Security Director Alert: Check for These Bug-Like Products at Your Location

Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs.

Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. “The most notable aspect of the vulnerabilities is what you can do simply by using the programs that get shipped on the device,” Brendan Scarvell, senior security consultant at Trustwave SpiderLabs, told Threatpost in an interview.

“This includes playing audio through the speakers, recording conversations through the microphone, activating cameras and taking photos, installing custom software/malware etc. This is pretty bad for places such boardrooms or executive offices where confidential conversations frequently happen. more

Many common office products have information security vulnerabilities. A Technical Surveillance Countermeasures (TSCM) survey, conducted by a competent consultant, will discover them for you.

College Student Pleads Guilty to Illegal Wiretapping

A Maryland university student has pleaded guilty to illegally wiretapping a congressional staffer and putting the conversation on Facebook Live without consent...

Prosecutors say Burdett, a 21-year-old advocate for Maryland Marijuana Justice, took part in a rally in front of Rep. Andy Harris' office in Salisbury, Maryland, in October. Then he and others met with a member of the congressman's staff in his office.

Harris' staff told the group not to record the meeting, citing office policy, but prosecutors say Burdett recorded and streamed it on Facebook Live without the staffer's consent. more

FutureWatch - Who Really Lives in that Apartment

NY - A Brooklyn landlord intends to install facial recognition technology at the entrance of a roughly 700-unit rent-stabilized complex, raising alarm among tenants and housing rights attorneys about what they say is a far-reaching and egregious form of digital surveillance...

“We don’t want to be tracked,” said Icemae Downes, a longtime tenant. “We are not animals. This is like tagging us through our faces because they can’t implant us with a chip.” more

Korea - Molka Means Spycam - Government Creates a Handbook for Women

The Seoul Metropolitan Government on Monday distributed guidelines on how to respond to spycam crimes for victims and law enforcement officers, amid a growing epidemic of spycam porn in the country. 

Divided into two parts -- for civilians and police officers -- the handbook was designed to raise awareness of what constitutes secondary damage to victims of spycam porn and how police officers and victims can handle such cases, according to the Seoul city government.

For example, the guidelines recommend that victims secure evidence -- such as a hidden camera -- if possible and remember the perpetrator’s appearance. If illegally filmed videos have already been distributed, the advice is to copy the links and obtain screenshots. Then the victims should report the situation to the police and ask the website or social media companies to remove the videos, the handbook says. more

-----

The (K-Pop) scandal magnifies the proliferation of hidden camera porn in South Korea — an issue which drove 22,000 women to the streets last June in the largest women’s demonstration in the nation’s history. Known as molka, meaning “spycam”, hidden camera porn has become an increasingly visible issue in South Korea, as the distribution of footage from secret, tiny cameras — often depicting women in sexual or intimate circumstances without their consent — has grown in recent years. From 2013 to 2017, police estimate nearly 6,000 cases of spycam porn each year. more

Korea - 1,600 hotel guests were secretly filmed...

...on cameras hidden in wall sockets, with footage live-streamed to paying customers!

Two South Korean men have been arrested after allegedly installing spy cameras in dozens of hotel rooms, secretly recording more than 1,600 guests and live-streaming the footage.

The men are accused of installing cameras in electrical sockets, hair dryer holders and digital TV boxes in 30 hotels in ten cities across South Korea, local police said.

They would then broadcast the footage on a website with thousands of members, charging a $44.95 monthly fee. more

Important: Learn how to inspect your hotel room (or any expectation of privacy area) for spy cameras ...and what to do if you find one.
On-line, self-paced, video training for private individuals and business.

Korea - K-pop Sex Scandal Reveals Practice of Sharing Spycam Porn

A sex scandal engulfing South Korea's K-pop industry is drawing attention and criticism to the country's problem with illegal spy cam "porn," says NPR's former Seoul correspondent...

Earlier this month, police questioned K-pop star Jung Joon-young about allegations he secretly filmed himself having sex with women and then shared the footage in private group chats.

"Tiny cameras that can be the size of lipstick containers or lighters are hidden in public places like subway stations, but also in highly private places like dressing rooms and bathrooms," Hu explained.

"The most common kind that's traded online, and shared online, and sometimes profited off of online, is footage of women having sex." more

Cops Spying on Cops, the Village President & Spycamer's in Crawlspaces

IN - A second lawsuit has been filed against New Carlisle alleging command staff in the police department secretly recorded private conversations... The five plaintiffs claim that Deputy Police Chief Brian Thompson and Chief Calleb Dittmar allegedly secretively “placed, or caused to be placed,” recording devices in the ceilings of non-essential areas of the department. more

-----

IL - Former Hinckley Chief of Police Kimberly S. Everhart has been charged with eavesdropping and official misconduct after Illinois State Police say she illegally recorded a conversation with the village president in 2017. more

-----
 
GA - A Catoosa County man is facing a handful of privacy invasion charges after he allegedly broke into a Ringgold residence and planted monitoring equipment, police say.

