Information Security, Manufacturing and Surveillance

Surveillance vendor exploited Samsung phone zero-days

Security Affairs

NOVEMBER 9, 2022

Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. Pierluigi Paganini.

Surveillance

Surveillance Spyware Mobile Manufacturing

The US Gov is testing high-altitude balloons for surveillance

Security Affairs

AUGUST 4, 2019

The US government is testing high-altitude balloons manufactured by Sierra Nevada to conduct surveillance over American soil. The US government is planning to use high-altitude balloons to conduct surveillance over Americans. SecurityAffairs – high-altitude balloons, surveillance). ” states The Guardian.

Surveillance

Surveillance Manufacturing Advertising Government

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs.

Surveillance

Surveillance Firmware Advertising Mobile

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., granting them access to live and archived video feeds across multiple organizations, including manufacturing facilities, hospitals, schools, police departments and prisons.

Surveillance

Surveillance IoT Accountability Passwords

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

Australia’s Defense Department announced that they will remove surveillance cameras made by Chinese firms linked to the government of Beijing. Australia’s Defense Department is going to replace surveillance cameras made by Chinese firms Hikvision and Dahua, who are linked to the government of Beijing.

Surveillance

Surveillance Government Manufacturing Risk

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call. .”

Surveillance

Surveillance Spyware Malware Mobile

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

Hacking

Hacking Ransomware Banking Accountability

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. This time, the Cybernews research team found 3.5

Surveillance

Surveillance Manufacturing Passwords Internet

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs

MARCH 3, 2024

Camera doorbells manufactured by the Chinese company Eken Group Ltd under the brands EKEN and Tuck are affected by major vulnerabilities. Researchers from Consumer Reports (CR) discovered severe vulnerabilities in doorbell cameras manufactured by the Chinese company Eken Group Ltd. ” reads the report published by CR.

Manufacturing

Manufacturing Wireless Retail Surveillance

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Security Affairs

NOVEMBER 19, 2019

“After disclosing these findings to Google, they shared the report with other Android manufacturers, and Samsung confirmed the vulnerabilities existed in their smartphones as well. The post CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance appeared first on Security Affairs.

Surveillance

Surveillance Manufacturing Advertising IoT

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Since 2018, the hackers started targeting mobile users with an Android surveillance malware ChatSpy. phone number, IMEI/Android ID, Model and Manufacturer, and Android version), Geolocation, Images stored on external storage, WhatsApp voice notes, if installed. . ” reads the report published by Lookout. Pierluigi Paganini.

Spyware

Spyware Surveillance Malware Mobile

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Manufacturing Small Business Surveillance

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords

Passwords Surveillance Manufacturing Accountability

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

FEBRUARY 13, 2020

. “Independent cybersecurity experts say the intelligence services of global powers including the United States routinely exploit vulnerabilities in networking equipment — regardless of the manufacturer — for espionage purposes.” ” reported the AP News.

Manufacturing

Manufacturing Advertising Surveillance Architecture

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. The company designs and develops digital imaging products for use in mobile phones, laptops, netbooks and webcams, security and surveillance cameras, entertainment, automotive and medical imaging systems.

Data breaches

Data breaches Ransomware Manufacturing Encryption

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

Ever wondered how a screw manufactured in the United States has the same screw threads as a screw manufactured in Lithuania? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification. You can thank ISO for that!

Manufacturing

Manufacturing Surveillance Information Security CISO

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. Royal was then able to traverse the internal City infrastructure during the surveillance period using legitimate 3rd party remote management tools.”

Ransomware

Ransomware Surveillance Healthcare Accountability

UK urges to disconnect Chinese security cameras in government buildings

Security Affairs

NOVEMBER 24, 2022

“The decision comes after a review of “current and future possible security risks associated with the installation of visual surveillance systems on the government estate,” cabinet office minister Oliver Dowden said in a written statement to parliament.” ” states Reuters.

Government

Government Surveillance Risk Manufacturing

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox). The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox.

Spyware

Spyware Surveillance Media Malware

Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention

SC Magazine

APRIL 9, 2021

A screenshot from a music video of hte Evan Greer song, “Surveillance Capitalism,” which tackles the dangers of commercial surveillance technology. Sometimes fighting the excesses of the creeping surveillance economy is done through position papers, coalition building and lawsuits. Our concern is not ‘Hey patch this up.’

Surveillance

Surveillance Artificial Intelligence Technology Media

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero experts focus on attacks carried out by nation-state actors or surveillance firms, this means that one of these threat actors may be behind the exploitation of the Qualcomm flaws. Please contact your device manufacturer for more information on the patch status about specific devices.”

Firmware

Firmware Surveillance Authentication Manufacturing

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors. The APT32 also targeted peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors.

Spyware

Spyware Government Surveillance Phishing

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

Penetration Testing

Penetration Testing Financial Services Surveillance Manufacturing

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Both Remcos and NanoCore are used for information gathering, data exfiltration, surveillance, and control of the victims’ computers. . The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts.

Malware

Malware Government Surveillance Phishing

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. ” reads the post published by Trellix.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Android mobile devices from top vendors in China have pre-installed malware

Security Affairs

FEBRUARY 9, 2023

The experts pointed out that also users that leave the country are exposed to surveillance, through the pre-installed software. Chinese manufacturers have yet to comment on the research. This malicious software puts users’ privacy at risk, it could be used to spy on users and unmasking of their identities.

