Hacking, IoT, Passwords and Surveillance

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance

Surveillance Hacking Firmware Manufacturing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. It's like using a hash of your street address, as the password for your front door.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. It's like using a hash of your street address, as the password for your front door.

IoT

IoT Hacking Internet Internet

Hacked: Verkada Security Camera Company

SecureWorld News

MARCH 10, 2021

Founded in 2016, Verkada is a security company that focuses on surveillance and facial recognition through the use of sophisticated software in security cameras. Now a hacking group says they accessed thousands of live feeds from Verkada's cameras around the world. The Verkada camera hack: what happened?

Hacking

Hacking Surveillance Passwords Internet

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. Users should update their passwords on a regular basis.

Passwords

Passwords Surveillance Manufacturing Accountability

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

million vehicles can allow hackers to remotely hack them. “These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.” There is no mandatory rule to change the password nor is there any claiming process.

Manufacturing

Manufacturing Passwords Mobile Authentication

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. SecurityAffairs – Guardzilla, IoT). ” reads the analysis published by Rapid7.

Firmware

Firmware Surveillance IoT Passwords

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. It's suitable for resource-constrained RF devices, making it a popular choice for low-power IoT applications. Weak Passwords: Insecure or easily guessable passwords used to access RF devices can compromise security.

Encryption

Encryption Firmware Surveillance Technology

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware

Firmware Surveillance Manufacturing Advertising

Security Affairs newsletter Round 225 and Important Update

Security Affairs

AUGUST 4, 2019

Crooks used rare Steganography technique to hack fully patched websites in Latin America. Jessica Alba ‘s Twitter account hacked, it posted racist and homophobic messages. Android devices could be hacked by playing a video due to CVE-2019-2107 flaw. Hacking avionics systems through the CAN bus. Once again thank you!

Data breaches

Data breaches eCommerce Hacking Malware

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance

Surveillance IoT Accountability Passwords

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. “Like any other IoT device, these robot vacuum cleaners could be marshalled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners.

Firmware

Firmware Surveillance Authentication Technology

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs

JULY 25, 2018

AVTech is one of the world’s leading CCTV manufacturers, it is the largest public-listed company in the Taiwan surveillance industry. The security expert Ankit Anubhav who discovered the Death botnet revealed that outdated firmware versions expose the passwords of the AVTech device in cleartext. Pierluigi Paganini.

Firmware

Firmware Passwords IoT Advertising

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

By developing more advanced security features and building them into these products, hacks can be avoided. There's just one specific in the law that's not subject to the attorney general's interpretation: Default passwords are not allowed. But it's just one of dozens of awful "security" measures commonly found in IoT devices.

IoT

IoT Manufacturing Internet Internet

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. In March 2021, hackers gained access to a security company’s surveillance cameras and live-streamed those video feeds from hospitals, jails, schools, police stations, gyms, and even Tesla.

IoT

IoT Cybersecurity VPN Internet

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

What’s remarkable about these record-breaking attacks is they were carried out via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras. At its peak, Mirai enslaved over 600,000 vulnerable IoT devices, according to our measurements. OVH DDoS attack.

IoT

IoT DDOS Internet Internet

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working? Vamosi: Welcome to The Hacker Mind and original podcast from ForAllSecure, it's about challenging our expectations about the people who hack for a living.

IoT

IoT DDOS Malware Internet

The Hacker Mind Podcast: Surviving Stalkerware

ForAllSecure

SEPTEMBER 21, 2021

They discuss how software and IoT companies can avoid becoming the next Black Mirror episode and share resources that can help survivors (and those who want to help them) deal with the technology issues that can be associated with technologically facilitated abuse. But what about IoT devices? It doesn't take leet hacking skills.

Technology

Technology Software Surveillance Media

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Update libraries and instances to versions patched after February 8, 2024. and a medium (CVSS 4.3)

IoT

IoT Internet Internet Ransomware

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. One glaring example is Iran, which faced a series of spectacular hacks and sabotages.

Firmware

Firmware Surveillance Mobile Telecommunications

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 10, 2023

billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) Will Enable Mass Spying Reddit Says Leaked U.S.-U.K.

Data breaches

Data breaches Ransomware Hacking Financial Services

Cyber Security Informer

Overview of IoT threats in 2023

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Webinars

Trending Sources

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Webinars

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Hacked: Verkada Security Camera Company

FBI warns swatting attacks on owners of smart devices

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Guardzilla Security Video System Footage exposed online

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs newsletter Round 225 and Important Update

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

The Death botnet grows targeting AVTech devices with a 2-years old exploit

New IoT Security Regulations

IoT and Cybersecurity: What’s the Future?

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

The Hacker Mind Podcast: Surviving Stalkerware

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Advanced threat predictions for 2023

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected