DISC InfoSec blog

Matt Kunze, an ethical hacker, reported wiretapping bugs in Google Home Smart Speakers, for which he received a bug bounty worth $107,500. Google Assistant is currently more popular among smart homeowners than Amazon Alexa and Apple Siri, given its superior intuitiveness and capability to conduct lengthy conversations. However, according to the latest research, a vulnerability […]

An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six. When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the US company Anomaly […]

Almost every part of our everyday lives is closely connected to the internet – we depend on it for communication, entertainment, information, running our households, even running our cars. Not everyone in the world has access to the same features and content on the internet, though, with some governments imposing restrictions on what you can […]

The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have […]

Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists. A Google blog has revealed how the sophisticated software was used to attack iPhone users. The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge. The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by […]

Your internet service provider snoops on your browsing habits, records them and sells you—the product—to the highest bidder. So says the Federal Trade Commission (FTC) in a new report. Are you surprised? Did you really think your ISP has your best interests at heart? This is the same company that overcharges you for a slow, unreliable service. […]

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test. What’s interesting is how this cheating was discovered. It’s not that someone noticed the communication devices. It’s that the proctors noticed that cheating test takers were acting hinky. Cheating on Tests: How To Do It, Detect It, and Prevent It

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak.  The NSO Group has always maintained that the purpose of the Pegasus Project […]

This isn’t the first time we’ve heard of a SNAFU like this, where virtual wires got crossed inside a video surveillance company’s own back end, causing customers not only to lose track of their own video cameras but also to gain access to someone else’s. In one case, three years ago, a user of a […]

LONDON — Western countries risk losing control of technologies that are key to internet security and economic prosperity to nations like China and Russia if they don’t act to deal with the threat, one of the UK’s top spy chiefs warned Friday. “Significant technology leadership is moving east” and causing a conflict of interests and […]

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and […]

he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. The declaration, according to the FCC, is in accordance […]

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack. The four agencies were part of the task force Cyber Unified Coordination Group (UCG) […]

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter. Three of the people familiar with the investigation said Russia is currently believed to be behind the attack. Two of the […]

TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found. The tactic, which experts in mobile-phone security said was concealed through an unusual added […]

Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores Rite Aid facial recognition rollout faces trouble Cyber Espionage Download a Security Risk Assessment Steps paper! Subscribe to DISC […]