Mobile

Mobile Malware Surveillance Spyware

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SEPTEMBER 12, 2019

The scary part of the story is that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries. The SIMalliance recommends implementing security for S@T push messages. ” states the post. .”

Hacking

Hacking Mobile Spyware Manufacturing

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

Ever wondered how a screw manufactured in the United States has the same screw threads as a screw manufactured in Lithuania? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification. You can thank ISO for that!

Manufacturing

Manufacturing Surveillance Information Security

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

. “These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.” Most North American organizations using flawed MiCODUS devices are in the manufacturing sector, while those in South America are government entities.

Manufacturing

Manufacturing Passwords Mobile Authentication

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

Ever wondered how a screw manufactured in the United States has the same screw threads as a screw manufactured in Lithuania? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification. You can thank ISO for that!

Manufacturing

Manufacturing Surveillance Information Security CISO

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

SEPTEMBER 9, 2024

Industrial control systems (ICS) are the backbone of critical infrastructure, powering essential operations in the energy, manufacturing, water treatment, and transportation sectors. These systems are integral to the smooth operation of industries such as manufacturing, power generation, oil and gas, water management, and more.

Firmware

Firmware Encryption Manufacturing Risk

Cybersecurity Report: August 11, 2015

SiteLock

AUGUST 27, 2021

The FDA also mentioned that the devices were no longer being manufactured or distributed, recommending that healthcare facilities transition to other infusion systems as soon as possible. expected to increase spending on cyber security in the upcoming years, accelerating its initial timeline of the spending growth in information security.

Cybersecurity

Cybersecurity Internet Internet Banking

Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

Security Affairs

JULY 15, 2021

Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue.

Spyware

Spyware Surveillance Manufacturing Government

DJI drone tracking data exposed in the US

Security Affairs

OCTOBER 14, 2022

Over 80,000 drone IDs were exposed in the leak of a database containing information from airspace monitoring devices manufactured by DJI. The surveillance race. DJI was blacklisted by the Biden Administration in 2021 for its alleged involvement in the surveillance of the Uyghur Muslim minority in China. Troubling data.

Surveillance

Surveillance Marketing Manufacturing Risk

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

In March 2021, hackers gained access to a security company’s surveillance cameras and live-streamed those video feeds from hospitals, jails, schools, police stations, gyms, and even Tesla. The first is the very well-known lack of device security. Start Asking Questions About Data Privacy and Security.

IoT

IoT Cybersecurity VPN Internet

US FCC bans the import of electronic equipment from Chinese firms

Security Affairs

NOVEMBER 27, 2022

Federal Communications Commission (FCC) announced the total ban for telecom and surveillance equipment from Chinese companies Huawei, ZTE, Hytera, Hikvision, and Dahua due to an “unacceptable” national security threat. In September, the U.S. Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Telecommunications

Telecommunications Surveillance Government Risk

Hacker breached Perceptics, a US maker of license plate readers

Security Affairs

MAY 26, 2019

The company was hacked and attackers stole data and offered business plans, financial documents, and personal information for free on the dark web. LPRs manufactured by Perceptics are installed at all land border crossing lanes for privately owned vehicle traffic (POV) in the United States, Canada, and for the most critical lanes in Mexico.

Data breaches

Data breaches Advertising Surveillance Hacking

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

The Last Watchdog

SEPTEMBER 7, 2021

In President Xi’s April 2020 speech to the Party’s Central Economic and Financial Working Group, he called for building “independent, controllable, secure, and reliable supply chains to ensure industrial and national security…”. Deepening that global dependence occurs through partnerships.

Government

Government Internet Internet Marketing

Surveillance vendor exploited Samsung phone zero-days

The US Gov is testing high-altitude balloons for surveillance

Trending Sources

Expert found Russia’s SORM surveillance equipment leaking user data

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

An RCE in Annke video surveillance product allows hacking the device

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

3.5m IP cameras exposed, with US in the lead

Eken camera doorbells allow ill-intentioned individuals to spy on you

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs newsletter Round 377

FBI warns swatting attacks on owners of smart devices

A flaw in Dahua IP Cameras allows full take over of the devices

US officials claim Huawei Equipment has secret backdoor for spying

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

UK urges to disconnect Chinese security cameras in government buildings

Researchers analyzed the PREDATOR spyware and its loader Alien

Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention

Chipmaker Qualcomm warns of three actively exploited zero-days

APT32 state hackers target human rights defenders with spyware

China-linked Budworm APT returns to target a US entity

Balikbayan Foxes group spoofs Philippine gov to spread RATs

HID Mercury Access Controller flaws could allow to unlock Doors

Android mobile devices from top vendors in China have pre-installed malware

SimJacker attack allows hacking any phone with just an SMS

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

What Is Industrial Control System (ICS) Cyber Security?

Cybersecurity Report: August 11, 2015

Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

DJI drone tracking data exposed in the US

IoT and Cybersecurity: What’s the Future?

US FCC bans the import of electronic equipment from Chinese firms

Hacker breached Perceptics, a US maker of license plate readers

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

Stay Connected