“The biggest thing (coming in 2020) is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.” *
----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more
* Thus, a need for more TSCM; the yin to espionage yang.
Thursday, January 2, 2020
Wednesday, January 1, 2020
The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters
Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.
Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.
It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more
Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.
It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more
Tuesday, December 31, 2019
Get Ready for a Wild Security Ride in 2020
Drones are considered mainstream business tools and are used from surveillance and delivery to agriculture and mining.
Now Santa's Toys Know if You Are Naughty or Nice
Christmas is over, which means there may be a few extra toys for children in the house.
Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.
...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more
Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.
...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more
This Month in Spycam News
UK - A school caretaker who installed a hidden camera in a toilet used by female teachers was sentenced to prison after the device recorded him committing the crime... When investigators searched Stupples' house, they discovered 76 videos and nearly 150,000 photos recorded from 50 separate instances of people using the toilet... Even as Stupples initially denied installing the hidden camera, his defense soon fell apart after prosecutors told the court how the accused was "very clearly visible" in one of the videos that showed him installing the device. more
US - Charges are expected to be filed Friday against a one-time registered sex offender suspected of mounting a small video camera inside a grocery store bathroom in Cathedral City. more
US - A Georgia army officer with high-ranking clearance has been arrested on charges of distribution of child pornography after an FBI agent caught him sharing nude pictures of a teenage relative captured via a spy camera. more
CA - A 56-year-old Owen Sound man is facing voyeurism charges after police allege he had been secretly filming a resident for months. Detectives with the Owen Sound Police uncovered a video camera that had been hidden in a fake heating vent in the washroom of an apartment... Police say the man worked maintenance for the building in which the incident occurred and allege the camera was installed in anticipation of a new tenant moving into the unit earlier this year. more
UK - A "deviant" voyeur secretly filmed a woman trying on a dress in a supermarket changing room - but was caught when her nine-year-old daughter saw what was happening. more
US - Charges are expected to be filed Friday against a one-time registered sex offender suspected of mounting a small video camera inside a grocery store bathroom in Cathedral City. more
US - A Georgia army officer with high-ranking clearance has been arrested on charges of distribution of child pornography after an FBI agent caught him sharing nude pictures of a teenage relative captured via a spy camera. more
CA - A 56-year-old Owen Sound man is facing voyeurism charges after police allege he had been secretly filming a resident for months. Detectives with the Owen Sound Police uncovered a video camera that had been hidden in a fake heating vent in the washroom of an apartment... Police say the man worked maintenance for the building in which the incident occurred and allege the camera was installed in anticipation of a new tenant moving into the unit earlier this year. more
UK - A "deviant" voyeur secretly filmed a woman trying on a dress in a supermarket changing room - but was caught when her nine-year-old daughter saw what was happening. more
Friday, December 27, 2019
Walt Disney World Employee Charged with Illegal Recording
A Walt Disney World employee made an illegal audio recording of her interview with Disney security officials while being questioned about thefts at the theme parks, according to prosecutors.
Alicia Reese later shared that secret recording with Patrick Spikes, a former Disney employee who is accused of breaking into a theme park attraction and stealing props, deputies allege.
Prosecutors have charged Reese with an illegal interception of oral communications, a felony punishable by up to five years in prison.
Reese and Spikes have pleaded not guilty to the charges against them. Reese, who had been an employee of ESPN Club restaurant at Disney’s Boardwalk Resort, was interviewed by two Disney security investigators in March about thefts from the company. more
Alicia Reese later shared that secret recording with Patrick Spikes, a former Disney employee who is accused of breaking into a theme park attraction and stealing props, deputies allege.
Prosecutors have charged Reese with an illegal interception of oral communications, a felony punishable by up to five years in prison.
Reese and Spikes have pleaded not guilty to the charges against them. Reese, who had been an employee of ESPN Club restaurant at Disney’s Boardwalk Resort, was interviewed by two Disney security investigators in March about thefts from the company. more
Thursday, December 26, 2019
The 11 types of business failure – and how you can learn from the mistakes of others
Founders and business professionals can learn a lot about the failure landscape from Robin Banerjee’s new book, Who Blunders and How: The Dumb Side of the Corporate World. The eleven chapters are written in a conversational style and span 265 pages, full of examples, analysis and tips...
(Guess what made the list.)
Some rivalries between business groups have led to allegations of unethical advertising practices, and even corporate espionage... more
It's easy to "blunder" when it comes to corporate espionage. By definition, espionage is a covert practice. Because you don't see it, you don't believe it is happening. Successful espionage is invisible. Only failures make the news. Successful corporations employ specialists to monitor for espionage.
(Guess what made the list.)
Some rivalries between business groups have led to allegations of unethical advertising practices, and even corporate espionage... more
It's easy to "blunder" when it comes to corporate espionage. By definition, espionage is a covert practice. Because you don't see it, you don't believe it is happening. Successful espionage is invisible. Only failures make the news. Successful corporations employ specialists to monitor for espionage.
