serisec

Category: Amazon

  • $10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon

    $10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon’s servers. Read more in my…

  • $10K+ Bounty Offered to Hacker Who Can Disconnect Ring Video Doorbells from Amazon Cloud

    $10K+ Bounty Offered to Hacker Who Can Disconnect Ring Video Doorbells from Amazon Cloud A newly launched bug bounty program is offering nearly $18,000 to anyone who can successfully disconnect Ring Video Doorbells from Amazon’s cloud servers while keeping the devices fully functional. This initiative aims to address ongoing privacy concerns about Ring’s data-handling practices…

  • Ring Cancels Its Partnership with Flock

    Ring Cancels Its Partnership with Flock It’s a demonstration of how toxic the surveillance-tech company Flock has become when Amazon’s Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell. Bruce Schneier Go to bruce schneier

  • Smashing Security podcast #448: The Kindle that got pwned

    Smashing Security podcast #448: The Kindle that got pwned Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an attacker break into your account and seize control of your credit card. Plus a…

  • Is Your Android TV Streaming Box Part of a Botnet?

    Is Your Android TV Streaming Box Part of a Botnet? On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around…

  • Cloudflare Scrubs Aisuru Botnet from Top Domains List

    Cloudflare Scrubs Aisuru Botnet from Top Domains List For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says…

  • Smashing Security podcast #431: How to mine millions without paying the bill

    Smashing Security podcast #431: How to mine millions without paying the bill In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can…

  • Proxy Services Feast on Ukraine’s IP Address Exodus

    Proxy Services Feast on Ukraine’s IP Address Exodus Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of…

  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

    U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how…

  • Whistleblower: DOGE Siphoned NLRB Case Data

    Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the…

  • The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists

    The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark…

  • The AI Fix #31: Replay: AI doesn’t exist

    The AI Fix #31: Replay: AI doesn’t exist Mark and I took a break for the new year, but we’ll be back for a new episode of “The AI Fix” podcast at the usual time next week. In the meantime, here is another chance to hear one of our favourite episodes again. The very first…

  • “CP3O” pleads guilty to multi-million dollar cryptomining scheme

    “CP3O” pleads guilty to multi-million dollar cryptomining scheme A man faces up to 20 years in prison after pleading guilty to charges related to an illegal cryptomining operation that stole millions of dollars worth of cloud computing resources. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley