Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. The only way to recover infected devices is to manually reinstall the device’s firmware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT 111

IoT Malware Advertising Firmware 111

Security Affairs

APRIL 26, 2019

Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. The iLnkP2P system allows users to remotely connect to their IoT devices using a mobile phone or a PC. Potentially affected IoT devices include cameras and smart doorbells. Pierluigi Paganini.

IoT 110

IoT Hacking Manufacturing Advertising 110

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. ’ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT 107

IoT Hacking DNS Authentication 107

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. IoT market growth. IoT Security Neglected.

Wireless 111

Wireless IoT Manufacturing Mobile 111

Security Affairs

FEBRUARY 18, 2020

Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. Successfully dumped the smartlock’s firmware. And after having successfully dumped the firmware we can proceed at extracting some valuable evidences for the forensics case. Some Practical Use-Cases.

IoT 126

IoT Hacking Firmware Advertising 126

Security Affairs

FEBRUARY 6, 2020

“Check Point’s researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities.” The company released firmware p atches for the device in January. Pierluigi Paganini.

Hacking 141

Hacking IoT Wireless Firmware 141

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT 75

IoT Engineering Passwords Firmware 75

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” “The Guardzilla IoT-enabled home video surveillance system contains a shared Amazon S3 credential used for storing saved video data. . Pierluigi Paganini.

Firmware 109

Firmware Surveillance IoT Passwords 109

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware 145

Firmware Advertising Malware Internet 145

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. To find out how many printers were on the menu for our experiment, we searched for IP addresses with open ports on specialized IoT search engines, such as Shodan and Censys.

Hacking 145

Hacking IoT Firmware Internet 145

Security Affairs

AUGUST 10, 2019

“The bug affecting the open source software was reported in 2009, yet its presence in the phone’s firmware remained unnoticed until now. Avaya addressed the issue with the release of new firmware on June 25. Affected models are 9600 Series, J100 Series or B189 running firmware version 6.8.1 Only the H.323

Firmware 109

Firmware IoT Advertising Software 109

Security Affairs

DECEMBER 17, 2023

that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 released June 21, 2014). “QNAP considers these devices discontinued for support; however, the vendor recommends upgrading VioStor firmware on existing devices to the latest available version.

Firmware 138

Firmware Wireless DDOS IoT 138

Security Affairs

FEBRUARY 15, 2020

.” Experts confirmed that more issues are still under disclosure and that the list of impacted SoC vendors is longer, and the number of IoT products designed on top of vulnerable SoCs still need independent patches from their respective vendors. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT 141

IoT Firmware Advertising Hacking 141

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware 139

Firmware Surveillance Manufacturing Advertising 139

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware 142

Malware Firmware Advertising Manufacturing 142

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. The expert also found hardcoded private keys for the SSH daemon in the device’s firmware.

Firmware 98

Firmware Passwords Advertising IoT 98

Security Affairs

OCTOBER 1, 2018

Shell DNSChanger is written in the Shell programming language and combines 25 Shell scripts that allow the malware to carry out brute-force attacks on routers or firmware packages from 21 different manufacturers. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages.

DNS 106

DNS Malware Firmware Phishing 106

Security Affairs

OCTOBER 10, 2018

Unfortunately, the cloud ID is not sufficiently random and complex to make guessing correct cloud IDs hard because the analysis of the Xiongmai firmware revealed it is derived from the device’s MAC address. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update.

Surveillance 108

Surveillance Hacking Firmware Manufacturing 108

CyberSecurity Insiders

NOVEMBER 11, 2021

Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices. Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

Malware 85

Malware IoT Firmware Authentication 85

Security Affairs

APRIL 19, 2019

“You can find these chips almost everywhere from smartphones to laptops, smart-TVs and IoT devices. Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. In this case, firmware event frames from a remote source will be processed. • Pierluigi Paganini.

Hacking 111

Hacking Firmware Advertising Wireless 111

Krebs on Security

MAY 22, 2023

pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com. A DIRECT QUOT The domain quot[.]pw “On Twitter, more spam and crypto scam.”