According to the Catoosa County Sheriff’s Office: Samuel David Townsend, 32, of 103 Parkview Drive in Ringgold, was arrested March 7 on charges of first-degree burglary, possession or sale of an eavesdropping device, unlawful eavesdropping, and Peeping Tom.

...resident reported suspicious sounds coming from underneath her home.

The victim said she was getting out of the shower when she heard a sound coming from the house’s master bathroom. The woman claimed she initially thought a mouse was in the home, but that the noise got louder almost like something was being cut...

...a white truck parked out on the street in front of the home and that the crawl space at the back of the house was open...

Sheriff Gary Sisk said Townsend did some work at the home in the past, and that he planted a recording device. more

Spybuster Tip # 629 - Watch What You Say at the Drive-Thru

Next time you have a private conversation while in a drive-through, you might want to keep it quiet — as workers in fast food restaurants are able to hear you, even when you can’t hear them.

Well, as long as they are wearing a headset and you’re parked next to the microphone with your window down, that is.

...the revelation on r/LifeProTips: They posted; “If we apologize [sic] and say we’ll be with you in a minute – you’re not on hold, we can hear everything. If you’ve ordered but the drive-thru line won’t let you pull ahead yet – we can hear every single thing you’re saying.

Suggesting that having the ability to eavesdrop isn’t always a good thing, they added: “I wish I could forget some of the stuff I’ve heard.” more

Mr. Blobby - UK TV Star & Accidential Voyeur

UK - Mr. Blobby is a big, pink blobby thing covered in yellow dots resembling a dangerous bout of liver cirrhosis. He also happens to be a dearly loved kids’ character on British TV.

However, he could have some explaining to do to Mrs. Blobby after he was caught perving on a naked woman in a bath on a billboard in the northern British city of Leicester.

Thankfully, all is not what it seems and it appears ...

A storm on Friday damaged the existing billboard’s skin – an ad for telco firm BT that showed a woman in a bath watching her laptop – which then revealed the previous ad that featured Mr. Blobby. more

Doctor Charged with Filming Women in Bathroom

We're guessing, "It's okay, I'm a doctor," will not be a valid defense.

NJ - New evidence has emerged in the case of a former Rutgers Robert Wood Johnson Medical School doctor charged with secretly recording women in a bathroom at the city hospital, according to prosecutors.

...after being charged last month in a 160-count indictment with invasion of privacy, computer theft, wiretapping, burglary, official misconduct and impersonation. ...is facing third-degree charges of allegedly photographing or videotaping victims, without their consent or knowledge, while their "intimate parts" were exposed. He’s facing fourth-degree charges in similar instances, except the victims were wearing underwear. ...the FBI is still investigating. more

Security Director Alert: Mirai Botnet Targets Corporate Presentation Systems

A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers...

Click to enlarge.

Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues. 

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack. more

In addition to checking for electronic eavesdropping devices and general information security loopholes, make sure your TSCM technicians examine IoT device settings.

Keep Your Number Private – And Still Receive Calls!

An inexpensive and easy service...

"Keep your real phone number hidden while making calls and sending texts for work, dating, Craigslist sales, and more thanks to Hushed. You'll use their simple and secure app to easily make calls on your second number (you'll even choose the area code) without committing to another long, expensive phone contract. Customize your voicemail and use Wi-Fi or data to talk without expensive service charges. It's true communication anonymity delivered." more

Bonus: 

• The Murray Associates Smartphone Security Tips
• How to Block Caller ID

The Tasmanians Have a Great Sense of Humor

Sign on hotel wall at Hobart Airport...

Ten Years of Bugging a Woman's Home Brings... a misconduct hearing?!?!

UK - A serving South Yorkshire police officer will face a misconduct hearing after being accused of bugging a woman’s home to listen in on her private conversations.

PC Christopher Birkett is accused of placing covert listening devices in a woman’s home on ‘various dates’ between March 2007 and August 2017 to listen in on her conversations.

It is alleged that on some of the occasions, PC Birkett was on duty at the time. more

Facebook - Also Concerned About Their Privacy

Nick Lovrien, the tech behemoth's chief global security officer, said in an interview...

"We work to protect intellectual property in many ways, and that's everything from making sure [employees'] computer screens on airplanes are covered so people don't accidentally share information they're not supposed to, to accidentally leaving things on the printers ... to white boards being cleaned at night," Lovrien said, adding that Facebook has additional systems in place "that identify if people are inappropriately accessing information they shouldn't have."

That's not just a theoretical risk. In the last six months, two Chinese Apple employees working on the company's secretive self-driving car project have been charged with stealing the iPhone maker's trade secrets...

Business Insider has spoken with numerous current and former employees and reviewed internal documents for an in-depth investigation into how Facebook handles its corporate security.

Sources described a hidden world of stalkers, stolen prototypes, state-sponsored espionage concerns, secret armed guards, car-bomb concerns, and more. Today, there are a staggering 6,000 people in Facebook's global security organization, working to safeguard the company's 80,000-strong workforce of employees and contractors around the world. more