hash of your street address, as the password for your front door. So it gives you a lot of fertile ground to work on, as compared with the mostly heavily encrypted SSL, TLS web components that a lot of websites and apps use. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

What is Malware? Definition, Purpose & Common Protections

eSecurity Planet

OCTOBER 21, 2022

For example, once it infects your device, a keylogger will start tracking every keystroke you make and sending a log of those keystrokes to the hacker, allowing them to reconstruct any sensitive information you might have entered after infection, such as your PIN, password, or social security number. Ransomware.

Malware

Malware Adware Spyware Antivirus

Exposed security cameras in Israel and Palestine pose significant risks

Security Affairs

OCTOBER 10, 2023

While this communication system is useful for transferring real-time data, it offers neither encryption nor lockout mechanisms against password-guessing. This would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information.

Risk

Risk Encryption VPN Passwords

Cyber Security Informer

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Webinars

Trending Sources

Overview of IoT threats in 2023

Webinars

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Top 10 Malware Strains of 2021

MoonBounce: the dark side of UEFI firmware

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

IT threat evolution Q3 2021

ETHERLED: Air-Gapped Systems Can Send Signals via Network Card LEDs

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

What is Malware? Definition, Purpose & Common Protections

Exposed security cameras in Israel and Palestine pose significant risks

Stay Connected