Authentication, Internet and Surveillance

Cell Phone Location Privacy

Schneier on Security

JANUARY 15, 2021

It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers. Monthly: The user pays their bill to the MVNO (credit card or otherwise) and the phone gets anonymous authentication (using Chaum blind signatures) tokens for each time slice (e.g., It’s a clever system. All MVNO SIMs are identical.

Surveillance

Surveillance Mobile Authentication VPN

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

The Hacker News

MAY 12, 2023

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

Surveillance

Surveillance Malware Internet Internet

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

SEPTEMBER 12, 2023

Citizen Lab says the bug it discovered was being exploited to install spyware made by the Israeli cyber surveillance company NSO Group. Tom Bowyer , manager of product security at Automox , said exploiting this vulnerability could lead to the disclosure of Net-NTLMv2 hashes , which are used for authentication in Windows environments.

Spyware

Spyware Software Surveillance Authentication

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance

Surveillance IoT Accountability Passwords

5 pro-freedom technologies that could change the Internet

Malwarebytes

JULY 4, 2022

After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. To celebrate Independence Day we want to draw your attention to five technologies that could improve life, liberty and the pursuit of happiness on the Internet. Passwordless authentication. DNS encryption.

Internet

Internet Internet Technology DNS

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface.

Firmware

Firmware IoT Wireless Surveillance

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Internet Internet

ScarCruft surveilling North Korean defectors and human rights activists

SecureList

NOVEMBER 29, 2021

The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months. To surveil the victim, the list includes target folders as well as /Camera, /Recordings, /KakaoTalk (a renowned Korean messenger), /??(documents),

Surveillance

Surveillance Malware Phishing Encryption

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS

DNS Internet Internet Government

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

FEBRUARY 6, 2019

This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance. Ubiquitous surveillance. Last November, SureID , a fingerprint services vendor based in Portland, Ore.,

Surveillance

Surveillance Technology Retail Artificial Intelligence

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

The internet of things (IoT) is widening the sphere of physical security as smart devices connected to business systems via the internet may be located outside of established secure perimeters. Muthukrishnan Access control, surveillance , and testing are the three major components that comprise the physical security of a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The Last Watchdog

AUGUST 1, 2022

If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow. Nelson: The security challenges present in many smart home devices include device identity, proper authentication (user and device), confidentiality of sensitive data, and integrity of software. Secured unicast and group communications.

Manufacturing

Manufacturing IoT Surveillance Authentication

5G Security

Schneier on Security

JANUARY 14, 2020

Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat. To be sure, there are significant security improvements in 5G over 4Gin encryption, authentication, integrity protection, privacy, and network availability.

Data collection

Data collection Software Marketing Government

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords

Passwords Surveillance Manufacturing Accountability

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

WhatsApp Proxy Servers Connect details

CyberSecurity Insiders

JANUARY 8, 2023

However, the new rule only applies to nations where censorship is high, like China, and in places, internet shutdowns are frequent, like in Iran. Means, WhatsApp users can use intermediatory gateways to connect to the web, or in case the link between their device and the internet goes off.

Internet

Internet Internet Surveillance Government

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

These are the carriers that provide Internet access to rural areas all across America. For example, it is possible to install an update on many instances of firmware without ever having to produce a digital certificate verifying the authenticity of the fix. telecoms by Chinese tech giant Huawei. Talk more soon.

Firmware

Firmware Cybersecurity Technology Engineering

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Russia)

Malware

Malware Phishing Surveillance Internet

Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Internet Internet

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security

JANUARY 18, 2019

It only affects the authentication that assures people of whom they are talking to. Computers, especially internet-connected computers, are inherently hackable, limiting the effectiveness of any procedures. But law enforcement has other forensic techniques to collect surveillance data in our highly networked world.

Encryption

Encryption Government Surveillance Hacking

Privacy Roundup: Week 11 of Year 2025

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Data Broker Brags About Having Highly Detailed Personal Information on Nearly All Internet Users Gizmodo An owner of a data broker business brags and showcases his company's ability to deliver "personalized messaging at scale."

