Working from home during the pandemic cost German companies some 53 billion euros ($62 billion) worth of damages from cyber attacks, according to estimates by the Cologne Institute for Economic Research.
Overall damages hit a record 224 billion euros last year, more than double the value reported in a 2019 survey. Increased remote work accounted for about a quarter of the increase, according to researcher Barbara Engels, whose calculations are based on a Bitkom survey. more
From rooftop to basement and the bedrooms in between, much of the technology making consumer products smart comes from a little-known Chinese firm, Tuya Inc. of Hangzhou. More than 5,000 brands have incorporated Tuya’s technology in their products... Smart home thermostats. Smart home security cameras. Smart refrigerators. Smart TVs. Smart pet feeders. Smart breast pumps...
Security researchers have found a way to remotely execute code on a fax machine by sending a specially crafted document to it. So… who cares about fax? Well apparently a lot of persons are still using it in many institutions, governments and industries, including the healthcare industry, legal, banking and commercial. Bureaucracy and old procedures tend to die hard.
"Our research set out to ask what would happen if an attacker, with merely a phone line at his disposal and equipped with nothing more than his target`s fax number, was able to attack an all-in-one printer by sending a malicious fax to it.
In fact, we found several critical vulnerabilities in all-in-one printers which allowed us to ‘faxploit’ the all-in-one printer and take complete control over it by sending a maliciously crafted fax." more
via krebsonsecurity.com
Criminal hackers will try almost anything to get inside a profitable
enterprise and secure a million-dollar payday from a ransomware
infection. Apparently now that includes emailing employees directly and
asking them to unleash the malware inside their employer’s network in
exchange for a percentage of any ransom amount paid by the victim
company.
Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.
This particular scammer was fairly chatty, and over the course of
five days it emerged that Hassold’s correspondent was forced to change
up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub. more
The security issue impacts products from various manufacturers that provide video and surveillance solutions, as well as home automation IoT systems, which are all connected via ThroughTek’s Kalay IoT cloud platform.
American cybersecurity firm Mandiant revealed the CVE-2021-28372 bug after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA).
Because the Kalay platform is used by devices from a large number of manufacturers, it is difficult to create a list with the affected brands. Mandiant were unable to determine how many devices are affected, but they warned that more than 83 million users are currently using Kalay. more
An adversary would be able to remotely compromise an IoT device by
exploiting the flaw and could compromise device credentials, watch
real-time video data, and listen to live audio. more
The ship carries a range of deep-diving submersibles and sonar systems and has been suspected of operating on undersea cables before.
Yantar took up a stationary position between two undersea internet
cables on Tuesday morning. According to AIS (automated identification
system) positions collected by MarineTraffic.com,
the ship moved into a position between the cables around 4am local
time. She has remained there for most of Wednesday before resuming her
journey southwest. more
Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.
According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online...
Shumeyko said he is sharing his story because he felt like Apple took
advantage of him and didn't compensate him for the information that he
provided to the company's Global Security team. more
Somewhere along the path between doorbell cameras and anti-tank weapons lies the newest home protection equipment – privately-owned license plate readers. A new company straight out of Y Combinator is offering machine-learning license plate capture technology for your home and office. Flock Safety, a start-up that describes itself in press releases as a crime-solving company, offers for sale TALON, a national network of automatic license plate readers. Anyone can own a node in this network.
Until recently, license plate readers had been the province of law enforcement... more
OK, how much?
The Flock Safety Falcon camera is $2,500 per camera per year, with a one-time $250 installation cost. This price includes everything — installation, maintenance, footage hosting, cellular service, and software updates. The Sparrow camera (a lighter and smaller version of our Falcon camera) costs slightly less with the same basic subscription model. more
The symptoms, which included nausea, severe headaches, ear
pain, fatigue, insomnia and sluggishness, began to emerge in recent
months and some victims were left unable to work, the diplomats said.
They are the first cases to be reported in a NATO country that hosts
U.S. troops and nuclear weapons. more
The Cyber@BGU team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers.
Although the fluctuations in LED signal strength generally aren't perceptible to the naked eye, they're strong enough to be read with a photodiode coupled to a simple optical telescope... more
Check out the other eavesdropping hits that have come out of Ben-Gurion University... here
Germany Arrests British Embassy Worker Suspected of Spying for Russia
Prosecutors accuse the British man of handing over documents to Russian agents for cash, amid growing concerns that Germany is increasingly caught in the cross hairs of international spying. more
A Chinese court has sentenced Canadian businessman Michael Spavor to 11 years in prison for espionage, more than two years after he was first detained. Spavor, a Beijing-based businessman who regularly traveled to North Korea, was sentenced after being found guilty of spying and illegally providing state secrets to foreign countries, the Dandong Intermediate People's Court said in a statement Wednesday. more
Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted. The National Security Agency’s Inspector General Robert Storch has announced a review of whether the agency illegally conducted cyber-espionage and collected the electronic communications of Fox News opinion-show host Tucker Carlson, who has accused the NSA of trying to capture embarrassing information that might lead to him being taken off the air. more
The proposal, part of a broader review of the
agency’s China capabilities by CIA Director William Burns, would elevate
the focus on China within the agency, where China has long been part of
a broader “Mission Center for East Asia and Pacific.” more
via Consumer Reports
While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks. more