Remove Firmware Remove Manufacturing Remove Surveillance
article thumbnail

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

article thumbnail

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs. Pierluigi Paganini.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

3.5m IP cameras exposed, with US in the lead

Security Affairs

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. After looking at 28 of the most popular manufacturers, our research team found 3.5 What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies. million internet-facing cameras.

article thumbnail

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

article thumbnail

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

Google Threat Analysis Group and Google Project Zero experts focus on attacks carried out by nation-state actors or surveillance firms, this means that one of these threat actors may be behind the exploitation of the Qualcomm flaws. Please contact your device manufacturer for more information on the patch status about specific devices.”

Firmware 128
article thumbnail

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co., Mitigation.

Firmware 134
article thumbnail

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

Supply chains have vulnerabilities at touchpoints with manufacturers, suppliers, and other service providers.”. Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client. Threat detection. Traceability and accountability.