SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Distribution of router vulnerabilities by priority, 2021 ( download ). Router-targeting malware.

DDOS 133

DDOS Passwords IoT Firmware 133

Security Affairs

AUGUST 17, 2021

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. The flaw could be easily exploited by a remote attacker to take over an IoT device, the only info needed for the attack is the Kalay unique identifier (UID) of the targeted user. .

IoT 123

IoT Hacking Social Engineering Firmware 123

Security Affairs

DECEMBER 8, 2021

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

Firmware 144

Firmware DDOS Malware IoT 144

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector. ” states SAM experts.

IoT 132

IoT Firmware Internet Internet 132

eSecurity Planet

AUGUST 10, 2021

In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactured by at least 17 vendors. The responsibility here must lie with the end users.”

IoT 144

IoT DDOS Internet Internet 144

Thales Cloud Protection & Licensing

JULY 15, 2021

Key Developments in IoT Security. Thu, 07/15/2021 - 10:09. Remember the early days of the emergence of Internet of Things (IoT) devices? Vulnerabilities have been discovered in many of these IoT devices. Ellen has extensive experience in cybersecurity, and specifically, the understanding of IoT risk.

IoT 100

IoT Data privacy Technology Risk 100

Malwarebytes

AUGUST 9, 2021

On August 3, 2021 a vulnerability that was discovered by Tenable was made public. The vulnerability is listed as CVE-2021-20090. Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02

Firmware 136

Firmware DDOS Internet Internet 136

Security Boulevard

FEBRUARY 28, 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. The sudo vulnerability aka CVE-2001-3156 , seemed to go under the radar after it was announced and patches were released on 26th January 2021. Serious Linux Vulnerability.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Critical Success Factors to Widespread Deployment of IoT. Tue, 02/16/2021 - 16:33. Digital technology and connected IoT devices have proliferated across industries and into our daily lives. Finally, IoT devices are being used extensively in smart vehicles and home appliances to provide enhanced user experiences.

IoT 96

IoT Manufacturing Energy and Utilities Data collection 96

Security Affairs

SEPTEMBER 22, 2021

A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. SecurityAffairs – hacking, IoT).

Hacking 130

Hacking Firmware IoT Internet 130

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 142

Firmware Authentication Hacking Software 142

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware 128

Firmware Wireless Passwords Internet 128

Malwarebytes

AUGUST 24, 2021

Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed Denial of Service (DDoS) attacks. Realtek chipsets are found in many embedded IoT devices. At least 65 vendors are affected. Exactly what Mirai wants. Vulnerabilities.

Firmware 107

Firmware IoT Internet Internet 107

SecureWorld News

JUNE 14, 2022

I love the possibilities that Internet of Things (IoT) products bring to our lives. But I'm also very concerned about the associated security and privacy risks that IoT products inherently bring to those using them when controls do not exist or are not used to mitigate the risks. Consider just a few recent statistics.

IoT 91

IoT Healthcare Risk Internet 91

Security Boulevard

MAY 30, 2022

Why Healthcare IoT Requires Strong Machine Identity Management. The healthcare industry has been leveraging IoT devices for years, steadily increasing its use in facilities and patient care. By 2027, the IoT in Healthcare market is expected to reach $290 billion , up from just $60 billion in 2019. brooke.crothers.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

Thales Cloud Protection & Licensing

MAY 31, 2021

Use cases of secure IoT deployment. Tue, 06/01/2021 - 06:55. In our previous blog post , we discussed the challenges for securing IoT deployments, and how businesses and consumers benefit from authenticating and validating IoT software and firmware updates. Use case 1: Fortune 500 Healthcare Company.

IoT 71

IoT Computers and Electronics Manufacturing Firmware 71

Thales Cloud Protection & Licensing

MARCH 10, 2021

What’s driving the security of IoT? Thu, 03/11/2021 - 07:39. First off, connected vehicles and IoT devices are highly attractive targets to hackers. Unlike servers and devices running in enterprise networks, IoT devices are typically shipped direct to consumers, without any control over the network or environment they run in.

