Security News

MI5's storage of personal data on espionage subjects is still facing "Legal compliance risk" issues despite years of warnings from spy agency regulator IPCO, a Home Office report has revealed. Answering the question of whether MI5's data holdings are "Now legally compliant," a Home Office report, published on June 7, said MI5's "Implementation of mitigations" for "Identified risks" was still under way.

Threat hunters at Kaspersky are sounding a warning for an Iranian APT actor that has been silently conducting domestic cyber-surveillance operations for the last six years. The newly discovered APT, which Kaspersky calls Ferocious Kitten, has been active since at least 2015 and has used clever computer infection tricks to hijack Telegram and Chrome installations to deploy a malicious payload. The Russian cybersecurity vendor said it also observed signs that Android implants have been used to target mobile users in Iran.

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance.

D-Link released their new lineup of Vigilance solutions including a network video recorder and six outdoor surveillance cameras. DCS-4712E Vigilance 2 megapixel h.265 outdoor bullet camera.

The Biden administration is not planning to step up government surveillance of the U.S. internet even as state-backed foreign hackers and cybercriminals increasingly use it to evade detection, a senior administration official said Friday. The official said the administration, mindful of the privacy and civil liberties implications that could arise, is not currently seeking additional authority to monitor U.S.-based networks.

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ. According to Tillie Kottmann, a reverse engineer for the group of hackers, they gained access to these surveillance systems using a super admin account for Verkada, a surveillance company who works with all of these organizations.

While controversy over the potential overreach of neighborhood and law-enforcement video surveillance has focused mainly on Ring, an Atlanta-based startup has quietly rolled out its own network of smart surveillance cameras across the country that is again raising questions of privacy and the ire of some advocating it, according to a published report. Langley so far has not responded to an email sent Thursday by Threatpost requesting comments and details about Flock TALON and the technology's privacy protections.

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage devices running the vulnerable software. Surveillance Station is QNAP's network surveillance Video Management System, a software solution that can help users manage and monitor up to 12 IP cameras.

More than 1,200 Iranian citizens have been targeted in extensive cyber-surveillance operations backed by the Iranian government, researchers with cybersecurity firm Check Point report. The attacks, which Check Point refers to collectively as Domestic Kitten, have been ongoing for roughly four years, orchestrated by a threat actor tracked as APT-C-50, which executes the campaigns on behalf of the Iranian government.

A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. Authorities say that the IT technician "Took note of which homes had attractive women, then repeatedly logged into these customers' accounts in order to view their footage for sexual gratification." He did this by adding his personal email address to customer accounts, which ultimately hooked him into "Real-time access to the video feeds from their homes."