Scams 307

Scams DDOS Cryptocurrency Accountability 307

Security Affairs

APRIL 17, 2020

The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device: IP Phone 7811, 7821, 7841, and 7861 Desktop Phones IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones Unified IP Conference Phone 8831 Wireless IP Phone 8821 and 8821-EX.

Big data 138

Big data Wireless Advertising Firmware 138

Security Affairs

JUNE 23, 2020

This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report. . Pierluigi Paganini.

Internet 138

Internet Internet Firmware Advertising 138

Security Affairs

NOVEMBER 1, 2018

Security experts from the IoT security firm Armis, the same that found the BlueBorne Bluetooth flaws, have discovered two serious vulnerabilities in BLE chips designed by Texas Instruments. The flaw can only be exploited if the device using the chip has the over-the-air firmware download (OAD) feature enabled.

Firmware 105

Firmware Manufacturing IoT Advertising 105

Security Affairs

OCTOBER 6, 2018

Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers. Click the Firmware update link for details about how to check the software version. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 111

Advertising IoT Wireless Firmware 111

Security Affairs

FEBRUARY 5, 2020

HiSilicon is the largest domestic designer of integrated circuits in China, its chips are used by millions of IoT devices worldwide, including security cameras, DVRs, and NVRs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .”

Firmware 107

Firmware Encryption Advertising Passwords 107

Security Affairs

MARCH 21, 2020

Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 Once it has infected a device, the Mukashi bot performs brute-force attacks in the attempt to compromise other IoT devices on the network and contacts the C&C server if a login attempt has been successful. The vendor advisory is also available.

DDOS 134

DDOS Authentication Advertising Firmware 134

Security Affairs

JULY 29, 2018

. “Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” The access to those IoT devices could allow attackers to gather sensitive information managed by the devices within the home and perform unauthorized activities. is affected by the flaws. concludes Talos.

Firmware 75

Firmware IoT Advertising Wireless 75

Security Affairs

JUNE 18, 2019

” The RCE flaw affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . build 20180213. Pierluigi Paganini.

Architecture 96

Architecture Advertising Firmware IoT 96

Security Affairs

JULY 25, 2018

EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware. Many products of the vendor currently run the vulnerable firmware, including DVRs, NVRs, and IP cameras. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 69

Firmware Passwords Advertising IoT 69

Security Affairs

FEBRUARY 23, 2019

The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding. No extension added to locked files.

Ransomware 111

Ransomware DNS Firmware Encryption 111

Security Affairs

DECEMBER 25, 2018

“This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. admin/admin). ” continues the analysis.

Passwords 110

Passwords Wireless Advertising Firmware 110

Security Affairs

SEPTEMBER 6, 2019

Attackers could spy on the users, listen conversations made in the environment surrounding the GPS tracker, get and spoof the location of the tracker, send an SMS message to an arbitrary number to obtain the telephone number of the device and use SMS as an attack vector, replace the firmware of the device. Pierluigi Paganini.

Passwords 105

Passwords Manufacturing Advertising Firmware 105

Security Affairs

OCTOBER 7, 2019

According to the Fortinet, the vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 router families. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. and a CVSS v20 base score of 10.0.

Authentication 111

Authentication Advertising Firmware Hacking 111

Security Affairs

DECEMBER 29, 2019

IoT vendor Wyze announced that one of its servers exposed the details of roughly 2.4 IoT vendor Wyze announced that details of roughly 2.4 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. million customers.

IoT 96

IoT Accountability Advertising Wireless 96

Security Affairs

APRIL 16, 2021

Gafgyt (also known as Bashlite) is a prominent malware family for *nix systems, which mainly target vulnerable IoT devices like Huawei routers, Realtek routers and ASUS devices. Gafgyt uses existing vulnerabilities in IoT devices to turn them into bots and later perform DDoS attacks on specifically targeted IP addresses.

Malware 130

Malware DDOS IoT Firmware 130

Security Affairs

OCTOBER 20, 2018

CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware 93

Firmware IoT VPN Authentication 93