2014 and Video - Information Management Today

Indian video on demand giant ZEE5 has been hacked

Security Affairs

JUNE 7, 2020

The Indian video on demand giant ZEE5 has been hacked, attackers are threatening to sell the database on the cybercrime underground markets. ZEE5 is an Indian video on demand service run by Essel Group via its subsidiary Zee Entertainment Enterprises. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Passwords

Passwords Sales Archiving Marketing

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020. SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

Ransomware

Ransomware Data breaches Insurance Encryption

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$

Security Affairs

AUGUST 16, 2019

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. The Video is self-explanatory. I recorder a video to explain how to easily pair USBsamurai with LOGITacker. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Wanna know how to make it? Longer Range).

Security

Security Access IT Information Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

0patch released micropatch for BearLPE Zero-Day flaw in Windows 10 Task Scheduler

Security Affairs

MAY 31, 2019

Researchers at 0patch released a temporary micropatch for the unpatched BearLPE local privilege escalation zero-day flaw in Windows 10. SandboxEscaper published a video PoC of the Windows zero-day that shows how to trigger it on Windows x86. I can confirm that this works as-is on a fully patched (May 2019) Windows 10 x86 system.

Education

Education Cybersecurity Security IT

Did Maze ransomware operators steal 10 GB of data from Canon?

Security Affairs

AUGUST 7, 2020

The problem was first reported by Bleepingcomputer, which tracked a suspicious outage on Canon’s image.canon cloud photo and video storage service. If confirmed this means that the outage was not caused by the ransomware infection, but that anyway Maze operators have exfiltrated 10 GB of data from the company. Pierluigi Paganini.

Ransomware

Ransomware Military Encryption Cloud

Hacktivist Martin Gottesfeld 10 years in prison for hospital cyberattack

Security Affairs

JANUARY 12, 2019

The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Security

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

“We were able to find the presence of a Remote Code Execution (RCE) vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then failed to apply subsequent security patches to.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Communications Privacy Risk

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

Security Affairs

JANUARY 25, 2020

Cisco addressed a vulnerability in Cisco Webex that could be exploited by a remote, unauthenticated attacker to join a protected video conference meeting. out of 10, it was discovered while its experts were resolving a Cisco TAC support case. This flaw affects Webex Video Mesh Software releases earlier than 2019.09.19.1956m.

Passwords

Passwords Authentication Security Access

A flaw could have allowed hackers to take over any Instagram account in 10 minutes

Security Affairs

JULY 15, 2019

When Instagram users request to recover their passwords, they have to confirm a six-digit secret passcode (that expires after 10 minutes) that is sent to their associated mobile number or email account. Also, I realized that the code expires in 10 minutes, it makes the attack even harder, therefore we need 1000s of IPs to perform the attack.

Passwords

Passwords Cloud Security IT

South Korea – 1,600 guests at 30 motels secretly live streamed

Security Affairs

MARCH 21, 2019

Four people from South Korea are accused of secretly live streaming, and selling videos made with spy-cam installed in 42 motel rooms at 30 motels in 10 cities in South Korea. 10 million penalty for porn distribution. The group transmitted the videos via a streaming website that was using servers abroad.

Sales

Sales Government Access Security

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Security Affairs

OCTOBER 9, 2020

Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras. received a CVSS score of 8.8

Authentication

Authentication Libraries Access Security

Zoom is working on a patch for a zero-day in Windows client

Security Affairs

JULY 9, 2020

Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the video conferencing software Zoom. Pierluigi Paganini.

Security

Security Privacy IT Information Security

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

Accounts for media streaming, social media, file sharing, virtual private networks (VPNs), and adult-content sites all trade for significantly under $10.” Using the recently launched model of ATO “as-a-service”, a criminal can rent an identity for less than $10. ” reads the report published by the experts.

Marketing

Marketing Passwords Financial Services Access

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity, QuoIntelligence (QuoINT) firm reported. Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. a South Korean video game company.”

