SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware 107

Firmware Passwords Manufacturing Mobile 107

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Korenix has developed another firmware that the organization incorporates in its JetNet industrial switches. Malicious firmware and bootloader uploads are possible too.

Firmware 85

Firmware Energy and Utilities Cyber Attacks Surveillance 85

Security Affairs

JULY 25, 2018

AVTech is one of the world’s leading CCTV manufacturers, it is the largest public-listed company in the Taiwan surveillance industry. EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware.

Firmware 69

Firmware Passwords Advertising IoT 69

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. user names, passwords, key-loggings) or binary (e.g.,

Firmware 97

Firmware Social Engineering Surveillance Malware 97

SecureList

SEPTEMBER 21, 2023

Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Unfortunately, users tend to leave these passwords unchanged.

IoT 133

IoT DDOS Passwords Malware 133

Security Affairs

JULY 20, 2018

Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. To succeed, the attacker must authenticate on the device—which is made easier by the fact that many affected devices have the default username and password combination (admin:888888).”

Firmware 67

Firmware Surveillance Technology Authentication 67

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 113

Banking Malware Computers and Electronics Mobile 113

SecureWorld News

AUGUST 8, 2022

ForrmBook is capable of key logging and capturing browser or email client passwords, but its developers continue to update the malware to exploit the latest Common Vulnerabilities and Exposures (CVS), such as CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability. AZORult's developers are constantly updating its capabilities.

Malware 98

Malware Banking Penetration Testing Healthcare 98

Security Affairs

AUGUST 12, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 66

Advertising DNS Firmware Surveillance 66

eSecurity Planet

SEPTEMBER 9, 2024

Patch management: Keeping software and firmware up to date to close security gaps. Ransomware can cripple essential functions until a ransom is paid, while malware may lead to unauthorized control or surveillance of the system. Role-based access control (RBAC): Restricting system access based on user roles and responsibilities.

Firmware 111

Firmware Encryption Manufacturing Risk 111

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Artificial Intelligence 98

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices.

Encryption 52

Encryption Firmware Surveillance Technology 52

Security Boulevard

JANUARY 27, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

Surveillance 52

Surveillance Data breaches Malware Backups 52

SecureList

APRIL 27, 2022

We have previously seen DustSquad use third-party post-exploitation tools, such as the password dumping utility fgdump; but we have now observed new custom C modules, a first for DustSquad, and Delphi downloaders acting as post-exploitation facilitators, able to gather documents of interest for the actor. Other interesting discoveries.

Malware 145

Malware Firmware Government Phishing 145

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance 108

Surveillance Hacking Firmware Manufacturing 108

Security Boulevard

MARCH 24, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

Surveillance 75

Surveillance Telecommunications Data breaches Malware 75

ForAllSecure

APRIL 22, 2021

It's like using a hash of your street address, as the password for your front door. The Mirai botnet contributed to a massive denial of service attack that brought parts of the Internet to a standstill, what was remarkable was that Mariah was constructed from 1000s of Internet of Things devices, namely surveillance cameras.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

It's like using a hash of your street address, as the password for your front door. The Mirai botnet contributed to a massive denial of service attack that brought parts of the Internet to a standstill, what was remarkable was that Mariah was constructed from 1000s of Internet of Things devices, namely surveillance cameras.

IoT 52

IoT Hacking Internet Internet 52

SecureList

NOVEMBER 26, 2021

At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists. logins, passwords, etc.), Gamers beware. an invoice).

Malware 133

Malware Banking Energy and Utilities Accountability 133

Security Boulevard

FEBRUARY 10, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Mullvad Mullvad VPN client is now available for Windows ARM desktops.

Spyware 52

Spyware Surveillance Government Data breaches 52

eSecurity Planet

OCTOBER 21, 2022

For example, once it infects your device, a keylogger will start tracking every keystroke you make and sending a log of those keystrokes to the hacker, allowing them to reconstruct any sensitive information you might have entered after infection, such as your PIN, password, or social security number.

Malware 75

Malware Adware Spyware Antivirus 75

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources. Probably not.

IoT 52

IoT DDOS Malware Internet 52

SecureList

NOVEMBER 14, 2022

The cyber-offense ecosystem still appears to be shaken by the sudden demise of NSO Group; at the same time, these activities indicate to us that we’ve only seen the tip of the iceberg when it comes to commercial-grade mobile surveillance tooling. The first one, in January, was MoonBounce ; the other was CosmicStrand in July 2022.

Firmware 130

Firmware Surveillance Mobile Telecommunications 130

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. and a medium (CVSS 4.3) level vulnerability.

IoT 119

IoT Internet Internet Ransomware 119

Security Affairs

OCTOBER 10, 2023

While this communication system is useful for transferring real-time data, it offers neither encryption nor lockout mechanisms against password-guessing. This would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information.

Risk 125

Risk Encryption VPN Passwords 125