Internet, Passwords and Surveillance - Cyber Security Informer

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

MARCH 13, 2019

In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services. Mirai and Reaper are examples of a new generation of IoT botnets comprised of millions of infected home routers and surveillance cams. This is coming. Talk more soon.

Internet

Internet Internet IoT Energy and Utilities

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance

Surveillance IoT Accountability Passwords

RedTorch Formed from Ashes of Norse Corp.

Krebs on Security

MARCH 22, 2021

“And Norse’s much-vaunted interactive attack map was indeed some serious eye candy: It purported to track the source and destination of countless Internet attacks in near real-time, and showed what appeared to be multicolored fireballs continuously arcing across the globe.”

Surveillance

Surveillance Computers and Electronics Internet Internet

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. But like nearly all innovation, there are risks involved. This law is not a panacea.

IoT

IoT Manufacturing Internet Internet

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

Security Affairs

MARCH 27, 2025

is a US-based telecommunications company that provides broadband internet, cable TV, and phone services. is known for offering high-speed internet and competitive pricing in markets where it competes with larger providers. Compromised data includes usernames, passwords, security details, emails, and Firebase integration data.

Hacking

Hacking Telecommunications Data breaches Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance.

Surveillance

Surveillance Manufacturing Internet Internet

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

These include scrutinizing network device configurations, implementing advanced monitoring solutions, and restricting internet exposure of management traffic. Disabling unnecessary protocols and services, avoiding default passwords, and verifying software integrity bolster resilience. are essential for protecting data.

Telecommunications

Telecommunications Government Mobile Cyber threats

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

SEPTEMBER 12, 2023

Citizen Lab says the bug it discovered was being exploited to install spyware made by the Israeli cyber surveillance company NSO Group. “They could also conduct pass-the-hash attacks, where the attacker uses the hashed version of a password to authenticate themselves without needing to decrypt it.” and iPadOS 16.6.1.

Spyware

Spyware Software Surveillance Authentication

US Journalist Detained When Returning to US

Schneier on Security

JULY 4, 2019

After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. He browsed my emails and my internet history. He also went through my personal photos, which I resented.

Passwords

Passwords Media Encryption Internet

5 pro-freedom technologies that could change the Internet

Malwarebytes

JULY 4, 2022

After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. To celebrate Independence Day we want to draw your attention to five technologies that could improve life, liberty and the pursuit of happiness on the Internet. And yet almost every Internet account requires one.

Internet

Internet Internet Technology DNS

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. That changed on Jan.

DNS

DNS Internet Internet Government

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Duo's Security Blog

JULY 1, 2021

Tall Tale #1: PINs Are Just Passwords In Part 1 , we talked about how passwordless authentication is still multi-factor: Possession of a private key, ideally stored on a piece of secure hardware A biometric or PIN the authenticator uses to locally verify the user’s identity Reasoning about a PIN being used as a factor is simpler than a biometric.

Passwords

Passwords Surveillance Authentication Risk

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

It is interesting to note that an active Keepass (password manager) process gets killed before starting the keylogger. This is likely intended to force the user to restart the program and enter a master password that is then stolen via the keylogger. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). A segment of a lawsuit Binns filed in 2020 against the CIA, in which he alleges U.S.

Cybercrime

Cybercrime Mobile Media Hacking

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. Users should update their passwords on a regular basis.

Passwords

Passwords Surveillance Manufacturing Accountability

Who’s Hacking You?

Webroot

MARCH 9, 2021

Pretending to be someone else, these hackers manipulate their victims into opening doors to systems or unwittingly sharing passwords or banking details. Once the criminal redirects internet traffic to malicious websites or takes control of servers, the damage is inevitable. Cybersecurity Tips for Individuals and Businesses.

Hacking

Hacking DNS Surveillance Cybercrime

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication. On June 11, 2017, Terpin’s phone went dead.

Mobile

Mobile Cryptocurrency Accountability Authentication

Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. “ The bad news is that the vendor hasn’t yet addressed the flaw.

Firmware

Firmware Surveillance IoT Passwords

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

FEBRUARY 6, 2019

This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance. Ubiquitous surveillance. It’s a healthy thing that a captain of industry can see this. Advanced use cases.

Surveillance

Surveillance Technology Retail Artificial Intelligence

Privacy Roundup: Week 9 of Year 2025

Security Boulevard

MARCH 3, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The surveillance tech waiting for workers as they return to the office ArsTechnica RTO continues to pick up steam. In pursuit of "more productivity," some employers are leaning heavily into surveillance tech.

Surveillance

Surveillance Data breaches Firmware Encryption

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

In June 2016, Islam was sentenced to a year in prison for an impressive array of crimes, including stalking people online and posting their personal data on the Internet. ” who said Iza hired him to surveil Zelocchi but ultimately refused to pay him for much of the work. attorney general.

Cryptocurrency

Cryptocurrency Government Internet Internet

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-.

Firmware

Firmware Surveillance Manufacturing Advertising

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

“The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Create and enforce a password policy with adequate complexity requirements for specific accounts. Reduce the number of systems that can be reached over internet using SSH.

Media

Media Accountability Telecommunications Government

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. The document requested the Internet address history of Discord accounts tied to a specific phone number used by the target.

Accountability

Accountability Government Hacking Social Engineering

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone Episode 188: Crowdsourcing Surveillance with Flock Safety

The Security Ledger

AUGUST 21, 2020

In this episode of the Security Ledger Podcast (#188), sponsored* by LastPass, we take a look at the fast-expanding world of crowdsourced surveillance by doing a deep dive on Flock Safety, a start up that sells inexpensive license plate scanners to homeowners and police departments. Flying in Surveillance’s Gray Zone.

