Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, The vulnerabilities were disclosed during the Hardwear.io

Firmware 109

Firmware Penetration Testing Manufacturing Authentication 109

Security Boulevard

FEBRUARY 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Kagi also introduces Privacy Pass, which allows users to authenticate to servers (like Kagi's) without revealing their identity; this should ensure searches are unlinkable to accounts. Tips for finding old accounts. CVE-2025-21391.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Kagi Search introduces Privacy Pass authentication AlternativeTo Kagi officially rolls out Privacy Pass support for its Android app. Tuta also shares planned updates "coming soon" to Tuta Mail.

Surveillance 59

Surveillance Data breaches Spyware Malware 59

Security Affairs

JULY 31, 2022

and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S. and Blackmatter ransomware U.S.

Malware 98

Malware Firmware Surveillance DDOS 98

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. The first one, in January, was MoonBounce ; the other was CosmicStrand in July 2022.

Firmware 128

Firmware Surveillance Mobile Telecommunications 128

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. Once an authenticated attacker has discovered the vacuum on the network by obtaining its MAC address it will send a specially crafted UDP packet, and execute commands on the. vacuum cleaner as root.

Firmware 67

Firmware Surveillance Technology Authentication 67

eSecurity Planet

SEPTEMBER 9, 2024

Patch management: Keeping software and firmware up to date to close security gaps. Ransomware can cripple essential functions until a ransom is paid, while malware may lead to unauthorized control or surveillance of the system. Role-based access control (RBAC): Restricting system access based on user roles and responsibilities.

Firmware 109

Firmware Encryption Manufacturing Risk 109

eSecurity Planet

JULY 8, 2024

OpenSSH resolved a signal handler race problem, Juniper Networks managed an authentication bypass, and CocoaPods faced supply chain attack concerns. Juniper Networks Addresses Authentication Bypass Vulnerability Type of vulnerability: Authentication bypass using an alternate path. Rockwell Automation handled RCE issues.

Risk 62

Risk Authentication Firmware Surveillance 62

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. Keeping firmware up to date is essential for security.

Encryption 52

Encryption Firmware Surveillance Technology 52

eSecurity Planet

MARCH 4, 2024

February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The problem: HikVision’s HikCentral Professional security management system controls related surveillance equipment and contains both a high (CVSS 7.5) and a medium (CVSS 4.3) level vulnerability.

IoT 117

IoT Internet Internet Ransomware 117

SecureList

SEPTEMBER 21, 2023

Its capabilities include smart brute-forcing by analyzing the initial request for authentication data it receives from a Telnet service. Paul has discovered critical vulnerabilities in the firmware and protocols of certain webcam models, and one of the vendors he contacted never even got back to him to discuss remediation.

IoT 137

IoT DDOS Passwords Malware 137

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. It seemed that once you authenticated through the local network, the app maintain that access, even if you are halfway across the world.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. It seemed that once you authenticated through the local network, the app maintain that access, even if you are halfway across the world.

IoT 52

IoT Hacking Internet Internet 52