Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile 141

Mobile Hacking Firmware Surveillance 141

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. SecurityAffairs – hacking, IP cameras).

Surveillance 138

Surveillance Manufacturing Passwords Internet 138

Security Affairs

AUGUST 17, 2021

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data. This varies from device to device but typically is used for device telemetry, firmware updates, and device control.” ” continues Mandiant.

IoT 112

IoT Hacking Social Engineering Firmware 112

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The flaw made headlines because it was exploited by surveillance firms for their spyware. This vulnerability grants the attacker system access.

Spyware 96

Spyware Surveillance Firmware Hacking 96

Security Affairs

SEPTEMBER 28, 2021

Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. SecurityAffairs – hacking, FinFisher). “During our research, we found a UEFI bootkit that was loading FinSpy. .” Pierluigi Paganini.

Spyware 98

Spyware Surveillance Firmware Malware 98

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware 113

Firmware Surveillance Manufacturing Advertising 113

Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, SecurityAffairs – hacking, HID Mercury Access Controllers).

Firmware 99

Firmware Penetration Testing Manufacturing Authentication 99

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS 96

DDOS Firmware Surveillance IoT 96

Security Affairs

JULY 31, 2022

SecurityAffairs – hacking, newsletter). and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S. Pierluigi Paganini.

Firmware 86

Firmware Surveillance Malware DDOS 86

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. SecurityAffairs – hacking, cybercrime). ” continues the DoJ.

Identity Theft 85

Identity Theft Computers and Electronics Surveillance Hacking 85

Threatpost

SEPTEMBER 17, 2018

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

Surveillance 88

Surveillance Firmware IoT Hacking 88

Security Affairs

MARCH 29, 2023

At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. Even smaller surveillance vendors have access to 0-days, and vendors stockpiling and using 0-day vulnerabilities in secret pose a severe risk to the Internet.” This vulnerability grants the attacker system access.

Spyware 96

Spyware Surveillance Firmware Internet 96

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices.

Encryption 52

Encryption Firmware Surveillance Technology 52

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. This was determined through static analysis of the firmware shipping with the device.

Firmware 91

Firmware Surveillance IoT Passwords 91

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 97

Data breaches DDOS Artificial Intelligence Ransomware 97

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT 52

IoT Hacking Internet Internet 52

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. SecurityAffairs – hacking, NAS).

Ransomware 103

Ransomware Internet Internet Firmware 103

The Security Ledger

DECEMBER 19, 2023

But software and always-on Internet connectivity have also enabled abusive practices, such as mass, commercial surveillance of consumers and de-facto monopolies on things like service and repair. The post Episode 254: Dennis Giese’s Revolutionary Robot Vacuum. Read the whole entry. » » Click the icon below to listen.

IoT 75

IoT Manufacturing Internet Internet 75

Security Affairs

JULY 25, 2018

AVTech is one of the world’s leading CCTV manufacturers, it is the largest public-listed company in the Taiwan surveillance industry. EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware. Securi ty Affairs – Death botnet, hacking).

Firmware 49

Firmware Passwords IoT Advertising 49

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. ” The second vulnerability requires physical access to be triggered, it can be exploited by an attacker to load a tainted version of the firmware by inserting a microSD card into the vacuum.

Firmware 47

Firmware Surveillance Authentication Technology 47

Security Affairs

SEPTEMBER 16, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 59

Firmware Advertising Surveillance Data breaches 59

eSecurity Planet

FEBRUARY 22, 2022

Pegasus performs zero-click hacks by exploiting security flaws in popular applications installed by default on iOS and Android, such as WhatsApp, Telegram, Skype, or iMessage. NSO’s software provides an interface for performing such high-level cyberattacks, something like a business approach to hacking at scale.

Spyware 108

Spyware Software Government Social Engineering 108

SecureWorld News

AUGUST 8, 2022

FormBook FormBook is an information stealer advertised in hacking forums. Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. AZORult's developers are constantly updating its capabilities.

Malware 81

Malware Banking Penetration Testing Healthcare 81

Security Affairs

AUGUST 12, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS 46

DNS Firmware Advertising Surveillance 46

Security Affairs

DECEMBER 29, 2019

The incident was independently verified by the authors of the blog IPVM that focuses on video surveillance products. SecurityAffairs – data leak, hacking). According to Twelve Security , the exposed data includes: User name and email of those who purchased cameras and then connected them to their home 24% of the 2.4

IoT 74

IoT Accountability Advertising Wireless 74

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Another type of service sold on the dark web is IoT hacking. Cameras may be hacked for their CPU power only, to mine crypto, or to install DDoS utilities.

IoT 88

IoT DDOS Passwords Malware 88

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs. Pierluigi Paganini.

Surveillance 85

Surveillance Firmware Mobile Advertising 85

Security Affairs

JULY 23, 2018

Both vulnerabilities effects Sony IPELA E series G5 firmware 1.87.00, the tech giant released an update last week to address them. Securi ty Affairs – Sony IPELA E, hacking). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 57

Advertising Firmware Hacking Surveillance 57

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware 141

Firmware Malware Spyware Surveillance 141

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources. Probably not.

IoT 52

IoT DDOS Malware Internet 52

SecureList

OCTOBER 26, 2021

Upon further investigation we also discovered additional implants deployed through both ShadowPad and ShadowShredder, such as Quarian backdoor, PlugX, Poison Ivy and other hack tools. In this quarter we focused on researching and dismantling surveillance frameworks following malicious activities we detected.

Malware 140

Malware Government Surveillance Spyware 140

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Update libraries and instances to versions patched after February 8, 2024. and a medium (CVSS 4.3)

IoT 103

IoT Internet Internet Ransomware 103

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. One glaring example is Iran, which faced a series of spectacular hacks and sabotages.

Firmware 107

Firmware Surveillance Mobile Telecommunications 107

SecureList

NOVEMBER 14, 2023

Mail servers become priority targets In June, Recorded Future warned that BlueDelta (aka Sofacy, APT28, Fancy Bear and Sednit) exploited vulnerabilities in Roundcube Webmail to hack multiple organizations including government institutions and military entities involved in aviation infrastructure. Drone hacking!

Hacking 103

Hacking Energy and Utilities Media Malware 103

Security Affairs

OCTOBER 10, 2023

This would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information. Keep camera firmware up to date to address security vulnerabilities and improve overall system security. Ensure that RTSP cameras require solid and unique passwords for access.

Risk 110

Risk Encryption VPN Passwords 110