eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. While Teslas aren’t the typical business IoT device, their connection to the internet makes them a cyber threat as much as your business’s other IoT technology.

Hacking 126

Hacking IoT Firmware Cybersecurity 126

Heimadal Security

APRIL 27, 2023

A TP-Link Archer A21 (AX1800) consumer-grade WiFi router vulnerability has been used by Mirai botnet to launch DDoS attacks against IoT devices. The flaw in the TP-Link Archer AX21 firmware was discovered back in December 2022, and the company released a patch in March.

Firmware 105

Firmware DDOS IoT Cybersecurity 105

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 113

Software Education Ransomware Firmware 113

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. However, as IoT innovation and adoption grows, so do the associated security risks. However, as IoT innovation and adoption grows, so do the associated security risks.

IoT 75

IoT Malware Education Government 75

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” reads the advisory published by the security firm.

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

APRIL 15, 2024

Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. Access to 112 Emergency Service. YouTube Video 1 , YouTube Video 2 ).

Malware 143

Malware Firmware IoT Hacking 143

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS 98

DDOS Firmware VPN Firewall 98

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 98

Firmware VPN Wireless Passwords 98

eSecurity Planet

SEPTEMBER 22, 2023

These one, three, and five year subscriptions provide enhanced support for the hardware, firmware maintenance, security updates, and optional participation in early-release firmware updates. Subscribe The post Barracuda SecureEdge SASE Review 2023 appeared first on eSecurity Planet. You can unsubscribe at any time.

Firewall 98

Firewall Marketing Firmware Technology 98

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.

Scams 303

Scams DDOS Cryptocurrency Accountability 303

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. Chalubo (ChaCha-Lua-bot) is a Linux malware that was first spotted in late August 2018 by Sophos Labs while targeting IoT devices. The attack only impacted a single ASN.

Malware 124

Malware Internet Internet Firmware 124

eSecurity Planet

JANUARY 16, 2024

The vulnerability can be tracked as CVE-2023-29357. January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. The report didn’t become publicly available until January 11.

Firewall 110

Firewall Firmware IoT Authentication 110

Security Affairs

MARCH 3, 2023

In some cases, the attacker can also overwrite protected data in the TPM firmware. ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. .” ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. This may lead to a crash or arbitrary code execution within the TPM.”

Firmware 98

Firmware IoT Authentication Hacking 98

Security Boulevard

SEPTEMBER 20, 2024

1 - CISA: Critical infrastructure orgs susceptible to common attacks After assessing the security of 143 critical infrastructure organizations in 2023, the U.S. To get more details, read the 24-page “ CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments ” report and complementary charts. and abroad has been dismantled.

Cybersecurity 97

Cybersecurity IoT Hacking Risk 97

eSecurity Planet

APRIL 28, 2023

Third-party vendor systems include Operating Systems (OS), firmware (software installed on hardware), and applications. but also applies to firmware that controls equipment such as hard drives, network routers, and security cameras. The most common patch requirements will be for endpoint operating systems (macOS, Windows, etc.)

Penetration Testing 110

Penetration Testing IoT Firmware Software 110

Webroot

OCTOBER 31, 2024

Source: Coveware We’ve seen a drop-off from the highs last year – fueled by Cl0p ransomware group making over $100 Million in a few months in late 2023. Akira: The Healthcare Menace The Akira ransomware group was first observed in March 2023 and immediately became one of the most formidable threats in the threat landscape.

Malware 108

Malware Ransomware Passwords Healthcare 108

eSecurity Planet

MARCH 30, 2023

FortiNAC also delivers network segmentation and automated responses specifically for IoT security. Additionally, FortiNAC can enforce company policies on device patching and firmware version. Hospitals famously deploy legacy IoT devices such as heart monitors, oxygen sensors, and other special-purpose devices that require protection.

IoT 98

IoT Firewall Wireless Mobile 98

Security Boulevard

AUGUST 14, 2024

To backtrack a little , it's important to understand that a lot of threat actors target routers - which can include modems and gateways - alongside internet-of-things (IoT devices). Security vulnerabilities in router firmware is too large of a topic to cover in just a section of this post.

Firmware 64

Firmware Manufacturing Malware Passwords 64

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122

eSecurity Planet

JULY 8, 2024

These vulnerabilities affected diverse areas, including network infrastructure, software libraries, IoT devices, and even CPUs. Traeger addressed unauthorized controls on IoT grills before July 4th. To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date.

Risk 63

Risk Authentication Firmware Surveillance 63

eSecurity Planet

MARCH 9, 2023

Best Vulnerability Scanner Tools 12 Top Vulnerability Management Tools for 2023 10 Best Open-Source Vulnerability Scanners for 2023 Penetration Testing vs. Vulnerability Testing: An Important Difference The post Best Small and Medium-sized Business (SMB) Vulnerability Scanning Tools appeared first on eSecurityPlanet.

Software 129

Software Small Business Engineering Penetration Testing 129

eSecurity Planet

MAY 12, 2023

Approval Date: 5/12/2023 Description: Initial Policy Drafted [This section can also be made into a Policy Version History with a table of previous versions and approvals.] Employees responsible for execution may need to formally acknowledge receipt.] Policy Version Version 1.0 Appendix I.

Penetration Testing 110

Penetration Testing Risk Firmware Software 110

Pen Test

OCTOBER 12, 2023

It's suitable for resource-constrained RF devices, making it a popular choice for low-power IoT applications. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Hard-Coded Passwords: Some RF devices may have passwords hard-coded into their firmware, which is a significant security risk.

Encryption 52

Encryption Firmware Surveillance Technology 52

eSecurity Planet

JUNE 10, 2024

The fix: Zyxel issued firmware patches 5.21(AAZF.17)C0 The problem: The Muhstik botnet exploited a severe RCE issue in Apache RocketMQ ( CVE-2023-33246 ) to attack Linux systems and IoT devices for DDoS and cryptomining. 17)C0 for NAS326 and 5.21(ABAG.14)C0 Users should apply these updates right away to protect their devices.

Malware 81

Malware Authentication Software Telecommunications 81

The Last Watchdog

NOVEMBER 10, 2024

Related: The Top 12 IoT protocols Deployment of 5G and AI-enhanced IoT systems is accelerating. This, in turn, is driving up the number of IoT-connected devices in our homes, cities, transportation systems and critical infrastructure. Likewise, security must be embedded in each IoT device from the start.”

IoT 130

IoT Technology Computers and Electronics Energy and Utilities 130

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. In both cases, we described new UEFI firmware bootkits that managed to propagate malicious components from the deepest layers of the machine up to Windows’ user-land.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

Security Affairs

MARCH 9, 2025

The experts warn that a hidden feature poses a security risk for millions of IoT devices. “Tarlogic Securityhas detected a hidden functionality that can be used as a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present inmillions of mass-market IoT devices.”

Manufacturing 126

Manufacturing IoT Firmware Mobile 126

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Update libraries and instances to versions patched after February 8, 2024.

IoT 118

IoT Internet Internet Ransomware 118

Security Affairs

DECEMBER 21, 2024

In October 2023, cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. Products containing the malicious backdoor have been found on public school networks throughout the United States.

Firmware 141

Firmware Malware Internet Internet 141