Security news aggregator

Latest coverage for Video

Video is a format for reporting and explaining cyberattacks, vulnerabilities, security research, and defensive practices.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Video is digitally encoded moving images, often accompanied by audio, subtitles, metadata, or live-streaming data. In security contexts, the tag commonly covers video files and delivery systems, including conferencing, surveillance, media platforms, cameras, encoders, storage, and playback software.

Security concerns include unauthorized viewing or disclosure of recordings, interception of inadequately protected streams, and tampering that changes the evidentiary or operational value of footage. Video systems should apply access controls, encryption in transit and at rest, secure authentication, retention limits, and audit logs. Internet-connected cameras, encoders, and players also require timely vulnerability management because compromise can expose footage or provide access to connected networks. Privacy obligations may apply when recordings identify people or capture sensitive locations; incident response should therefore address access revocation, preservation of relevant footage and logs, and notification requirements where applicable.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view
Krebs on Security 1 year, 10 months ago

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.

Krebs on Security 2 years, 4 months ago

Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Krebs on Security 2 years, 9 months ago

Don’t Let Zombie Zoom Links Drag You Down

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can't predict what the producers will do with the video interviews we shot, it's fair to say the series will explore tantalizing new clues as to who may have been responsible for the attack.

Krebs on Security 3 years, 6 months ago

Hacked Ring Cams Used to Record Swatting Victims

Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then "swatting" them -- falsely reporting a violent incident at the target's address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets' homes, and to taunt authorities when they arrived.

Krebs on Security 3 years, 9 months ago

SIM Swapper Abducted, Beaten, Held for $200k Ransom

A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen's captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities.

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump's invitation to "be wild" in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence.

Krebs on Security 4 years, 2 months ago

Senators Urge FTC to Probe ID.me Over Selfie Data

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.

Krebs on Security 4 years, 4 months ago

IRS: Selfies Now Optional, Biometric Data to Be Deleted

The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs the agency's identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.