Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware 144

Firmware Surveillance Marketing VPN 144

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. This was determined through static analysis of the firmware shipping with the device.

Firmware 109

Firmware Surveillance IoT Passwords 109

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. ” Netlab concludes.

Firmware 139

Firmware Surveillance Manufacturing Advertising 139

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware 145

Firmware Malware Spyware Surveillance 145

Security Boulevard

MARCH 3, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The surveillance tech waiting for workers as they return to the office ArsTechnica RTO continues to pick up steam. In pursuit of "more productivity," some employers are leaning heavily into surveillance tech.

Surveillance 52

Surveillance Data breaches Firmware Encryption 52

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Data Broker Brags About Having Highly Detailed Personal Information on Nearly All Internet Users Gizmodo An owner of a data broker business brags and showcases his company's ability to deliver "personalized messaging at scale."

Surveillance 59

Surveillance Data breaches Spyware Malware 59

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” and QTS 4.4.1. “QNAP® Systems, Inc.

Ransomware 110

Ransomware Internet Internet Firmware 110

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Korenix has developed another firmware that the organization incorporates in its JetNet industrial switches. Malicious firmware and bootloader uploads are possible too.

Firmware 85

Firmware Energy and Utilities Cyber Attacks Surveillance 85

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware 107

Firmware Passwords Manufacturing Mobile 107

SecureWorld News

AUGUST 24, 2022

Air-gapping a device or system is thought of as a way to isolate your device from the internet, or other public-facing networks, so that it is highly secure and untouchable to threat actors. If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands.

Firmware 97

Firmware Social Engineering Surveillance Malware 97

Security Affairs

MARCH 29, 2023

” The second campaign was spotted in December 2022 when the researchers discovered an exploit chain targeting the latest version of the Samsung Internet Browser using multiple zero-days and n-days. At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. ” concludes the report.

Spyware 98

Spyware Surveillance Firmware Internet 98

Security Affairs

AUGUST 17, 2021

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data. This varies from device to device but typically is used for device telemetry, firmware updates, and device control.” ” continues Mandiant.

IoT 123

IoT Hacking Social Engineering Firmware 123

Security Affairs

SEPTEMBER 16, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy.

Advertising 87

Advertising Firmware Surveillance Data breaches 87

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 113

Banking Malware Computers and Electronics Mobile 113

The Security Ledger

DECEMBER 19, 2023

Meet the IoZ: our Internet of Zombie things Dennis Giese is a Ph.D But software and always-on Internet connectivity have also enabled abusive practices, such as mass, commercial surveillance of consumers and de-facto monopolies on things like service and repair. Forget the IoT. student at Northeastern University in Boston.

IoT 75

IoT Internet Internet Manufacturing 75

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. ” The second vulnerability requires physical access to be triggered, it can be exploited by an attacker to load a tainted version of the firmware by inserting a microSD card into the vacuum.

Firmware 67

Firmware Surveillance Technology Authentication 67

eSecurity Planet

SEPTEMBER 9, 2024

The potential for cyberattacks increases with industrial control systems becoming more interconnected through the Internet of Things (IoT) and cloud-based systems. Patch management: Keeping software and firmware up to date to close security gaps. What is the Importance of Cybersecurity in an Industrial Control System (ICS)?

Firmware 111

Firmware Encryption Manufacturing Risk 111

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Artificial Intelligence 98

Security Affairs

DECEMBER 29, 2019

The incident was independently verified by the authors of the blog IPVM that focuses on video surveillance products. According to Twelve Security , the exposed data includes: User name and email of those who purchased cameras and then connected them to their home 24% of the 2.4 on December 26 by a reporter at IPVM.com.

IoT 96

IoT Accountability Advertising Wireless 96

SecureList

SEPTEMBER 21, 2023

Paul has discovered critical vulnerabilities in the firmware and protocols of certain webcam models, and one of the vendors he contacted never even got back to him to discuss remediation. Security researcher Paul Marrapese who has studied the consumer webcam segment says security holes are not uncommon.