Healthcare

Healthcare Communications IT Security

DC SEO 3.0 & Internet Marketing Top 10 2014 Tips for Local or Small Businesses

Interactive Information Management

DECEMBER 6, 2013

The most challenging theme we see is the gap between the SEO skills a small business understands or can afford to hire, and the SEO skills truly relevant and necessary in the evolving 2014 DC SEO and online marketing environment.

Marketing

Marketing Metadata B2C Communications

Courts Hand Down Hard Jail Time for DDoS

Krebs on Security

JANUARY 14, 2019

On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.

IoT

IoT Sales Access Government

NewCo New York 2014: My Chairman’s Picks To Visit

John Battelle's Searchblog

AUGUST 25, 2014

The post NewCo New York 2014: My Chairman’s Picks To Visit appeared first on John Battelle's Search Blog. 10:30 am – Foursquare. SeakGeek helps fans figure out if they are getting scalped for tickets, and Animoto helps anyone make great videos (I could use the help!). Runners Up : SeatGeek and Animoto.

Marketing

Marketing Education Blockchain Mining

A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account

Security Affairs

AUGUST 2, 2020

The vulnerability is rated as a critical severity and received a CVSS base score of 10/10. Due to the critical severity of this issue and the simplicity in exploiting it, WordFence did not release a proof of concept video for this issue. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Access

Access IT Security Information Security

Google researcher found BleedingTooth flaws in Linux Bluetooth

Security Affairs

OCTOBER 14, 2020

out of 10. Nguyen released a Proof-of-concept code for this vulnerability an exploit along with a video PoC demonstrating the issue. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The flaw impacts Linux kernel 3.6

Encryption

Encryption Security Risk Access

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

Security Affairs

MARCH 18, 2020

TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons. The security breach was spotted on January 10, the company quickly addressed the vulnerability exploited by the attacker to compromise the website. Pierluigi Paganini.

Data breaches

Data breaches Access Libraries Passwords

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

DECEMBER 30, 2018

So here it is - 10 Personal Financial Lessons for Technology Professionals. I don't just mean at the crazy rich end of the scale (4 of the world's top 10 richest people did it in tech - Bezos, Gates, Zuckerberg and Ellison), but at all levels of our profession. Intro: This Industry Rocks!

Education

Education Marketing IT Insurance

StrandHogg 2.0 Android flaw affects over 1 Billion devices

Security Affairs

MAY 26, 2020

The permissions granted to the app could allow spying on the user by accessing the camera and microphone, obtaining the device’s location, reading the SMSs, capturing login credentials (including 2FA codes via SMS), accessing private photos and videos, accessing contacts and call logs, and also making calls and recording the victim’s conversations.

Manufacturing

Manufacturing Access Phishing Security

White hat hacker demonstrated how to hack a million Instagram accounts

Security Affairs

AUGUST 26, 2019

The photo and video-sharing social networking service implemented a mechanism that prevents brute-force attacks aimed at obtaining this code. For example, if you request pass code of 100 thousand users using the same device ID, you can have a 10 percent success rate since 100k codes are issued to the same device ID.”

Passwords

Passwords IT Security

A vulnerability in Zoom platform allowed miscreants to join Zoom meetings

Security Affairs

JANUARY 28, 2020

The popular video conferencing Zoom is affected by a vulnerability that could be exploited to join meetings and view all content shared by participants. The issue allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.

Passwords

Passwords Security Access IT

0patch releases free unofficial patches for Windows 0days exploited in the wild

Security Affairs

MARCH 27, 2020

Microsoft pointed out that a successful attack on systems running supported versions of Windows 10 could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Libraries

Libraries Risk Security IT

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The banking trojan is able to record keystrokes, to steal passwords stored on the PC, and take screenshots and videos from the victims’ machine. Lisov was detained six days in an immigration detention facility before being transferred from a prison in Pennsylvania on June 10. ” said Topolsky. .” ” said Topolsky.

Passwords

Passwords Security IT Information Security

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

AUGUST 23, 2019

On July 10, agents of the SBU raided the nuclear power plant and discovered the equipment used by the employees to mining cryptocurrency. The SBU seized equipment composed of two metal cases containing that included coolers and video cards ( Radeon RX 470 GPU), computer components commonly used in mining factories. Pierluigi Paganini.