Surveillance

Surveillance Data breaches Spyware Malware

Gh0stCringe RAT makes database servers squeal for protection

Malwarebytes

MARCH 17, 2022

Remote Access Trojans (RATs) are programs that provide the capability to allow covert surveillance or the ability to gain unauthorized access to a victim system. MySQL provides robust data security to protect data including secure connections, authentication services, fine-grained authorization and controls, and data encryption.

Encryption

Encryption Malware Surveillance Authentication

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Duo's Security Blog

JULY 1, 2021

Tall Tale #1: PINs Are Just Passwords In Part 1 , we talked about how passwordless authentication is still multi-factor: Possession of a private key, ideally stored on a piece of secure hardware A biometric or PIN the authenticator uses to locally verify the user’s identity Reasoning about a PIN being used as a factor is simpler than a biometric.

Passwords

Passwords Surveillance Authentication Risk

Chinese Hackers Breach US Wiretapping Data, Expose Vulnerabilities

eSecurity Planet

OCTOBER 8, 2024

Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance. law enforcement for surveillance purposes. The hackers, identified by U.S. Impact on U.S.

Surveillance

Surveillance Government Phishing Cybersecurity

Policy vs Technology

Schneier on Security

FEBRUARY 21, 2020

My most recent two books, Data and Goliath -- about surveillance -- and Click Here to Kill Everybody -- about IoT security -- are really about the policy implications of technology. Authentication risks surrounding someone's intimate partner is a good example.). Policy doesn't work that way; it's specifically focused on use.

Technology

Technology Encryption Surveillance Government

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Internet Internet

Stalkerware activity drops as glaring spying problem is revealed

Malwarebytes

OCTOBER 11, 2023

It’s spying when governments do it through opaque, mass surveillance regimes, it’s spying when companies do it through shadowy data broker networks that braid together disparate streams of information, and it’s spying when private individuals do it through unseen behavior on personal devices.

Surveillance

Surveillance Passwords Software Technology

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Security Affairs

JUNE 22, 2021

Uniquely, the attack is a black-box attack that was developed without any detailed knowledge of the algorithms used by the search engine, and the exploit is transferable to any AI application dealing with faces for internet services, biometric security, surveillance, law enforcement, and any other scenarios. .

Engineering

Engineering Internet Internet Surveillance

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

Once hacked vulnerable systems, attackers could steal personal information and conduct a wide range of malicious activities, including lock or unlock doors and gates, control elevator access, trigger alarms, intercept video surveillance streams, and manipulate HVAC systems and lights, disrupt operations.

Hacking

Hacking Advertising Surveillance Data collection

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

But Ferri said once the REACT Task Force got involved in his case, it became clear that video surveillance footage from the date and time of his SIM swap showed no such evidence of anyone entering the store to present a fake ID. He advises people instead use a mobile app like Authy or Google Authenticator to generate the one-time code.

Mobile

Mobile Cryptocurrency Accountability Passwords

Best Facial Recognition Software for Enterprises In 2022

eSecurity Planet

FEBRUARY 11, 2022

Most essentially, facial recognition technology promises a solid amount of internal and external security advantages in the day-to-day activity of enterprises, making it a key technology for passwordless authentication. Also read: Passwordless Authentication 101. False Negatives, Deepfakes and Other Concerns.

Software

Software Technology Authentication Artificial Intelligence

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

Microsoft is already providing passwordless features to Azure Active Directory, and for Google, multi-factor authentication (MFA) has become mandatory. While big tech phases in new authentication solutions, Dashlane — a password manager used by more than 20,000 companies and more than 15 million users — made a full switch.

Passwords

Passwords Password Management Authentication Technology

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.