IoT 133

IoT DDOS Passwords Malware 133

Security Boulevard

JUNE 19, 2024

Many DNS resolvers - such as your internet service provider's (ISP) - do not encrypt queries and may log data and metadata surrounding your queries. Eavesdropping has been has been performed by public and private organizations alike to surveil DNS traffic (and potentially hijack it.) What data is sent to DNS Servers?

DNS 69

DNS Encryption Firmware Internet 69

Security Affairs

JULY 23, 2018

Both vulnerabilities effects Sony IPELA E series G5 firmware 1.87.00, the tech giant released an update last week to address them. This means that the attacker can provide content to trigger the stack-based buffer overflow that could allow the attacker to remotely execute commands on the affected device.

Advertising 82

Advertising Firmware Hacking Surveillance 82

ForAllSecure

APRIL 22, 2021

The Internet of Things presents us with both convenience and inconvenience at the same time, suddenly everything is smart is hackable again with startups sometimes repeating security mistakes made decades ago in the rush to market toys. The question is, who is hacking the internet of things today, and how does one even get started?

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

The Internet of Things presents us with both convenience and inconvenience at the same time, suddenly everything is smart is hackable again with startups sometimes repeating security mistakes made decades ago in the rush to market toys. The question is, who is hacking the internet of things today, and how does one even get started?

IoT 52

IoT Hacking Internet Internet 52

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance 108

Surveillance Hacking Firmware Manufacturing 108

SecureList

NOVEMBER 26, 2021

The vulnerability is in MSHTML, the Internet Explorer engine. At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists.

Malware 133

Malware Banking Energy and Utilities Accountability 133

ForAllSecure

OCTOBER 5, 2021

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Vamosi: The internet. Vamosi: Dyn was an internet performance management and web application security company that has since been bought by Oracle. The results can be massive enough to bring down parts of the internet.

IoT 52

IoT DDOS Malware Internet 52

eSecurity Planet

JULY 8, 2024

To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. July 3, 2024 Threat Actors Exploit MSHTML Flaw to Deploy MerkSpy Surveillance Tool Type of vulnerability: Remote code execution. Update your routers to the most recent versions ( 5.6.15, 6.1.9-lts,

Risk 64

Risk Authentication Firmware Surveillance 64

Security Boulevard

FEBRUARY 10, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Mullvad Mullvad VPN client is now available for Windows ARM desktops.

Spyware 52

Spyware Surveillance Government Data breaches 52

eSecurity Planet

OCTOBER 21, 2022

Today, malware is a common threat to the devices and data of anyone who uses the Internet. Ransomware is one of the most virulent forms of malware on the modern Internet. Firmware rootkits are also known as “hardware rootkits.”. Programs being opened or accessing the Internet without your permission.

Malware 75

Malware Adware Spyware Antivirus 75

The Security Ledger

NOVEMBER 11, 2019

» Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Terry is a former NSA employee who specializes in firmware security. We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks.

Risk 40

Risk Surveillance Firmware Technology 40

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. The first one, in January, was MoonBounce ; the other was CosmicStrand in July 2022.

Firmware 130

Firmware Surveillance Mobile Telecommunications 130

SecureList

OCTOBER 26, 2021

On June 3, Check Point published a report about an ongoing surveillance operation targeting a Southeast Asian government, and attributed the malicious activities to a Chinese-speaking threat actor named SharpPanda. In this quarter we focused on researching and dismantling surveillance frameworks following malicious activities we detected.

Malware 145

Malware Government Surveillance Spyware 145

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Disconnect printers from internet access until a patch becomes available. and a medium (CVSS 4.3)

IoT 119

IoT Internet Internet Ransomware 119

Security Affairs

OCTOBER 10, 2023

The Cybernews research team has found at least 165 exposed internet-connected RTSP cameras in Israel and 29 exposed RTSP cameras in Palestine, which are open and accessible to anyone. This would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information.

Risk 125

Risk Encryption VPN Passwords 125