Accountability, Firmware and Manufacturing

Five Ways to Secure Your Home Office Webcam

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware

Firmware Manufacturing Passwords Software

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Use a Strong and Unique Password: Discourage employees from reusing passwords that are linked to other accounts.

Wireless

Wireless Firmware Firewall Manufacturing

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

Supply chains have vulnerabilities at touchpoints with manufacturers, suppliers, and other service providers.”. Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client. Traceability and accountability.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

Although it may seem impossible to enumerate more than a million devices with just a six-digit ID, Marrapese notes that each ID begins with a unique alphabetic prefix that identifies which manufacturer produced the device, and there are dozens of companies that white-label the iLnkP2P software.

IoT

IoT Firewall Manufacturing Computers and Electronics

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

Triada strikes back

SecureList

APRIL 25, 2025

With time, the vulnerabilities were patched, and restrictions were added to the firmware. Attackers are leveraging this by embedding malicious software into Android device firmware. Attackers are now embedding a sophisticated multi-stage loader directly into device firmware. oat ) located in the same directory.

Cryptocurrency

Cryptocurrency Malware Firmware Accountability

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data.

Firmware

Firmware Accountability Advertising Manufacturing

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

On February 10, 2020, the Taiwanese manufacturer DrayTek issued a security bulletin to address the vulnerability with the release of the firmware program 1.5.1. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. .” firmware or later. Vigor300B < v1.5.1

Firmware

Firmware VPN Accountability Advertising

Device manufacturers need to rethink how to lock down IoT

SC Magazine

MAY 27, 2021

Today’s columnist, Matt Wyckhouse of Finite State, says to lock down IoT devices, manufacturers have to build security in from the start. A recent Microsoft Security Signals survey found that just 29% of companies have any budget allocated to protect firmware at all. How device manufacturers can stem the tide.

Manufacturing

Manufacturing IoT Firmware Software

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The critical systems are widely used by oil and gas organizations worldwide.

Firmware

Firmware Passwords Authentication Manufacturing

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

The researchers analyzed the firmware and set up a 2G base station in order to intercept and analyze the devices’ communications. Itel it2160 – The device was spotted transferring some info to the domain asv.transsion.com (Country, Model, Firmware version, Language. And the manufacturer if you find any incomprehensible activity.

Mobile

Mobile Malware Firmware Manufacturing

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Our selection was based on: Device location (to cover the entire globe) Device manufacturer Protocols used to access the printers. Taking this percentage into account, we can presume that out of 800,000 internet-connected printers across the world, at least 447,000 are unsecured. Update your printer firmware to the latest version.

Hacking

Hacking IoT Firmware Internet

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Security experts from security firm SEC Consult have identified over 100 companies that buy and re-brand video surveillance equipment (surveillance cameras, digital video recorders (DVRs), and network video recorders (NVRs)) manufactured by the Chinese firm Hangzhou Xiongmai Technology Co., Xiongmai hereinafter) that are open to hack.

Surveillance

Surveillance Hacking Firmware Manufacturing

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. ” reads the advisory published by Contec. ” continues the researchers.

Wireless

Wireless Firmware Passwords Engineering

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Manufacturing Passwords Internet

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

FEBRUARY 11, 2019

Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. “Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0

Antivirus

Antivirus Advertising Firmware VPN

Privacy Roundup: Week 1 of Year 2025

Security Boulevard

JANUARY 4, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). EOL devices should be replaced as soon as possible, as they are no longer supported by the manufacturer. Malware campaigns covered generally target/affect the end user.

Data breaches

Data breaches Firmware Healthcare Malware

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Security Affairs

NOVEMBER 1, 2018

The affected chips are also used in access points and other networking devices manufactured by Cisco and Aruba Networks. “The chips are embedded in, among other devices, certain access points that deliver Wi-Fi to enterprise networks manufactured by Cisco, Meraki and Aruba. .” ” reads the post published by Armis.

Firmware

Firmware Manufacturing IoT Advertising

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. hard drive, storage device, the cloud). Consider installing and using a VPN.

Ransomware

Ransomware Encryption Passwords Malware

Use cases of secure IoT deployment

Thales Cloud Protection & Licensing

MAY 31, 2021

In our previous blog post , we discussed the challenges for securing IoT deployments, and how businesses and consumers benefit from authenticating and validating IoT software and firmware updates. Requirements also included that the firmware was to be signed by the manufacturer and verified by the pacemaker.

IoT

IoT Computers and Electronics Manufacturing Firmware

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems. The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

Hacking

Hacking Internet Internet Manufacturing

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. MSI is urging users to obtain firmware/BIOS updates only from its official website fearing that threat actors could circulate malware-laced versions of the company’s BIOS.

Ransomware

Ransomware Firmware Hacking Manufacturing

An educational robot security research

SecureList

FEBRUARY 27, 2024

Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” Possible attack vectors Parents app The robot needs to be linked to a parent’s account before it can be used. The ADB service is disabled.

Education

Education Manufacturing Internet Internet

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

This analysis from Dirk Schrader, Vice President of Security Research, and Michael Paye, Vice President of Research and Development, is based on Netwrix’s global experience across a wide range of verticals, including technology, finance, manufacturing, government and healthcare. Understaffing will increase the role of channel partners.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Risk

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Upgrade to the latest firmware version. .” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

QSnatch malware already infected thousands of QNAP NAS devices

Security Affairs

NOVEMBER 4, 2019

A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP. “The original infection method remains unknown, but during that phase malicious code is injected to the firmware of the target system, and the code is then run as part of normal operations within the device.

