Firmware, Surveillance and Technology - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Firmware is on everything from hard drives, motherboards and routers to office printers and smart medical devices. The Chinese are all over this.

Firmware

Firmware Hacking Software Surveillance

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware

Firmware Surveillance Marketing VPN

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. And while cosmetic security measures are in place, security leaders have long warned that technologies produced by Chinese companies can be exploited by China’s government. Surge in internet-facing cameras. Most insecure brands.

Surveillance

Surveillance Manufacturing Passwords Internet

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero experts focus on attacks carried out by nation-state actors or surveillance firms, this means that one of these threat actors may be behind the exploitation of the Qualcomm flaws. WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem.

Firmware

Firmware Surveillance Authentication Manufacturing

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. Detection and Prevention: Security professionals and organizations are developing technologies to detect and mitigate drone signal hijacking, including RF signal analysis and drone detection systems.

Encryption

Encryption Firmware Surveillance Technology

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Korenix has developed another firmware that the organization incorporates in its JetNet industrial switches. Malicious firmware and bootloader uploads are possible too.

Firmware

Firmware Energy and Utilities Cyber Attacks Surveillance

U.S. Organizations Continue to Use Banned Chinese Tech

SecureWorld News

SEPTEMBER 30, 2021

Cybersecurity and Infrastructure Security Agency (CISA) recently warned administrators about a vulnerability that would allow threat actors to take control of devices produced by Hikvision, a Chinese state-owned video surveillance company. agencies and organizations using Chinese technology. still using banned Chinese tech.

Firmware

Firmware Surveillance Government Technology

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

The Security Ledger

NOVEMBER 11, 2019

» Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Terry is a former NSA employee who specializes in firmware security. government ban on the technology. Read the whole entry. » Terry Dunlap is the co-founder of ReFirm Labs.

Risk

Risk Surveillance Firmware Technology

Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition

Security Boulevard

MAY 1, 2022

More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform?

Firmware

Firmware Cybersecurity Surveillance Technology

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. Since the vacuum has Wi-Fi, a webcam with night vision, and smartphone-controlled navigation, an attacker could secretly spy on the owner” reads the post published by Positive Technologies.

Firmware

Firmware Surveillance Authentication Technology

Zero-Click Attacks a Growing Threat

eSecurity Planet

FEBRUARY 22, 2022

It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation. Such technology, often called user and entity behavior analytics (UEBA) , is offered as a standalone product, but has also increasingly been showing up as a feature in more traditional security products like EDR and SIEM.

Spyware

Spyware Software Government Social Engineering

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

The same technologies that make supply chains faster and more effective also threaten their cybersecurity,” writes David Lukic , a privacy, security, and compliance consultant. The inherent complexity of the supply chain for modern technology is a reason why so many cybercrime attempts have been successful. Threat detection.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. So using existing technology makes sense. That's both good and bad.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. So using existing technology makes sense. That's both good and bad.

IoT

IoT Hacking Internet Internet

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

We have seen targeted attacks exploiting the vulnerability to target companies in research and development, the energy sector and other major industries, banking, the medical technology sector, as well as telecoms and IT. FinSpy: analysis of current capabilities.

Malware

Malware Banking Energy and Utilities Accountability

APT trends report Q1 2022

SecureList

APRIL 27, 2022

In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology. Further analysis showed that the attackers modified a single component within the firmware to append a payload to one of its sections and incorporate inline hooks within particular functions.

Malware

Malware Firmware Government Phishing

APT annual review 2021

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. On April 14-15, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Firmware vulnerabilities.

Malware

Malware Mobile Spyware Surveillance

What is Malware? Definition, Purpose & Common Protections

eSecurity Planet

OCTOBER 21, 2022

Once a system is infected, ransomware attacks usually come in 3 stages: Surveillance: The hackers scan their target for more information on the system they are attacking. Firmware rootkits are also known as “hardware rootkits.”. This information can range from what websites you visit to your download history to your bank PIN.

Malware

Malware Adware Spyware Antivirus

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. APT targeting turns toward satellite technologies, producers and operators.

Firmware

Firmware Surveillance Mobile Telecommunications

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

APT targeting turns toward satellite technologies, producers and operators The only known case of an attack utilizing satellite technologies that happened in recent years was the KA-SAT network hack of 2022. The next WannaCry Fortunately for us, a new cyber epidemic did not happen. Verdict: prediction not fulfilled ❌ 4.

Hacking

Hacking Energy and Utilities Media Malware

Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Webinars

Trending Sources

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Webinars

Patch now! Insecure Hikvision security cameras can be taken over remotely

3.5m IP cameras exposed, with US in the lead

Chipmaker Qualcomm warns of three actively exploited zero-days

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Industrial Switches from different Vendors Impaired by Similar Exposures

U.S. Organizations Continue to Use Banned Chinese Tech

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition

MoonBounce: the dark side of UEFI firmware

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Zero-Click Attacks a Growing Threat

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

IT threat evolution Q3 2021

APT trends report Q1 2022

APT annual review 2021

What is Malware? Definition, Purpose & Common Protections

Advanced threat predictions for 2023

Advanced threat predictions for 2024

Stay Connected