The Top 200 Worst Passwords of 2019
Independent researchers, who requested to stay anonymous, compiled and
shared with us a list of 200 most popular passwords that were leaked in
data breaches just this year. The database is quite impressive — 500
million passwords in total. And if you think that’s a lot of leaked
passwords, we have some bad news for you — it’s just the tip of the
iceberg. more
Here are the Top 20 to get you started...
Top 2020 New Years Resolution... Fortify your passwords.
Here are the Top 20 to get you started...
Top 2020 New Years Resolution... Fortify your passwords.
World's Smallest Video Camera (unfreakinbelieveable!)
This company in Taiwan has been reducing the size of video cameras year after year. I would like to say this is the smallest possible, but they continue to surprise.
If you have privacy concerns caused by the flood of covert video surveillance cameras, stop by here and learn how to fight back.
If you have privacy concerns caused by the flood of covert video surveillance cameras, stop by here and learn how to fight back.
Trend Micro Reveals Security Worries for 2020
In 2020, tried-and-tested cyber crimes – such as extortion, obfuscation and phishing – will remain, but new risks will inevitably emerge.
Full 5G implementations will introduce new security threats and the increased migration to the cloud will see more organizations facing risks from their cloud and supply chain.
In addition, the sheer number of connected assets and infrastructures will open doors to threats, and fake images, videos, or audio will be used to manipulate enterprise business procedures.
This is according to a new report from security firm Trend Micro, titled: “The New Norm: Trend Micro Security Predictions for 2020.”
...of special interest to our clients...
Full 5G implementations will introduce new security threats and the increased migration to the cloud will see more organizations facing risks from their cloud and supply chain.
In addition, the sheer number of connected assets and infrastructures will open doors to threats, and fake images, videos, or audio will be used to manipulate enterprise business procedures.
This is according to a new report from security firm Trend Micro, titled: “The New Norm: Trend Micro Security Predictions for 2020.”
...of special interest to our clients...
Machine learning and AI will be abused to listen in on connected devices like smart TVs and speakers to snoop on personal and business conversations, which can then provide material for extortion or corporate espionage. moreIOT devices used for espionage, extortion.
Thursday, November 21, 2019
"Electronic Device" Found in Mayor's Office
MI - Flint Police are investigating after an electronic surveillance device was found inside Flint City Hall.
The device was found in the mayor's office, Interim Police Chief Phil Hart said.
Hart said he cannot speak as to what the capabilities of the electronic surveillance device are at this time.
No other information has been released because it is still under investigation. more
Former Flint Police Chief Timothy Johnson believed the device could've been in City Hall when Former Mayor Karen Weaver was in office.
He said she was concerned when she moved into City Hall that it had been bugged with recording devices. So Johnson said they checked her office, even removing ceiling tiles.* But, he explained, Weaver's was the only office they checked. more
* A professional technical surveillance countermeasures inspection is quite a bit more thorough.
The device was found in the mayor's office, Interim Police Chief Phil Hart said.
Hart said he cannot speak as to what the capabilities of the electronic surveillance device are at this time.
No other information has been released because it is still under investigation. more
Former Flint Police Chief Timothy Johnson believed the device could've been in City Hall when Former Mayor Karen Weaver was in office.
He said she was concerned when she moved into City Hall that it had been bugged with recording devices. So Johnson said they checked her office, even removing ceiling tiles.* But, he explained, Weaver's was the only office they checked. more
* A professional technical surveillance countermeasures inspection is quite a bit more thorough.
Spybuster Tip #734: Don't Store Incriminating Photos on Your Android Phone
This time around, a team of security researchers found a terrifying flaw with the Android camera apps that could let malicious apps completely take control over a phone’s camera to spy on users without their knowledge.
It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...
Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.
To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.
The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.
But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more
It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...
Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.
To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.
The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.
But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more
Tuesday, November 19, 2019
WhatsApp? Eavesdropping. That's WhatsApp.
WhatsApp parent company Facebook has issued a warning about a new vulnerability on its hugely-popular chat app, which could let hackers take control of their device remotely and eavesdrop on your every conversation.
Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.
And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...
WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa
According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.
Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.
And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...
WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa
According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.
- Android versions of WhatsApp before 2.19.274
- iOS versions of WhatsApp before 2.19.100
- Enterprise Client versions of WhatsApp before 2.25.3
- Windows Phone versions of WhatsApp before and including 2.18.368
- Business for Android versions of WhatsApp before 2.19.104
- Business for iOS versions of WhatsApp before 2.19.100
Beginner's Guide to Small Business Cyber Security
Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...
Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more
Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...
Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more
Eavesdropping Vulnerability: Cisco SPA100 - Update Firmware
While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.
If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.
Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.
...if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild. more
If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.
Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.
...if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild. more
Subscribe to:
Posts (Atom)