Tag Archive for: hacked

CISA Systems Hacked: Ivanti Vulnerabilities Exploited, Urgent Security Measures Advised


Officials from the Cybersecurity and Infrastructure Security Agency (CISA) recently disclosed a successful hack of the agency’s systems in February that involved hackers taking advantage of flaws in Ivanti products.

The CISA spokesperson confirmed this security incident, revealing that the agency detected suspicious activities pointing to exploiting Ivanti product vulnerabilities approximately a month ago, as reported by Recorded Future News.

The impact of the CISA breach was contained in two specific systems and swiftly taken offline as part of immediate response measures. Emphasizing the ongoing efforts to modernize and upgrade systems, the spokesperson assured that there is currently no operational impact.

The Impact of the CISA Cyber Breach

According to a person with knowledge, the hacked systems were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT). These two systems held important data about how U.S. infrastructure is interdependent and private sector chemical security plans. CISA has neither confirmed nor denied this information.

CSAT, recognized for storing susceptible industrial data, including tools for high-risk chemical facilities, site security plans, and security vulnerability assessments, was a focal point of the breach.

CISA Confirms Cyber Breach: Ivanti Product Flaws Exploited by Unknown Hackers

In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic. (Photo : Sean Gallup/Getty Images)

In response to the incident, CISA advised enterprises to study a Feb.29 alert warning of actively exploiting Ivanti Connect Secure and Ivanti Policy Secure gateway vulnerabilities. The vulnerabilities are CVE-2023-46805, 2024-21887, and 2024-21893.

“This is a reminder that any organization can be affected by a cyber vulnerability, and having an incident response plan in place is a necessary component of resilience,” the CISA spokesperson noted.

The CISA is a…

Source…

How To Stop Your Wireless Security Camera From Being Hacked


As well as enabling you to remotely keep an eye on your home, wireless security cameras should also protect your data security and home privacy. 

Our product tests and investigations have revealed models that lack even basic protections, and could put you at risk of being hacked.  

All wireless security cameras we review are fully assesed for how they protect you and your data from hackers. See the best wireless security cameras. 

How wireless security cameras get hacked

There are many different ways that an indoor surveillance camera might be targeted by hackers. 

Weak or generic default passwords are one of the most exploitable issues you’ll find. Some wireless cameras come with weak usernames, such as ‘admin’, and also easy to guess passwords, such as ‘admin’ (again), ‘888888’ or ‘123456’. Attackers know this, and can scan for cameras that are online to try these weak login details to gain access. You can also use a password manager to help.

Password security is also an issue if the camera sends unencrypted data. Even if you change the camera’s password, some cameras will send it, unencrypted, over the internet. This means that when you enter your password, an attacker could steal it and use it to access your camera. Some cameras even transmit your wi-fi password, too, putting your home internet at risk.

With some cameras, an attacker can take complete control over the device – known as full camera takeover. This involves gaining what’s known as ‘root’ access to the camera; a bit like having the keys to the front door of a house. They can then tamper with virtually any aspect of the camera and even load it up with malware.


Could your wireless camera be breaking the law? Read more about the laws around privacy and recording footage with security cameras at the home.


What happens if my camera gets hacked?

Unless the camera starts moving without you doing anything, or a voice sounds from the built-in microphone, you might not actually know that your camera has been hacked.

However, the impact of a hacking attack can be devastating; from intrusion to your privacy to potential compromise of other connected devices you have at home.

Smart home spying

Dodgy cameras…

Source…

Google Engineers Hacked The PlayStation Portal And Turned It Into A PSP Emulator


Sony’s PlayStation Portal handheld is designed to stream games from your PS5, but that hasn’t stopped Google engineers from hacking the device to run emulated PSP games. Google security engineer Calle Svensson and cloud vulnerability researcher Andy Nguyen showed off some of their work on X/Twitter, revealing a PlayStation Portal running the PSP version of Grand Theft Auto 3 through the PPSSPP emulator.

Nguyn added in a second tweet that the hack is entirely software-based, allowing the engineers to exploit vulnerabilities in the handheld without needing to change its hardware. Don’t expect this hack to go public, as Nguyen said there are currently no plans to release it.

Sony has only released a few consoles of the portable variety over the years, as it ventured into this market with the PSP in 2004 and followed it up with the PS Vita in 2011. Each handheld console received several revisions over the years, but the PlayStation Portal takes a different approach to stand out from competitor devices like the Nintendo Switch, Steam Deck, and ROG Ally. Combining a sharp display with DualSense-inspired controllers, the PlayStation portal streams games from your PS5 over wi-fi and was launched late last year.

“With a limited use-case and inconsistent performance from remote play, as well as the way it rarely takes advantage of the PS5 ecosystem, the PlayStation Portal is tough to recommend,” Michael Higham wrote in GameSpot’s PlayStation Portal hands-on feature. “If the PS5 is your primary gaming platform, and if you have a strong internet connection throughout your home, and if you’re in situations where you’re eager to play PS5 games without access to the TV the console is connected to, then you’ll get plenty of use out of the Portal.”

Source…

Fulton county’s systems were hacked. Already weary officials are tight-lipped | Georgia


As a Fulton county, Georgia, board of registration and elections meeting began in earnest on Thursday afternoon, the elections director, Nadine Williams, unfurled a prepared statement about a recent hack of county government computers.

“There is no indication that this event is related to the election process,” Williams said. “In an abundance of caution, Fulton county and the secretary of state’s respective technology systems were isolated from one another as part of the response efforts. We are working with our team to securely reconnect these systems as preparations for upcoming elections continue.”

Any time the Fulton county elections board meets, a cantankerous crowd greets them to pepper appointees with challenges to voter registrations or demands for paper ballots or generally unsympathetic noise. The rancor of the 2020 election and its unfounded charges of vote tampering still ripple through the democratic process. Elections officials in Fulton county take care about what they say, knowing that a platoon of critics lie waiting to pounce on a misplaced word.

Even by that standard, county officials have been holding uncharacteristically tightly to a prepared script – or saying nothing at all – in the days since a computer breach debilitated everything from the tax and water billing department to court records to phones.

“Because it’s under investigation, they’re telling me to stick to a list of talking points,” said the Fulton county commissioner Bridget Thorne. “The county attorney drafted them.”

She did say that the county had come under a ransomware attack – and that the county had not paid off the attacker. “We’re insured very well,” she said.

Systems began to fail on the weekend of 27 January. Ten days later, the phones for most departments returned a busy signal error when callers rang them up.

County officials either cannot or will not directly and completely answer important questions about the cyber-attack’s scope. The Fulton county chair Robb Pitts made a brief statement on 29 January about the hack without taking questions.

Source…