Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother – you, in this case?

Surveillance 145

Surveillance Manufacturing Internet Internet 145

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 98

Malware Banking Penetration Testing Healthcare 98

SecureWorld News

JANUARY 9, 2025

Also of concern is the firmware and ROM found on many components that go into the manufacture of systems, nearly of all which are manufactured today in mainland China. million in 2017 at Hollywood Presbyterian Medical Center to $240 million in 2021 with an attack on MediaMarkt, Europe's largest consumer electronics retailer.

Cybersecurity 108

Cybersecurity Manufacturing Surveillance Ransomware 108

Security Affairs

SEPTEMBER 28, 2021

Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Kaspersky experts shared the results of an 8-months investigation into FinSpy spyware at the Security Analyst Summit (SAS) 2021.

Spyware 110

Spyware Surveillance Firmware Malware 110

Security Affairs

AUGUST 17, 2021

Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. This varies from device to device but typically is used for device telemetry, firmware updates, and device control.”

IoT 122

IoT Hacking Social Engineering Firmware 122

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS 98

DDOS Firmware Surveillance IoT 98

CyberSecurity Insiders

JUNE 29, 2021

Security researchers say that the flaw is related to software component used in cloud surveillance platform ThroughTek that is used by OEMs while manufacturing IP Cameras, baby monitoring cams and pet monitoring solutions along with robotic and battery devices. score to the newly discovered P2P SDK vulnerability.

Firmware 85

Firmware IoT Surveillance Manufacturing 85

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. “Conspiracy to commit computer fraud and abuse is punishable by up to 5 years in prison.

Identity Theft 106

Identity Theft Computers and Electronics Surveillance Hacking 106

Security Affairs

JULY 31, 2022

and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S.

Firmware 98

Firmware Malware Surveillance DDOS 98

SecureWorld News

SEPTEMBER 30, 2021

Cybersecurity and Infrastructure Security Agency (CISA) recently warned administrators about a vulnerability that would allow threat actors to take control of devices produced by Hikvision, a Chinese state-owned video surveillance company. A remote attacker could exploit this vulnerability to take control of an affected device.

Firmware 95

Firmware Surveillance Government Technology 95

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The data can be textual (e.g.,

Firmware 98

Firmware Social Engineering Surveillance Malware 98

SecureList

APRIL 27, 2022

We also identified two samples developed in December 2021 containing test strings and preceding revisions of the ransom note observed in Microsoft’s shared samples. One of the identified samples was compiled on December 28, 2021, suggesting that this destructive campaign had been planned for months. … ?????? ??????!!!

Malware 145

Malware Firmware Government Phishing 145

Security Affairs

MARCH 29, 2023

The initial landing page was observed hosting the exploits for a WebKit remote code execution zero-day ( CVE-2022-42856 ) and a sandbox escape ( CVE-2021-30900 ) issue. At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. This vulnerability grants the attacker system access.

Spyware 98

Spyware Surveillance Firmware Internet 98

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 115

Banking Malware Computers and Electronics Mobile 115

eSecurity Planet

SEPTEMBER 9, 2024

One recent example that underscores this importance is the 2021 Colonial Pipeline ransomware attack. Patch management: Keeping software and firmware up to date to close security gaps. Ransomware can cripple essential functions until a ransom is paid, while malware may lead to unauthorized control or surveillance of the system.

Firmware 110

Firmware Encryption Manufacturing Risk 110

eSecurity Planet

JULY 8, 2024

To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. July 3, 2024 Threat Actors Exploit MSHTML Flaw to Deploy MerkSpy Surveillance Tool Type of vulnerability: Remote code execution. The fix: Microsoft already released a patch for CVE-2021-40444 in September 2021.

Risk 63

Risk Authentication Firmware Surveillance 63

ForAllSecure

APRIL 22, 2021

So, 2021 is one of those years and many security researchers many companies. And the hope is that in 2021, we'll get more expansive exemptions that apply to more types of devices, and that reduce the potential chilling effect that would stop researchers working on security research in the US because of fears of DMCA violations.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

So, 2021 is one of those years and many security researchers many companies. And the hope is that in 2021, we'll get more expansive exemptions that apply to more types of devices, and that reduce the potential chilling effect that would stop researchers working on security research in the US because of fears of DMCA violations.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources. Probably not.

IoT 52

IoT DDOS Malware Internet 52

SecureList

OCTOBER 26, 2021

This is our latest installment, focusing on activities that we observed during Q3 2021. This activity seems to have continued and stretched into 2021, when we spotted a set of recent attacks using the same techniques and malware to gain a foothold in diplomatic organizations based in Central Asia. It was fixed as CVE-2021-26605.

Malware 145

Malware Government Surveillance Spyware 145

SecureList

NOVEMBER 14, 2023

The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026). Leaks are often sold on the dark web, message groups or the group’s own platforms, and some are given away for free.

Hacking 141

Hacking Energy and Utilities Media Malware 141

eSecurity Planet

OCTOBER 21, 2022

A report from IBM claims that 21% of all cyber attacks the company remediated in 2021 were ransomware, making it the most common type of attack in the report. Once a system is infected, ransomware attacks usually come in 3 stages: Surveillance: The hackers scan their target for more information on the system they are attacking.

Malware 75

Malware Adware Spyware Antivirus 75

SecureList

NOVEMBER 14, 2022

In another publication , Google also followed up on the activities of a similar vendor named Cytrox that had leveraged four 0-day vulnerabilities in a 2021 campaign. In both cases, we described new UEFI firmware bootkits that managed to propagate malicious components from the deepest layers of the machine up to Windows’ user-land.

Firmware 130

Firmware Surveillance Mobile Telecommunications 130

CyberSecurity Insiders

SEPTEMBER 24, 2021

China-based video surveillance related product offering company Hikvision has issued a security advisory saying that all those using their security cameras and NVRs must know a critical vulnerability on its devices that could allow hackers to take control of the cameras and use them as bots to launch DDoS or other related attacks.

Surveillance 96

Surveillance Firmware DDOS IoT 96