Cyber Security has become a requirement

Not only to protect commerce financially, but also legally...

you are a target

everyone is a victim

demand is growing

it can not be met

figures show

astonishing trends

Right now businesses are being pressured more and more to invest in additional security services in the attempt to keep up with evolving dangers. The consequences of not being prepared are/will be catastrophic for companies and their customers. In the process of deciding how to establish and operate a business, many business owners of varying power and influence hardly take into consideration the guaranteed attack on their information technology investments. If leadership does not lead by example, department managers will be uneasy about delegating to subordinates the required implementation of common sense computing safeguards.

this is JUST THE BEGINNING

the world and almost all technology is connected

With so many people on the planet having access to technology. With so many governments and markets being co-dependent on each other; the negative consequences of computer systems having control over civilization is endangering not only personal identities or payment transactions, but also national infrastructure safety and environmental integrity.

A Human Rights concern

cyber criminals and spies preying on the innocent

Illegal actions against individuals and companies are not only carried out by criminal cells, but also state-sponsored agencies and their non-governmental contracted propagators. Legitimate business operations are being affected by such revelations; this means profits will continue to be hampered if economic activity isn't left alone by the misuse of information technology systems.

Recent Posts

August 10

Android Phones w/ More Pre-Installed Flaws

The vulnerabilities are just the latest blow to Android, which suffers from the perception that it's a less secure mobile platform than Apple's iOS. Google has worked to repair its image, but these kinds of revelations don't help. Read More...

August 9

Pacemaker Hack Puts Malware on Device

The latest variation on the terrifying theme of compromised medical technology depends not on manipulating radio commands, as many previous attacks have, but on malware installed directly on an implanted pacemaker. Read More...

August 8

Hackers Target PGA Servers for Ransome

Shadowy bandits have hijacked the PGA of America's computer servers, locking officials out of crucial files related to this week's PGA Championship at Bellerive Country Club and the upcoming Ryder Cup in France. Read More...

August 7

2m People's Healthcare Data in Mexico Exposed

MongoDB database was left open online which contained data  such as medical person's full name, gender, date of birth, insurance information, disability status, and home address. Read More...

August 6

Top iPhone Supplier TSMC Hit by Ransomware

A top iPhone supplier has recovered from a WannaCry ransomware infection that impacted the majority of its fabrication tools. The incident could delay mobile phone shipments during the Fall and reduce revenue. Read More...

Spotlight

The Case of a Hacked Baby Monitor


Some time ago, a case about a hacked baby monitor made the news in the U.S. A mother claimed someone had taken control over the device and surveilled her baby. SEC Consult investigated the issue at a technical level.

Like most consumer grade surveillance products this device has a "P2P cloud" feature that is enabled by default. The device connects to a cloud server infrastructure and keeps this connection up. All supported smartphone and desktop apps can connect to the device via the cloud. From a usability perspective this makes it easier for users to interact with the product, since the user does not have to be in the same network (e.g. the same Wi-Fi network) to be able to connect to the device. Additionally, no firewall rules, port forwarding rules or DDNS setup are required on the router. However, this approach has several security implications.

By: Stefan Viehböck and Thomas Weber —

SEC Consult Vulnerability Lab