The Last Watchdog

FEBRUARY 6, 2019

This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance. Ubiquitous surveillance. Last November, SureID , a fingerprint services vendor based in Portland, Ore.,

Surveillance 157

Surveillance Technology Retail Artificial Intelligence 157

Threatpost

DECEMBER 30, 2020

Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.

Surveillance 140

Surveillance Authentication IoT Government 140

Thales Cloud Protection & Licensing

JULY 12, 2018

The Internet of Things (IoT) is very crowded. Connected things are what make the IoT – sensors, cameras, wearable electronics, medical devices, automatic controls. But making the IoT work requires trust in the devices and the data they collect. The IoT is not making the job of securing networks any easier.

IoT 72

IoT Data collection Encryption eCommerce 72

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords 144

Passwords Surveillance Manufacturing Accountability 144

Schneier on Security

FEBRUARY 21, 2020

My most recent two books, Data and Goliath -- about surveillance -- and Click Here to Kill Everybody -- about IoT security -- are really about the policy implications of technology. Authentication risks surrounding someone's intimate partner is a good example.). Policy doesn't work that way; it's specifically focused on use.

Technology 272

Technology Encryption Surveillance Government 272

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 123

Social Engineering Data breaches Spyware Malware 123

Thales Cloud Protection & Licensing

JANUARY 28, 2020

The latter measure is especially important, as data-in-motion encryption helps shield an organization’s data, video, voice and metadata from eavesdropping, surveillance and other interception attempts. This security control is particularly important given the explosion of mobile, IoT and cloud-based devices in the enterprise.

Data privacy 150

Data privacy Unstructured Data Encryption Identity Theft 150

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. Problem is, MAC addresses are not great for authentication. How then does one start securing it?

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. Problem is, MAC addresses are not great for authentication. How then does one start securing it?

IoT 52

IoT Hacking Internet Internet 52

Security Affairs

FEBRUARY 19, 2023

Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

DDOS 98

DDOS Data breaches Ransomware Hacking 98

SecureWorld News

JULY 20, 2022

million devices in use worldwide, and if exploited in an attack, it could cut off fuel, stop vehicles from running, and be used as surveillance to track routes and locations. CVE-2022-2107 (CVSS score of 9.8) — "The API server has an authentication mechanism that allows devices to use a hard-coded master password.

Authentication 98

Authentication Mobile Surveillance Passwords 98

Security Affairs

AUGUST 4, 2019

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware. WordPress Plugin Facebook Widget affected by authenticated XSS. million fine for selling flawed surveillance technology to the US Gov. Facebook deleted Russia-Linked efforts focusing on Ukraine ahead of the election. Cisco to pay $8.6

Data breaches 93

Data breaches eCommerce Hacking Malware 93

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. “Like any other IoT device, these robot vacuum cleaners could be marshalled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners.

Firmware 67

Firmware Surveillance Technology Authentication 67

Security Affairs

MAY 2, 2023

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.

Authentication 98

Authentication Surveillance Retail Education 98

Security Affairs

AUGUST 7, 2019

Most of the exploits allow the botnet to compromise unpatched IoT devices, but experts warn that enterprise apps Oracle WebLogic and VMware SD-Wan are also potential targets. Authentication Bypass / Remote Command Execution EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Cashdollar will be at Defcon (@_larry0) August 6, 2019.

Wireless 104

Wireless IoT Advertising Surveillance 104

Security Affairs

JULY 20, 2022

“These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.” CVE-2022-2141 (CVSS score: 9.8) – Improper authentication allows a user to send some SMS commands to the GPS tracker without a password.

Manufacturing 100

Manufacturing Passwords Mobile Authentication 100

SecureWorld News

MARCH 10, 2021

Founded in 2016, Verkada is a security company that focuses on surveillance and facial recognition through the use of sophisticated software in security cameras. No, these cameras are an extremely powerful part of the Internet of Things (IOT). According to Vice, this includes more than 24,000 unique organizations.

Hacking 96

Hacking Surveillance Passwords Internet 96

Malwarebytes

MAY 18, 2022

Another is the usage of Linux as the go-to operating system for many IoT devices. IoT malware has matured over the years and has become popular, especially among botnets. The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for distributed denial of service (DDoS) attacks.

Cryptocurrency 85

Cryptocurrency IoT Malware DDOS 85

eSecurity Planet

MARCH 4, 2024

February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. Azure-Connected IoT Vulnerable to Remote Code Execution Type of vulnerability: Internet of things (IoT) RCE vulnerability. and a medium (CVSS 4.3) level vulnerability.

IoT 118

IoT Internet Internet Ransomware 118

eSecurity Planet

JULY 8, 2024

These vulnerabilities affected diverse areas, including network infrastructure, software libraries, IoT devices, and even CPUs. OpenSSH resolved a signal handler race problem, Juniper Networks managed an authentication bypass, and CocoaPods faced supply chain attack concerns. Rockwell Automation handled RCE issues.

Risk 63

Risk Authentication Firmware Surveillance 63

eSecurity Planet

MAY 24, 2024

Generally, when you adhere to the cloud security best practices , such as strong authentication, data encryption, and continuous monitoring, the cloud can be extremely safe. Manage access controls: Implement strong user authentication measures. Encrypt data: Ensure that data is encrypted at rest and in transit.

Encryption 120

Encryption Risk Passwords Technology 120

Thales Cloud Protection & Licensing

FEBRUARY 21, 2023

5G connectivity brings new capabilities such as IoT, virtual reality, gaming, remote surgeries, real time mass-data updates for mobile devices, connected cars, sensors, etc. 5G users will benefit from more connections, with fewer drops and less interference while enjoying remote access from almost anywhere.

Encryption 71

Encryption Mobile Architecture IoT 71

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. We believe that research into mail software vulnerabilities is only getting started.

Firmware 128

Firmware Surveillance Mobile Telecommunications 128

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. These cabinets are designed to prevent physical tampering and unauthorized access.

Encryption 52

Encryption Firmware Surveillance Technology 52

eSecurity Planet

SEPTEMBER 9, 2024

The potential for cyberattacks increases with industrial control systems becoming more interconnected through the Internet of Things (IoT) and cloud-based systems. Ransomware can cripple essential functions until a ransom is paid, while malware may lead to unauthorized control or surveillance of the system.

Firmware 110

Firmware Encryption Manufacturing Risk 110

SecureList

JUNE 20, 2023

These vulnerabilities could allow an attacker to gain unauthorized access to the device and steal sensitive information, such as video footage, potentially turning the feeder into a surveillance tool. This might be a place to consider connecting such IoT devices to reduce the potential damage from unpatched or undiscovered vulnerabilities.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Wiz Cloud security 2020 Private Evervault Developer encryption 2019 Private Verkada Security surveillance 2019 Private Armis IoT network security 2015 Private Sumo Logic Threat intelligence 2014 Nasdaq: SUMO Okta Identity management 2013 Nasdaq: OKTA Barracuda Enterprise security 2006 Private.

Cybersecurity 129

Cybersecurity Technology Marketing Healthcare 129

Threatpost

SEPTEMBER 25, 2020

Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.

Surveillance 92

Surveillance Authentication Encryption Internet 92

Security Affairs

MAY 2, 2022

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. In March 2021, hackers gained access to a security company’s surveillance cameras and live-streamed those video feeds from hospitals, jails, schools, police stations, gyms, and even Tesla.

IoT 145

IoT Cybersecurity VPN Internet 145

Malwarebytes

JULY 2, 2023

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business?

Spyware 95

Spyware Surveillance IoT Scams 95

SecureWorld News

JUNE 29, 2024

Surveillance of this kind violates Americans' Fourth Amendment rights and was argued to have done so in a 2020 border agency situation. It can be used as an authentication measure by businesses to ensure the user is who they say they are and to spot suspicious activity.

Surveillance 109

Surveillance Advertising Technology Risk 109

Jane Frankland

JANUARY 12, 2025

Cybersecurity is on the brink of significant transformation as we approach 2025, grappling with escalating complexities driven by advancements in technology, increasing geopolitical tensions, and the rapid adoption of AI and IoT. Ethics The ethical challenges posed by advancing AI technologies will demand urgent attention in 2025.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130

Krebs on Security

NOVEMBER 26, 2024

At the end of 2023, malicious hackers discovered that many companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with nothing more than a username and password (no multi-factor authentication required). A surveillance photo of Connor Riley Moucka, a.k.a.

DDOS 306

DDOS Cybercrime Accountability Government 306