Authentication

Authentication Surveillance Retail Education

Hacked: Verkada Security Camera Company

SecureWorld News

MARCH 10, 2021

Founded in 2016, Verkada is a security company that focuses on surveillance and facial recognition through the use of sophisticated software in security cameras. No, these cameras are an extremely powerful part of the Internet of Things (IOT). According to Vice, this includes more than 24,000 unique organizations.

Hacking

Hacking Surveillance Passwords Internet

GUEST ESSAY: How tech tricks used by Amazon, Netflix aid Ukraine in repelling Russia’s invasion

The Last Watchdog

OCTOBER 10, 2023

Internet protocol-based video solutions are increasingly important in getting the best insights to the right people at the right time, especially in the context of C4ISR. C4ISR stands for Command, Control, Communications, Computers (C4) Intelligence, Surveillance and Reconnaissance (ISR).

Encryption

Encryption Technology Surveillance Authentication

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

17 the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups. . “As early as Sept.

Healthcare

Healthcare Password Management Financial Services Surveillance

What is facial recognition?

Malwarebytes

NOVEMBER 24, 2021

By definition: A facial recognition system is a technology capable of matching a human face from a digital image or a video frame against a database of faces, typically employed to identify and/or authenticate users. China, for example, is already a place deeply wedded to multiple tracking/surveillance systems.

Computers and Electronics

Computers and Electronics Surveillance Technology Media

IaaS Security: Top 8 Issues & Prevention Best Practices

eSecurity Planet

DECEMBER 19, 2023

IaaS is a cloud computing model that uses the internet to supply virtualized computer resources. Breaking Authentication Attackers can get unauthorized access to the IaaS environment by exploiting weak authentication systems or weaknesses in the authentication process.

Encryption

Encryption Firewall Authentication Software

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. Once an authenticated attacker has discovered the vacuum on the network by obtaining its MAC address it will send a specially crafted UDP packet, and execute commands on the. vacuum cleaner as root. .”

Firmware

Firmware Surveillance Technology Authentication

Emergent Design Issues

Adam Shostack

JANUARY 2, 2025

There are interesting issues of composition, especially in backup authentication. Washington Post, 2014). But these are not vulnerabilities, because we can have endless debate about it they should be fixed. Whitelist bypass: Bypass Application Whitelisting Script Protections - Regsvr32.exe exe & COM Scriptlets (.sct

Software

Software Passwords Surveillance Backups

Cell Phone Location Privacy

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

Webinars

Trending Sources

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Webinars

Camera tricks: Privacy concerns raised after massive surveillance cam breach

5 pro-freedom technologies that could change the Internet

European firm DSIRF behind the attacks with Subzero surveillance malware

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

An RCE in Annke video surveillance product allows hacking the device

3.5m IP cameras exposed, with US in the lead

ScarCruft surveilling North Korean defectors and human rights activists

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

5G Security

FBI warns swatting attacks on owners of smart devices

A flaw in Dahua IP Cameras allows full take over of the devices

WhatsApp Proxy Servers Connect details

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

APT28 targets key networks in Europe with HeadLace malware

Episode 188: Crowdsourcing Surveillance with Flock Safety

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

Evaluating the GCHQ Exceptional Access Proposal

Privacy Roundup: Week 11 of Year 2025

Gh0stCringe RAT makes database servers squeal for protection

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Chinese Hackers Breach US Wiretapping Data, Expose Vulnerabilities

Policy vs Technology

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone Episode 188: Crowdsourcing Surveillance with Flock Safety

Stalkerware activity drops as glaring spying problem is revealed

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Over 100 flaws in management and access control systems expose buildings to hack

Busting SIM Swappers and SIM Swap Myths

Best Facial Recognition Software for Enterprises In 2022

The Challenges Facing the Passwordless Future

Fortinet warns of a spike in attacks against TBK DVR devices

Hacked: Verkada Security Camera Company

GUEST ESSAY: How tech tricks used by Amazon, Netflix aid Ukraine in repelling Russia’s invasion

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

What is facial recognition?

IaaS Security: Top 8 Issues & Prevention Best Practices

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Emergent Design Issues

Stay Connected