Tag Archive for: video

🚪 These video doorbells have terrible security, consumer experts warn


On a recent Thursday afternoon, a Consumer Reports journalist received an email containing a grainy image of herself waving at a doorbell camera she’d set up at her back door.

If the message came from a complete stranger, it would have been alarming. Instead, it was sent by Steve Blair, a CR privacy and security test engineer who had hacked into the doorbell from 2,923 miles away.

Blair had pulled similar images from connected doorbells at other CR employees’ homes and from a device in our Yonkers, N.Y., testing lab. While we expected him to gain access to these devices, it was still a bit shocking to see photos of the journalist’s deck and backyard. After all, video doorbells are supposed to help you keep an eye on strangers at the door, not let other people watch you.

Blair was able to capture those images because he and fellow test engineer David Della Rocca had found serious security flaws in this doorbell, along with others sold under different brands but apparently made by the same manufacturer. The doorbells also lack a visible ID issued by the Federal Communications Commission (FCC) that’s required by the agency’s regulations, making them illegal to distribute in the U.S.

Thousands of these video doorbells are sold each month on Amazon and other online marketplaces, including Walmart, Sears, and the globally popular marketplaces Shein and Temu. Experts say they’re just a drop in the flood of cheap, insecure electronics from Chinese manufacturers being sold in the U.S.

Previously, regulators have asserted that thousands of unsafe products, including potentially dangerous children’s sleepwear, carbon monoxide detectors and dietary supplements, have been widely available on Amazon.

“Big e-commerce platforms like Amazon need to take more responsibility for the harms generated by the products they sell,” said Justin Brookman, director of technology policy for CR. “There is more they could be doing to vet sellers and respond to complaints. Instead, it seems like they’re coasting on their reputation and saddling unknowing consumers with broken products.”

Consumer Reports warn of security flaws in certain doorbell cameras (Copyright 2024 by WKMG ClickOrlando -…

Source…

‘Spider-Man 2’ video game studio hit by $2 million ransomware attack



Perpetrators identifying themselves as the Rhysida group demanded a staggering $2 million from Insomniac – the video game studio behind ‘Spider-Man 2’ – as part of a huge ransomware attack.

Source…

Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack


Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library.

The words Zero Day interrupting a series of bunary zeros and ones.
Image: profit_image/Adobe Stock

Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit was being used by a commercial spyware vendor. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code. Any software that uses VP8 encoding in libvpx or is based on Chromium (including Microsoft Edge) might be affected, not just Chrome or Firefox.

If you use Chrome, update to 117.0.5938.132 when it becomes available; Google Chrome says it may take “days/weeks” for all users to see the update. In Firefox, the exploit is patched in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1 and Firefox for Android 118.1.

Jump to:

This zero-day vulnerability originates in libvpx library

The zero-day exploit is technically a heap buffer overflow in VP8 encoding in libvpx, which is a video code library developed by Google and the Alliance for Open Media. It is widely used to encode or decode videos in the VP8 and VP9 video coding formats.

“Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process,” the Firefox team wrote in their security advisory.

From there, the vulnerability “allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” said the official Common Vulnerabilities and Exposures site.

SEE: Attackers built a fake Bitwarden password manager site to deliver malware targeting Windows (TechRepublic)

The exploit is being tracked by Google as CVE-2023-5217. Clément Lecigne, a security researcher at Google’s Threat Analysis Group, found the flaw on September 25, leading to a patch on September 27.

“A commercial surveillance vendor” was actively using the exploit, researcher Maddie Stone of Google’s Threat Analysis Group noted on X.

There is not a lot more information available about the zero-day exploit at this time. “Google is aware that an exploit for CVE-2023-5217 exists in the wild,” the company wrote in the…

Source…

Russian Propaganda on Ukraine Appears in Minecraft and Other Video Games


Russian propaganda is spreading into the world’s video games.

In Minecraft, the immersive game owned by Microsoft, Russian players re-enacted the battle for Soledar, a city in Ukraine that Russian forces captured in January, posting a video of the game on their country’s most popular social media network, VKontakte.

A channel on the Russian version of World of Tanks, a multiplayer warfare game, commemorated the 78th anniversary of the defeat of Nazi Germany in May with a recreation of the Soviet Union’s parade of tanks in Moscow in 1945. On Roblox, the popular gaming platform, a user created an array of Interior Ministry forces in June to celebrate the national holiday, Russia Day.

These games and adjacent discussion sites like Discord and Steam are becoming online platforms for Russian agitprop, circulating to new, mostly younger audiences a torrent of propaganda that the Kremlin has used to try to justify the war in Ukraine.

In this virtual world, players have adopted the letter Z, a symbol of the Russian troops who invaded last year; embraced legally specious Russian territorial claims in Crimea and other places; and echoed President Vladimir V. Putin’s efforts to denigrate Ukrainians as Nazis and blame the West for the conflict.

“Glory to Russia,” declared a video tutorial on how to construct a flagpole with a Russian flag on Minecraft. It showed a Russian flag over a cityscape labeled Luhansk, one of the Ukrainian provinces that Russia has illegally annexed.

“The gaming world is really a platform that can impact public opinion, to reach an audience, especially young populations,” said Tanya Bekker, a researcher at ActiveFence, a cybersecurity company that identified several examples of Russian propaganda on Minecraft for The New York Times.

Microsoft’s president, Brad Smith, disclosed in April that the company’s security teams had identified recent Russian efforts “basically to penetrate some of these gaming communities,” citing examples in Minecraft and in Discord discussion groups. He said Microsoft had advised governments, which he did not name, about them, but he played down their significance.

“In truth, it’s not the No. 1 thing we should worry…

Source…