Recep

The first-ever smart thermostat ransomware vulnerability was demonstrated in 2016: smart thermostat with an SD card slot for custom settings/wallpapers lacked file-type verification when executing files from the SD card. Attackers could disguise malware as benign files.
www.vice.com/en/article/i...

Hackers Could Turn LG Smart Appliances Into Remote-Controlled Spy Robot Login bypass vulnerability in LG smart home appliance app could allow remote hackers to take control of your IoT devices and spy on your home.

Old but gold :)
Impact:Remote account takeover of LG SmartThinQ appliances (e.g., refrigerators, ovens, vacuums) and spying via compromised devices.
Root: Flawed authentication logic in the SmartThinQ app/API, allowing attackers to bypass login.
thehackernews.com/2017/10/smar...
#IoT #cybersecurity

The blog details a vulnerability in Google Home devices that allows unauthorized access and control through a local network attack.
Amazing work.
downrightnifty.me/blog/2022/12...

#IoT #Cybersecurity

AIoT framework called MSF-Net for WiFi-based human activity recognition. Unlike typical IoT systems, MSF-Net enables local data acquisition and real-time decision-making. The research aims to improve smart home applications.
ieeexplore.ieee.org/stamp/stamp....

Light Ears: Information Leakage via Smart Lights
Attacks exploit smart lights' infrared for data exfiltration and multimedia visualization for media inference, lacking proper access control.
What do we know about IoT cybersecurity?
arxiv.org/pdf/1808.07814

Vienna State Opera is something else.

A few key takeaways:
- Perfect security doesn’t exist – Aim for the best possible protection within practical limits.
- Solve the right problem – Focus on real threats, not hype.
- Don’t overcomplicate
- Use layered defense – No single solution is enough.
- Security should be affordable

I recently read the Venture Security blog: 10 Commandments of Commercial Security.
Adi Shamir—one of the minds behind RSA encryption—shared 10 timeless principles for building secure systems. Nearly 30 years later, they remain just as relevant.

ventureinsecurity.net/p/10-princip...

How Barcelona became an unlikely hub for spyware startups | TechCrunch Barcelona's mix of affordable cost of living and quality of life has helped create a vibrant startup community — and become a hotbed for the creation of surveillance technologies.

A researcher was recruited by Palm Beach Networks, a stealthy spyware firm with ties to NSO and Candiru.
Other companies, like Paradigm Shift and Epsilon, are also in Barcelona, developing zero-day exploits and surveillance tools.

techcrunch.com/2025/01/13/h...

The New Hub for Spyware Startups?
Barcelona has become a major hub for cybercriminals due to its low cost compared to other tech hubs, and after the NSO scandal, Israeli hackers have also shifted their operations to the city, TechCrunch’s Cybersecurity Writer Lorenzo Franceschi-Bicchierai said.

- Stopping Wireless Attacks: Hackers can jam or spy on wireless signals used in aviation. Special techniques, like adding noise to signals, can stop them.
- Training Are Importan
- The Future of Aviation Security: No doubt that AI will also make some changes here.

- Safe Software Is Critical: The authors recommend using tools like SPARK to check software for safety before using it in critical systems.
- Protecting Communication Systems: LDACS offers a secure, modern framework for air traffic communications with features like mutual authentication,encryption.

We need ways to detect and manage them to keep our airspace safe using technologies like radio signals, radar, and smart software.
- Aviation Systems Are at Risk: Hackers can attack systems like GPS, steal data, or shut down communication. Encryption and real-time monitoring, to stop these attacks.

The book highlights threats like UAS misuse, GNSS spoofing, and physical layer attacks (e.g., jamming), which have likely intensified with technological advancements and geopolitical tensions. Here are the main points:
- Drones Can Be Dangerous: spying, attacks, or hacking aviation systems.

As connectivity increases, so do cybersecurity risks. How Is Aviation Cybersecurity Today?
Aircraft and air traffic systems are increasingly reliant on networked technologies (e.g., IoT, LDACS, ADS-B), improving efficiency but exposing them to cyber threats.

Aviation is no longer just about aircraft and pilots—it’s a complex cyber-physical system heavily reliant on digital infrastructure. I recently had a chance to take a look at the book "Aviation Cybersecurity: Foundations, Principles, and Applications".

Right now, “informed consent” doesn’t really explain the consequences—like how heart rate data could track your health but also be used in court or to judge your driving.
Other:
Cyberattacks Are Crazy High: In just the first half of 2021, there were 1.5 BILLION attacks on IoT devices globally.

82% of respondents lack confidence that IoT devices protect user privacy and data. WWF’s State of the Connected World 2023 Edition says transparency is key: tell users what data is collected, who gets it, and what it could mean.

What are some problems?
– Many IoT devices ship with factory-set passwords.
– They often have insecure interfaces, meaning weak authentication in web, API, or mobile interfaces can allow unauthorized access.
– Many vendors fail to provide regular updates.

Are we aware of Internet of Things (IoT) security?
I am playing around with IoT devices and recently found a great resource to build in my VirtualBox, AttifyOS. It is a distro for the penetration testing of IoT devices.

AI POWERED

Ahahahahha, work/life balance is broken crypto guys!!

One of the very important thing when you start to invest something:

Announcing the largest fee cut in Vanguard history Effective February 1, 2025, the company has lowered the expense ratios of 168 share classes across 87 funds.

If you are interested in ETF investing, could be good for you to check it out.

corporate.vanguard.com/content/corp...

GitHub - 4lbH4cker/ALHacking: Albanian Hacking Tool!! Tools to help you with ethical hacking, Social media hack, phone info, Gmail attack, phone number attack, user discovery, Anonymous-sms, Webcam Ha... Albanian Hacking Tool!! Tools to help you with ethical hacking, Social media hack, phone info, Gmail attack, phone number attack, user discovery, Anonymous-sms, Webcam Hack • Powerful DDOS attack ...

Recently tried, great tool to help you with ethical hacking, social engineering, discovery, DDoS and more.

YouTube Video: https:// www.youtube.com/watch?v=zgdq...

github.com/4lbH4cker/AL...

Major cybersecurity breach hits US Treasury, linked to Chinese hackers The breach, which occurred in early December 2024, exploited a vulnerability in BeyondTrust's remote support product. According to a letter the department sent to lawmakers that was...

Another cyber warfare case we got:
Chinese hackers infiltrated the US Treasury Department's system by using a vulnerability in the cloud service of a service provider called "BeyondTrust".

www.techspot.com/news/106153-...

Here is how you invest the future:

AI can process data, but it can’t fully understand context (for now). Humans can make complex social and emotional inferences by making intuitive decisions.
-A psychologist can sense a client’s trauma from nonverbal cues.
-A diplomat can read hidden threats from body language.

AI can analyze data, but it cannot develop new and original ideas (for now). For example, Fleming's discovery of penicillin. He noticed that molds formed in a bacterial culture and killed the bacteria around them. He named the substance produced by this mold penicillin.