IoT 77

IoT Firmware Manufacturing Encryption 77

Security Boulevard

APRIL 16, 2022

The post BSides Budapest 2021: Daniel Nussko’s ‘Large-scale Security Analysis of IoT Firmware’ appeared first on Security Boulevard. Our thanks to BSides Budapest IT Security Conference for publishing their superb security videos on the organization’s’ YouTube channel.

Firmware 40

Firmware IoT Education InfoSec 40

CyberSecurity Insiders

AUGUST 13, 2021

Tenable researchers claim hackers are exploiting a security flaw termed authentication-bypass vulnerability that is impact routers and internet of things (IoT) devices. What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan.

Firmware 136

Firmware Malware DDOS Manufacturing 136

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT 125

IoT DDOS Malware Firmware 125

Security Boulevard

MARCH 18, 2021

The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet. . This means that currently there are three IoT devices for every one human on the planet. The Technical Challenge of IoT Security.

Internet 137

Internet Internet IoT Software 137

Security Affairs

SEPTEMBER 2, 2021

. “we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers.

Firmware 123

Firmware Manufacturing IoT Technology 123

Security Affairs

SEPTEMBER 16, 2024

On June 8, 2021, the TWCERT reported the vulnerabilities in D-Link DIR-X5460 to the company. DIR-X4860 A1 firmware version 1.00, 1.04 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04. COVR-X1870 firmware version v1.02 CVE-2024-45695 (9.8

Wireless 129

Wireless Firmware Manufacturing Hacking 129

Security Affairs

MARCH 9, 2022

Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated. SecurityAffairs – hacking, IoT). Pierluigi Paganini.

Firmware 100

Firmware IoT Authentication Backups 100

Malwarebytes

APRIL 13, 2021

Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions like DNS queries for their devices. For those interested in the full technical details the full report is available here and will be presented at Black Hat Asia 2021.

IoT 84

IoT DNS Internet Internet 84

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Hacking 123

Hacking Firmware Internet Internet 123

CyberSecurity Insiders

JUNE 29, 2021

A recent study made by Nozomi Networks, a security company that offers solutions for IoT products has discovered that millions of connected cameras are on the verge of being hijacked by cyber crooks through a vulnerability. It is also urging its customers to update their products with the latest SDK version that was released in March 2021.

Firmware 85

Firmware IoT Surveillance Manufacturing 85

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The experts performed reverse engineering of the firmware to fully unrestricted SSH access. – Source Nozomi.

Surveillance 102

Surveillance Hacking Firmware Manufacturing 102

eSecurity Planet

NOVEMBER 4, 2021

CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. It’s called hardware pen-testing , and it usually targets IoT devices such as desktop computers, tablets, smartphones, fax machines, printers, and many other electronics.

Software 119

Software Firmware Computers and Electronics Risk 119

Security Affairs

JUNE 3, 2021

Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications. Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications.

Wireless 125

Wireless IoT Encryption Firmware 125

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS 98

DDOS Firmware Surveillance IoT 98

Malwarebytes

DECEMBER 16, 2021

In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution vulnerability. CVE-2021-43905 Microsoft Office app Remote Code Execution vulnerability. CVE-2021-43890 Windows AppX Installer Spoofing vulnerability.

Wireless 107

Wireless Passwords Firmware Authentication 107

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 307

Scams DDOS Cryptocurrency Accountability 307

Security Affairs

NOVEMBER 24, 2022

The Boa web server is widely used across a variety of devices, including IoT devices, and is often used to access settings and management consoles as well as sign-in screens. The experts pointed out that Boa has been discontinued since 2005. ”reads the report published by Recorded Future. ” reads the report published by Microsoft.

IoT 98

IoT Firmware Software Risk 98

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. And what then are the tools and knowledge that you need to get started hacking IoT devices. Funny thing.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. And what then are the tools and knowledge that you need to get started hacking IoT devices. Funny thing.

IoT 52

IoT Hacking Internet Internet 52

Security Affairs

APRIL 2, 2021

The vulnerabilities affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446 that reached end of life (EOL). January 26, 2021 – Sent a notification to QNAP about end of the grace period (which is planned to end on February 12). January 26, 2021 – Reply from QNAP Helpdesk: the problem is confirmed but still in progress.

Firmware 112

Firmware Internet Internet Authentication 112