Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

Surveillance 59

Surveillance Data breaches Spyware Malware 59

Security Boulevard

MARCH 3, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The surveillance tech waiting for workers as they return to the office ArsTechnica RTO continues to pick up steam. In pursuit of "more productivity," some employers are leaning heavily into surveillance tech.

Surveillance 52

Surveillance Data breaches Firmware Encryption 52

Security Boulevard

FEBRUARY 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Tips for finding old accounts.

Surveillance 52

Surveillance Data breaches VPN Malware 52

CyberSecurity Insiders

JUNE 29, 2021

Security researchers say that the flaw is related to software component used in cloud surveillance platform ThroughTek that is used by OEMs while manufacturing IP Cameras, baby monitoring cams and pet monitoring solutions along with robotic and battery devices. score to the newly discovered P2P SDK vulnerability.

Firmware 85

Firmware IoT Surveillance Manufacturing 85

Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, The vulnerabilities were disclosed during the Hardwear.io

Firmware 109

Firmware Penetration Testing Manufacturing Authentication 109

Security Affairs

JULY 31, 2022

and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S.

Malware 98

Malware Firmware Surveillance DDOS 98

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The data can be textual (e.g.,

Firmware 98

Firmware Social Engineering Surveillance Malware 98

SecureList

NOVEMBER 30, 2021

The report, called Pegasus Project , alleged that the software uses a variety of exploits, including several iOS zero-click zero-days. Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance.

Malware 140

Malware Mobile Spyware Surveillance 140

eSecurity Planet

FEBRUARY 22, 2022

NSO Group’s Pegasus software has been routinely in the headlines in recent years for using zero-click attacks to install its spyware. The software has exploited zero-day vulnerabilities and unpatched flaws in software, most of the time unknown by the victims and companies. NSO’s Business Model Spreads.

Spyware 125

Spyware Software Government Social Engineering 125

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software.

Ransomware 111

Ransomware Internet Internet Firmware 111

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 116

Banking Malware Computers and Electronics Mobile 116

SecureWorld News

AUGUST 8, 2022

Also known as Gozi, Ursnif has evolved over the years to include a persistence mechanism, methods to avoid sandboxes and virtual machines, and search capability for disk encryption software to attempt key extraction for unencrypting files. Remcos Remcos is marketed as a legitimate software tool for remote management and penetration testing.

Malware 98

Malware Banking Penetration Testing Healthcare 98

eSecurity Planet

SEPTEMBER 9, 2024

An ICS consists of hardware and software systems that monitor and control industrial equipment and processes. DCS integrates both hardware and software for process control and monitoring. Patch management: Keeping software and firmware up to date to close security gaps.

Firmware 109

Firmware Encryption Manufacturing Risk 109

Security Affairs

AUGUST 12, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 65

Advertising DNS Firmware Surveillance 65

The Security Ledger

DECEMBER 19, 2023

Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen As software worms its way onto pretty much every type of modern appliance, consumers have benefitted from amazing features.

IoT 75

IoT Internet Internet Manufacturing 75

Pen Test

OCTOBER 12, 2023

About the Author: Larbi OUIYZME Cybersecurity Consultant and Licensed Ham Radio Operator since 1988 with prefix CN8FF, deeply passionate about RF measurement, antennas, satellites, Software-defined radio, Digital Mobile Radio and RF Pentesting. Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons.

Encryption 52

Encryption Firmware Surveillance Technology 52

The Security Ledger

NOVEMBER 11, 2019

We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks. » Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Terry is a former NSA employee who specializes in firmware security.

Risk 40

Risk Surveillance Firmware Technology 40

eSecurity Planet

JULY 8, 2024

These vulnerabilities affected diverse areas, including network infrastructure, software libraries, IoT devices, and even CPUs. To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. Update your routers to the most recent versions ( 5.6.15, 6.1.9-lts,

Risk 62

Risk Authentication Firmware Surveillance 62

Security Boulevard

FEBRUARY 10, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

Spyware 52

Spyware Surveillance Government Data breaches 52

Security Boulevard

JANUARY 27, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

Surveillance 52

Surveillance Data breaches Malware Backups 52

SecureList

SEPTEMBER 21, 2023

In the screenshot below, the vendor is offering a homebrew DDoS bot complete with a C2 server and software for uploading the malware via Telnet or SSH: See translation Selling Linux IoT bot. Tested, tried. Comes with a manual and network startup kit. Regrettably, vendors could have done a much better job fixing those.

IoT 135

IoT DDOS Passwords Malware 135

SecureList

NOVEMBER 26, 2021

At the end of September, at the Kaspersky Security Analyst Summit , our researchers provided an overview of FinSpy , an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists. FinSpy: analysis of current capabilities.

Malware 134

Malware Banking Energy and Utilities Accountability 134

ForAllSecure

APRIL 22, 2021

but in writing it, it inadvertently, or maybe overtly I don't remember captured reverse engineering software that has some protection mechanism in it, and without getting into the details. Well, there's also software defined radio, which takes the place of the custom design chips. They're designed to be obsolete at some point in time.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

but in writing it, it inadvertently, or maybe overtly I don't remember captured reverse engineering software that has some protection mechanism in it, and without getting into the details. Well, there's also software defined radio, which takes the place of the custom design chips. They're designed to be obsolete at some point in time.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources. Probably not.

IoT 52

IoT DDOS Malware Internet 52

SecureList

OCTOBER 26, 2021

An APT threat actor, suspected to be HoneyMyte, modified a fingerprint scanner software installer package on a distribution server in a country in South Asia. We were missing clear evidence that the attack leveraged a vulnerability within this software, and to solve this mystery we decided to audit the binary of this application.

Malware 145

Malware Government Surveillance Spyware 145

eSecurity Planet

OCTOBER 21, 2022

Short for “malicious software,” malware is any piece of computer software designed to disrupt the regular function of a network or device, to gain unauthorized access to certain hardware or systems, or to send user data to others without that user’s consent. An August 2022 Statista report counted 2.8 fully crashing your browser.

Malware 75

Malware Adware Spyware Antivirus 75

SecureList

NOVEMBER 14, 2023

In May, Ars Technica reported that BootGuard private keys had been stolen following a ransomware attack on Micro-Star International (MSI) in March this year (firmware on PCs with Intel chips and BootGuard enabled will only run if it is digitally signed using the appropriate keys). The trend may evolve in various ways.

Hacking 141

Hacking Energy and Utilities Media Malware 141

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The files warned owners that the MQTT software allowed “any valid credential to connect and control your printer.”

IoT 117

IoT Internet Internet Ransomware 117

Security Affairs

DECEMBER 22, 2024

BadBox rapidly grows, 190,000 Android devices infected Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks Sophos fixed critical vulnerabilities in its Firewall product U.S.

Data breaches 60

Data breaches Cybercrime Spyware Firmware 60

Security Affairs

OCTOBER 10, 2023

Only basic skills are needed for a bad actor to find a camera and brute-force login credentials, as well-known software tools and basic tutorials have long been in the wild. This would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information.

Risk 126

Risk Encryption VPN Passwords 126

CyberSecurity Insiders

SEPTEMBER 24, 2021

China-based video surveillance related product offering company Hikvision has issued a security advisory saying that all those using their security cameras and NVRs must know a critical vulnerability on its devices that could allow hackers to take control of the cameras and use them as bots to launch DDoS or other related attacks.

Surveillance 96

Surveillance Firmware DDOS IoT 96