Internet cameras have hard-coded password that can’t be changed

Enlarge (credit: F-Secure)

Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network. That's according to a 12-page report released Wednesday by security firm F-Secure.

Researchers at F-Secure documented 18 vulnerabilities that the manufacturer has yet to fix despite being alerted to them several months ago. All of the flaws were confirmed in a camera marketed under the Opticam i5 HD brand. A smaller number of the vulnerabilities were also found in the Foscam C2. The report said the weaknesses are likely to exist in many other camera models Foscam manufactures and sells under other brand names.

F-Secure researchers wrote:

Read 5 remaining paragraphs | Comments

Majority of organizations expect cyberattack this year

A majority of organizations think they will experience a cyber security attack this year, and many are not prepared, according to a new report from ISACA, a global association that helps individuals and enterprises optimize their use of technology.

ISACA’s State of Cyber Security report, based on a survey of more than 600 security executives worldwide, shows that four out of five organizations think they will be attacked this year. Only 46 percent of those organizations have confidence in their cyber defense teams.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” said Christos Dimitriadis, ISACA board chair and group head of information security at INTRALOT. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Among the other key findings of the research is that cyber security budgets are still expanding, but more slowly. Half of the respondents (50 percent) anticipate budget growth over the next year, which is down from 61 percent last year.

Enterprises continue to have difficulty finding qualified personnel. Only 30 percent receive 10 applicants or more for an open position, of which less than half are qualified. At the same time, the threat environment is increasingly hostile, with 53 percent of respondents reporting an increase in attacks in 2016.

The Internet of Things (IoT) is replacing mobile technology as a major area of concern. IoT concerns show no sign of slackening, the report said. And ransomware is expanding, but the processes to address it are not. About two thirds of organizations (62 percent) experienced ransomware attacks in 2016, but only 53 percent have a formal process in place to address it.

 

This article was written by Bob Violino from Information Management and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to [email protected].

The post Majority of organizations expect cyberattack this year appeared first on McAfee Blogs.

CASL Private Right of Action Delayed (Indefinitely)

The Government of Canada has repealed the coming into force of the private right of action for violations of Canada’s Anti-Spam Legislation (CASL). The Government has listened to concerns raised by businesses, charities and the not-for-profit sector about the implementation of CASL, which would have permitted individuals to sue for violations of the law.

The Government has also acknowledged that “businesses, charities and non-profit groups should not have to bear the burden of unnecessary red tape and costs to comply with the legislation” and has asked a Parliamentary Committee to review the legislation.

Read the Press Release here.

Cisco Releases Security Updates

Original release date: June 07, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.