Malware

Malware Firmware Advertising Ransomware

CISA and FBI issue alert about Zeppelin ransomware

Malwarebytes

AUGUST 16, 2022

While anyone can fall victim to these threat actors, the FBI noted that this malware has been used to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.

Ransomware

Ransomware Backups Passwords Authentication

Ransomware’s Number 1 Target? Your Kid’s School

SecureWorld News

DECEMBER 18, 2020

Here are some recommendations for best network practices: "Patch operating systems, software, and firmware as soon as manufacturers release updates. Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts. Audit logs to ensure new accounts are legitimate.

Ransomware

Ransomware Education Backups Malware

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Pen Test Partners

SEPTEMBER 9, 2024

Manufacturers: Ring doorbell security SimpliSafe smart home security Swann smart home security Yale smart home security Ring doorbell security: What do you need to know? Enabling MFA in the Ring app is recommended for enhanced account protection. Back To Manufacturers▲ SimpliSafe smart home security: What do you need to know?

Firmware

Firmware Encryption Passwords Authentication

Security vulnerabilities in major car brands revealed

Malwarebytes

JANUARY 9, 2023

Sounding horns, disabling start up, reporting a vehicle as stolen, even accessing built in cameras are all possible for rogue entities should they manage to break into a manufacturer’s network. million vehicles (start engine, disable starter, unlock, read device location, flash and update firmware).

Manufacturing

Manufacturing Data collection Social Engineering Engineering

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada.

Ransomware

Ransomware Encryption Firmware Backups

How Secure Are Bitcoin Wallets, Really?

Security Affairs

OCTOBER 8, 2018

There’s also the detailed account of Mark Frauenfelder, who owned a Trezor wallet and couldn’t access it for several traumatizing months after misplacing the PIN that served as recovery words for the software. Often, they involve unusual methods that exploit vulnerabilities the manufacturer never fathomed.

Hacking

Hacking Cryptocurrency Advertising Manufacturing

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

The threats that are notable for the Asian region are represented by a significant number of attacks aimed at manufacturing of chips, microprocessors and system control boards of different IT vendors, whose principal manufacturing operations are located in Asia. million dumps, which cost as much as $567.8 About the author Group-IB.

Cybercrime

Cybercrime Hacking Banking Phishing

Cynerio raises $30 million to protect medical IoT

SC Magazine

MAY 24, 2021

According to the company, every device is both tracked in real time and users are provided information on the make, model and manufacturer, operating system, firmware, serial number and MAC address, and even outline known vulnerabilities that affect it.

IoT

IoT Healthcare Manufacturing Firmware

SiteLock’s Top Five Cybersecurity Predictions For 2020

SiteLock

AUGUST 27, 2021

Data breaches stole numerous headlines this year, including the notable Capital One breach that exposed more than 100 million customers’ accounts. This allows the attacker unauthorized access to numerous accounts or servers, putting the end-user’s information at risk. In comparison to last year, research.

Cybersecurity

Cybersecurity Phishing Data breaches IoT

Ransomware and Cyber Extortion in Q4 2024

Digital Shadows

JANUARY 14, 2025

To gain access to internal networks, Akira targeted local accounts with disabled multifactor authentication (MFA) and SonicOS firmware versions vulnerable to exploitation, often exposed to the internet for virtual private network (VPN) access. In addition, aligning PowerShell policies with user roles further minimizes abuse.

Ransomware

Ransomware Social Engineering Phishing VPN

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Boulevard

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The critical systems are widely used by oil and gas organizations worldwide.

Firmware

Firmware Passwords Authentication Manufacturing

Five Ways to Secure Your Home Office Webcam

Android devices shipped with backdoored firmware as part of the BADBOX network

Webinars

Trending Sources

5 Ways to Ensure Home Router Security with a Remote Workforce

Webinars

IoT Unravelled Part 3: Security

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

P2P Weakness Exposes Millions of IoT Devices

Botnet operators target multiple zero-day flaws in LILIN DVRs

Triada strikes back

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Hackers target zero-day flaws in enterprise Draytek network devices

Device manufacturers need to rethink how to lock down IoT

Ranzy Locker ransomware hit tens of US companies in 2021

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

FBI warns of ransomware threat to food and agriculture

Over 600k GPS trackers left exposed online with a default password of ‘123456’

FBI warns of ransomware attacks targeting the food and agriculture sector

Avoslocker ransomware gang targets US critical infrastructure

A mysterious code prevents QNAP NAS devices to be updated

Privacy Roundup: Week 1 of Year 2025

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

FBI published a flash alert on Mamba Ransomware attacks

Use cases of secure IoT deployment

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

MSI confirms security breach after Money Message ransomware attack

An educational robot security research

Five Cybersecurity Trends that Will Affect Organizations in 2023

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

QSnatch malware already infected thousands of QNAP NAS devices

CISA and FBI issue alert about Zeppelin ransomware

Ransomware’s Number 1 Target? Your Kid’s School

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Security vulnerabilities in major car brands revealed

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

How Secure Are Bitcoin Wallets, Really?

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Cynerio raises $30 million to protect medical IoT

SiteLock’s Top Five Cybersecurity Predictions For 2020

Ransomware and Cyber Extortion in Q4 2024

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Stay Connected