Surveillance

Surveillance Passwords Technology Internet

Stalkerware activity drops as glaring spying problem is revealed

Malwarebytes

OCTOBER 11, 2023

But while consenting adults can and increasingly do agree to share passwords, locations, and devices with their romantic partners, another statistic deserves scrutiny: 41 percent of the people who admitted to monitoring their partners said they did so without permission.

Surveillance

Surveillance Passwords Software Technology

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

Its business activities include the provision of services for hard disk recorders, video codes, video servers, surveillance cameras, monitoring of ball machine, road mounts and other products, as well as security services. No username or password is needed, nor are any actions needed from the camera owner. The post Patch now!

Firmware

Firmware Surveillance Marketing VPN

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Apple has also promised that passwords will be a thing of the past, and passkeys will become available for iOS 16. Dashlane last month integrated passkeys into its cross-platform password manager.

Passwords

Passwords Password Management Authentication Technology

Gh0stCringe RAT makes database servers squeal for protection

Malwarebytes

MARCH 17, 2022

Remote Access Trojans (RATs) are programs that provide the capability to allow covert surveillance or the ability to gain unauthorized access to a victim system. The problem is that there are a few very different security issues to be considered when it comes to an internet-facing SQL server. How to avoid RATs.

Encryption

Encryption Malware Surveillance Authentication

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

Soon after, the attackers were able to use their control over his mobile number to reset his Gmail account password. The bug could be exploited simply by adding the phone number of a target to the end of a Web address used by one of the company’s internal tools that was nevertheless accessible via the open Internet.

Mobile

Mobile Cryptocurrency Accountability Passwords

Hacked: Verkada Security Camera Company

SecureWorld News

MARCH 10, 2021

Founded in 2016, Verkada is a security company that focuses on surveillance and facial recognition through the use of sophisticated software in security cameras. No, these cameras are an extremely powerful part of the Internet of Things (IOT). This list did not include passwords or password hashes.". "A

Hacking

Hacking Surveillance Passwords Internet

FBI: Stolen Credentials Fueling Swatting Attacks

SecureWorld News

JANUARY 5, 2021

And the FBI says attacks like these are increasingly linked to stolen usernames and passwords. Perpetrators are increasingly using victims' smart home devices, such as home video cameras and audio surveillance technology. Users should update their passwords on a regular basis. They have all been victims of a swatting attack.

Passwords

Passwords Accountability Technology Surveillance

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

Once hacked vulnerable systems, attackers could steal personal information and conduct a wide range of malicious activities, including lock or unlock doors and gates, control elevator access, trigger alarms, intercept video surveillance streams, and manipulate HVAC systems and lights, disrupt operations.

Hacking

Hacking Advertising Surveillance Data collection

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Unfortunately, users tend to leave these passwords unchanged.

IoT

IoT DDOS Passwords Malware

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence

Artificial Intelligence Data breaches Scams Insurance

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

Threat actors exploited a critical vulnerability, tracked as CVE-2021-40539 , in the Zoho ManageEngine ADSelfService Plus software, which is self-service password management and single sign-on solution. 17 the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet.

Healthcare

Healthcare Password Management Financial Services Surveillance

SHARED INTEL: Threat actors add a human touch to boost effectiveness of automated attacks

The Last Watchdog

OCTOBER 3, 2019

Instead of encrypting the hard drives of individual victims, and demanding payments of a few hundred dollars, a skilled team collaborated to break into an organization’s network; surveil the network layout; and then embed the malware. Nuanced hacks Another ring honing automated, active techniques is the Baldr password stealing gang.

Encryption

Encryption Malware Ransomware Cyber Attacks

Understanding and Recognizing Tech Abuse

SecureWorld News

AUGUST 16, 2023

A common example of this is surveillance. We normalize the use of surveilling and tracking young people through "parentware" or spyware (software which allows someone to see what someone else is doing on their device) and apps which enable the tracking of someone's location. Earlier, I discussed the normalization of surveillance.

Surveillance

Surveillance Technology Accountability Spyware

US NCSC and DoS share best practices against surveillance tools

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

Trending Sources

Camera tricks: Privacy concerns raised after massive surveillance cam breach

RedTorch Formed from Ashes of Norse Corp.

New IoT Security Regulations

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

3.5m IP cameras exposed, with US in the lead

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

US Journalist Detained When Returning to US

5 pro-freedom technologies that could change the Internet

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Ferocious Kitten: 6 years of covert surveillance in Iran

European firm DSIRF behind the attacks with Subzero surveillance malware

Canadian Man Arrested in Snowflake Data Extortions

FBI warns swatting attacks on owners of smart devices

Who’s Hacking You?

Hanging Up on Mobile in the Name of Security

Episode 188: Crowdsourcing Surveillance with Flock Safety

Guardzilla Security Video System Footage exposed online

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

Privacy Roundup: Week 9 of Year 2025

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Botnet operators target multiple zero-day flaws in LILIN DVRs

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Episode 188: Flock Safety Flies in Surveillance Technology’s Gray Zone Episode 188: Crowdsourcing Surveillance with Flock Safety

Stalkerware activity drops as glaring spying problem is revealed

Patch now! Insecure Hikvision security cameras can be taken over remotely

The Challenges Facing the Passwordless Future

Gh0stCringe RAT makes database servers squeal for protection

Busting SIM Swappers and SIM Swap Myths

Hacked: Verkada Security Camera Company

FBI: Stolen Credentials Fueling Swatting Attacks

Over 100 flaws in management and access control systems expose buildings to hack

Overview of IoT threats in 2023

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

SHARED INTEL: Threat actors add a human touch to boost effectiveness of automated attacks

Understanding and Recognizing Tech Abuse

Stay Connected