Mining

Mining Military Security Access

Facebook is secretly using iPhone’s camera as users scroll their feed

Security Affairs

NOVEMBER 12, 2019

pic.twitter.com/B8b9oE1nbl — Joshua Maddux (@JoshuaMaddux) November 10, 2019. The expert explained that the privacy issue in Apple iPhone could be exploited by iOS app developers to silently take users’ photos and record their live video by enabling both front and back cameras. TNW contacted Facebook for comment.

Privacy

Privacy Access Security IT

Cisco addressed a high-severity bug in Webex that could allow Remote Code Execution

Security Affairs

JANUARY 14, 2020

Cisco Systems has released security fixes for two high-severity vulnerabilities in its products, including a remote code execution flaw in the Webex video conferencing platform. The Webex flaw resides in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing.

Authentication

Authentication Security IT Information Security

CERT-Bund warns of a critical vulnerability in VLC player

Security Affairs

JULY 22, 2019

“This suggests that to exploit the vulnerability a prepared video file must be played. . “This suggests that to exploit the vulnerability a prepared video file must be played. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported the Heuse.de ” reported the Heuse.de

Security

Security IT Information Security

Memory corruption flaw in AMD Radeon driver allows VM escape

Security Affairs

SEPTEMBER 18, 2019

This flaw affects the AMD Radeon RX 550 and the 550 series video cards and it could be exploited only when running VMWare Workstation 15. build-12990004 with Windows 10 x64 as the guestVM is running. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. DLL driver. DLL driver. Pierluigi Paganini.

Security

Security IT Information Security

Lamphone: spying on conversations by watching a light bulb in the room

Security Affairs

JUNE 13, 2020

The experts used three telescopes with different lens diameters (10, 20, 35 cm) and an electro-optical sensor (the Thorlabs PDA100A2. Below the video PoC published by the experts: The Lamphone technique is very effective, its efficiency could be improved by using high-range equipment. Pierluigi Paganini.

Paper

Paper IT Security Information Security

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search. The samples we found run on Windows 10, including Windows 10 S Mode.” Make frequent backups of important data.

Mining

Mining Libraries Analytics Security

Security Affairs newsletter Round 246

Security Affairs

DECEMBER 29, 2019

Former contractor sentenced to 10 months in prison for hacking airline Jet2. Thai Officials confirmed the hack of prison surveillance cameras and the video broadcast. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Security

Security Ransomware Encryption Cybersecurity

Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections

Security Affairs

JANUARY 12, 2019

Experts from cloud-security firm Avanan first observed a campaign busing this issue on November 10. “Z-WASP emails flooded inboxes around November 10, when we detected the problem. Below a video PoC of the attack published by Avanan: ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Cloud Security IT

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Access

Access Risk Data collection Authentication

Crooks use Star Wars saga as bait in Phishing and malware attacks

Security Affairs

JANUARY 2, 2020

2018 2019 Change Attacks detected 257,580 285,103 +10% Number of unique files 16,395 11,499 -30% Users targeted 50,196 37,772 -25%. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Phishing

Phishing Authentication Cloud Security

Robots at HIS Group are vulnerable to hack

Security Affairs

OCTOBER 23, 2019

The Japanese hotel chain HIS Group admitted that its in-room robots were vulnerable and could allow hackers to remotely view video footage from the devices. The HIS Group hotel chain has 10 locations in Japan that used robots instead of human personnel to provide some services. On October 12, 2019, the researcher Lance R.

Manufacturing

Manufacturing Access Risk Security

Iran – Government blocks Internet access in response to the protests

Security Affairs

NOVEMBER 24, 2019

After the announcement of the government to cut fuel subsidies, protests erupted in Iran and the authorities blocked access to the internet to prevent the spreading of news, videos, and images online. At the current time national connectivity has risen further to 10%. Pierluigi Paganini. SecurityAffairs – Iran, Internet access).

