On Wednesday, Tel Aviv-based security firm Check Point released new research describing hundreds of hacking attempts that targeted consumer-grade security cameras around the Middle East-with many apparently timed to Iran's recent missile and drone strikes on targets that included Israel, Qatar, and Cyprus. Those camera-hijacking efforts, some of which Check Point has attributed to a hacker group that's been previously linked to Iranian intelligence, suggest that Iran's military has tried to use civilian surveillance cameras as a means to spot targets, plan strikes, or assess damage from its attacks.
Earlier this month, Joseph Thacker's neighbor mentioned to him that she'd preordered a couple of stuffed dinosaur toys for her children. She'd chosen the toys, called Bondus, because they offered an AI chat feature that lets children talk to the toy like a kind of machine-learning-enabled imaginary friend. But she knew Thacker, a security researcher, had done work on AI risks for kids, and she was curious about his thoughts.
A closer look at the Android app and Bluetooth traffic showed that locking, unlocking, and basic status checks all occur locally over Bluetooth, with the cloud mostly along for the ride. Before accepting commands, the scooter runs a simple authentication check: it sends a short challenge, the app replies with a cryptographic response, and access is granted. It's designed to stop random passers-by from hopping on and riding off. In theory, at least.
Canonical, Ubuntu Linux's parent company, is the most visible Linux and open-source business in Vegas. While neither Canonical nor anyone else is showing off a new Linux desktop, the company, in partnership with Nvidia, is demonstrating Ubuntu Linux running on the NVIDIA DGX Spark. This is a desktop supercomputer featuring an Nvidia GB10 Grace Blackwell superchip with 128 GB of RAM and 4 TB of storage for $3,999. Now, this is my kind of desktop PC.
Most of us have some internet of things (IoT) devices at home, whether it's a phone, a tablet, or a collection of security cameras and sensors. When you learn that 120,000 home security cameras were hacked in South Korea for sexploitation footage, it makes you think twice about adding such devices to your home, which is your most sacred space for privacy.
That's the conclusion we'd like to believe any sane person would likely draw, reading this week's absurd report from South Korea, where four people were arrested after allegedly hacking an astounding 120,000 separate commercial home video cameras stationed in houses and businesses. As if that level of breach isn't inherently icky enough, several of the suspects then reportedly used the hacked material to make and then sell sexually explicit exploitation videos of strangers to foreign-based web networks that illegally distribute hacked, pornographic camera footage.
Securing IoT devices must be a top priority from start to finish these days. Whereas the issue used to be seen mainly as an add-on, it is now a fundamental part of product development and partner policy. According to Fabian de Clippelaar, Engineer at Axis Communications, this shift did not come out of the blue. "The growing computing power of devices offers opportunities for innovation. But if that power is not applied or secured in the right way, it can also cause serious problems."
Researchers at Sekoia.io have found that cybercriminals are exploiting Milesight cellular routers on a large scale to spread phishing messages via SMS. This is known as smishing. These devices are typically used in industrial environments, for example, to connect traffic lights, energy meters, and other IoT systems via 3G, 4G, or 5G. The routers are equipped with SIM cards and can be controlled via SMS, Python scripts, and web interfaces.
The latest record-breaking attack peaked at 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), and lasted only 40 seconds. The company said this hyper-volumetric DDoS attack, which was double in size compared to the previous record, was autonomously blocked by its systems. Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs.
Pudu Robotics is a Chinese robot manufacturer with over 100,000 units in over 1,000 cities doing everything from serving meals with the cat-like BellaBot, to using its mechanical-armed FlashBot to operate human-designed systems like elevators, as you can see below. According to analysts Frost and Sullivan, last year it captured 23 percent of the market for such kit, but a hacker has found that the backend software systems controlling them are vulnerable to abuse.