Access

Access Government Security IT

SandboxEscaper is back with a new Windows Zero-Day in Task Scheduler

Security Affairs

MAY 22, 2019

SandboxEscaper is back with a new Windows Zero-Day in Win 10 Task Scheduler. The developer SandboxEscaper makes the line again, this time he publicly released the exploit code for a Windows zero-day that affect the Windows 10 Task Scheduler. I can confirm that this works as-is on a fully patched (May 2019) Windows 10 x86 system.

Passwords

Passwords Access Security IT

Expert found privilege escalation issue in LG Device Manager

Security Affairs

FEBRUARY 18, 2019

The researcher developed proof-of-concept (PoC) exploits for Windows 7 and Windows 10, he also published a video PoC for the vulnerability. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Access

Access Security IT

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Security Affairs

JULY 10, 2019

But did you know that YouTube allows comments on most videos and that those comments sections can contain links posted by predatory adults hiding behind fake profiles? What does this have to do with streaming videos? These are videos being broadcast to the user’s friends list, but the recording of it can be shared.

Access

Access Education Privacy Communications

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

It’s time to patch again the Cisco Webex video conferencing software of your organization to avoid ugly surprise. Due to poor ACLs, any local or domain user can start the process over Window’s remote service interface (except on Windows 10, which requires an administrator login).” Pierluigi Paganini.

Systems administration

Systems administration Authentication Security IT

Tortuga Crisis: Moonwalk, one of the biggest pirate CDNs eliminated dragging other big CDN-providers down

Security Affairs

OCTOBER 25, 2019

It was one of the biggest suppliers of illegal video content to thousands of pirate websites, which allowed to automate pirated content distribution. All the three CDNs are known as the biggest providers of pirated video content to Russian streaming websites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Marketing

Marketing Cybersecurity IT Security

Indian video on demand giant ZEE5 has been hacked

SeaChange video delivery provider discloses REVIL ransomware attack

Webinars

Trending Sources

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$

Webinars

0patch released micropatch for BearLPE Zero-Day flaw in Windows 10 Task Scheduler

Did Maze ransomware operators steal 10 GB of data from Canon?

Hacktivist Martin Gottesfeld 10 years in prison for hospital cyberattack

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

A flaw could have allowed hackers to take over any Instagram account in 10 minutes

South Korea – 1,600 guests at 30 motels secretly live streamed

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Zoom is working on a patch for a zero-day in Windows client

15 billion credentials available in the cybercrime marketplaces

China-linked Winnti APT targets South Korean Gaming firm

DC SEO 3.0 & Internet Marketing Top 10 2014 Tips for Local or Small Businesses

Courts Hand Down Hard Jail Time for DDoS

NewCo New York 2014: My Chairman’s Picks To Visit

A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account

Google researcher found BleedingTooth flaws in Linux Bluetooth

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

10 Personal Finance Lessons for Technology Professionals

StrandHogg 2.0 Android flaw affects over 1 Billion devices

White hat hacker demonstrated how to hack a million Instagram accounts

A vulnerability in Zoom platform allowed miscreants to join Zoom meetings

0patch releases free unofficial patches for Windows 0days exploited in the wild

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Facebook is secretly using iPhone’s camera as users scroll their feed

Cisco addressed a high-severity bug in Webex that could allow Remote Code Execution

CERT-Bund warns of a critical vulnerability in VLC player

Memory corruption flaw in AMD Radeon driver allows VM escape

Lamphone: spying on conversations by watching a light bulb in the room

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs newsletter Round 246

Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections

Over 100 flaws in management and access control systems expose buildings to hack

Crooks use Star Wars saga as bait in Phishing and malware attacks

Robots at HIS Group are vulnerable to hack

Iran – Government blocks Internet access in response to the protests

SandboxEscaper is back with a new Windows Zero-Day in Task Scheduler

Expert found privilege escalation issue in LG Device Manager

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Tortuga Crisis: Moonwalk, one of the biggest pirate CDNs eliminated dragging other big CDN-providers down

Stay Connected