Accountability, Firmware and Passwords - Cyber Security Informer

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. In an email sent to customers today, Ubiquiti Inc. Enable 2FA.

Passwords

Passwords Authentication Firmware Accountability

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

Many have argued that this is an unnecessary step, as the same results could be achieved by just sending a security alert to all users, as there's no guarantee that the users found to be using default or easy-to-guess passwords would change their passwords after being notified in private. I am interested in the results of this survey.

IoT

IoT Government Firmware Hacking

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware

Firmware Passwords Internet Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Setting up Google 2FA.

Risk

Risk Passwords Password Management Accountability

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Use a Strong and Unique Password: Discourage employees from reusing passwords that are linked to other accounts.

Wireless

Wireless Firmware Firewall Manufacturing

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. In the last year, there have been several public accounts on the ongoing trend of UEFI threats. What happened?

Firmware

Firmware Malware Encryption Passwords

Five Ways to Secure Your Home Office Webcam

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware

Firmware Manufacturing Passwords Software

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. Patch1 in Dec. patch 0).

Firewall

Firewall VPN Firmware Passwords

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. Pierluigi Paganini.

Passwords

Passwords Software Firmware Malware

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

.” The vendor addressed these vulnerabilities with the release of firmware version 5.39 The company urges users to update admin and user account passwords for enhanced protection. Since then, admin passwords have not been changed. for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series.

Firewall

Firewall Ransomware VPN Firmware

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

[NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Then they found a backdoor that an intruder had left behind in the system.

Accountability

Accountability IoT Passwords Firmware

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

Security Affairs

FEBRUARY 18, 2025

The vulnerabilities are: CVE-2024-12511: SMB / FTP pass-back vulnerability CVE-2024-12510: LDAP pass-back vulnerability The vulnerabilities impact Xerox Versalink MFPs and Firmware Version: 57.69.91 This attack requires access to the MFP printer admin account and an already configured LDAP service. and earlier.

Firmware

Firmware Authentication Accountability Passwords

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. IoT firmware should be self-healing.

IoT

IoT Firmware Risk Manufacturing

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.

Firmware

Firmware Passwords Accountability VPN

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

Threat actors gained unauthorized access to network devices, created accounts, and modified configurations. ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14 They added new local accounts to VPN groups or directly to SSL VPN portals. ” concludes the report.

Firewall

Firewall VPN Accountability Firmware

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low.

IoT

IoT Firewall Manufacturing Computers and Electronics

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.

Firmware

Firmware Passwords Authentication Hacking

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

If you have doubts, check it out–go directly to your account or to the source, which you should always independently verify, if the communication refers to anything service or finance related. You go online and you can’t access your cloud account, or you can’t find data stored on a device or in a specific service.

Passwords

Passwords Phishing Password Management Accountability

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. Specifically, it was fetching account icons and defaulted to opening password reset pages over HTTP.

Surveillance

Surveillance Telecommunications Malware Data breaches

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” It has a CVSSv3 base score of 8.6 , since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.”

Firmware

Firmware Surveillance IoT Passwords

Millions of Arris routers are vulnerable to path traversal attacks

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. Unfortunately the Arris firmware is based on the vulnerable version of muhttpd. The SSID and plaintext password of the 2G and 5G Wi-Fi networks broadcast by the device. muhttpd web server. The muhttpd server 1.1.5 released June 1, 2022).

Firmware

Firmware Internet Internet Passwords

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

In late 2016, the world witnessed the sheer disruptive power of Mirai , a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings. no password). Hangzhou Xiongmai Technology Co., BLANK TO BANK.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

“It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. There are possibilities of data plagiarism, falsification, system destruction, and malicious program execution if this vulnerability was exploited by malicious attackers who can access to this private webpage (with passwords information).”

Wireless

Wireless Firmware Passwords Engineering

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Whether you’re looking for a smartphone, a laptop, a gaming device or something else, or even just signing up for an account online, you want to make sure your kids are protected. Keep your online accounts secure. Show them these tips: Never use the same password twice. This is where a password manager comes in.

Internet

Internet Internet Passwords Password Management

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. “We chose the simplest approach, reading /etc/shadow and using hashcat cracking the root account password (which turned out to be root:root). ” reads an advisory published by Claroty.

Firmware

Firmware Passwords Authentication Manufacturing

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

The malware targets QNAP NAS devices exposed online that use weak passwords. “According to analysis, QNAP NAS can become infected when they are connected to the Internet with weak user passwords.” “According to analysis, QNAP NAS can become infected when they are connected to the Internet with weak user passwords.”

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Regularly back up data, air gap, and password-protect backup copies offline. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Antivirus Passwords Malware

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services.

Ransomware

Ransomware Firmware Antivirus Accountability

SonicWall warns that SonicOS bug exploited in attacks

Security Affairs

SEPTEMBER 6, 2024

. * However SonicWall recommends youinstall the latest firmware. “SonicWall strongly advises that customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts immediately update their passwords to enhance security and prevent unauthorized access. ” concludes the advisory.

Firewall

Firewall Passwords Internet Internet

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Taking this percentage into account, we can presume that out of 800,000 internet-connected printers across the world, at least 447,000 are unsecured. Update your printer firmware to the latest version. Change the default password. Most printers have default administrator usernames and passwords. The results.

Hacking

Hacking IoT Firmware Internet

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the alert, when one of the DiskCryptor files are detected, in order to attempt to recover the files without paying the ransom, it is possible to determine if the myConf.txt is still accessible and then recover the password. Install updates/patch operating systems, software, and firmware as soon as they are released. •

Ransomware

Ransomware Encryption Passwords Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Unfortunately, the cloud ID is not sufficiently random and complex to make guessing correct cloud IDs hard because the analysis of the Xiongmai firmware revealed it is derived from the device’s MAC address. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance

Surveillance Hacking Firmware Manufacturing

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

Use Strong, Unique Passwords Weak passwords are easy for hackers to guess or crack, especially if they’re common or reused across multiple sites. When creating passwords, use at least 12 characters, combining uppercase and lowercase letters, numbers, and special symbols.

Identity Theft

Identity Theft Data breaches Passwords Encryption

ITHC (IT Health Check) and PSN compliance: an overview and considerations

IT Security Guru

JUNE 22, 2021

Check that your OS, applications and firmware are updated with appropriate patches. Passwords – your first line of defence. PSN Code of Connection (CoCo) compliance requires you to demonstrate that you have systems in place to secure password protected entry points. Stopping password/account sharing. With CoCo: 2.

Passwords

Passwords Authentication Wireless Government

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Periodically, at least once a quarter, review the security settings of your social media accounts and the apps linked to them. Even harmless details, such as pet names or birthplaces, can be used by hackers to reset passwords. Be vigilant about duplicate accounts of people you know. Opt for strong, hard-to-crack passwords.

Firmware

Firmware IoT Accountability Passwords

Ubiquiti: Change Your Password, Enable 2FA

Japanese Government Will Hack Citizens' IoT Devices

Webinars

Trending Sources

Another 0-Day Looms for Many Western Digital Users

Webinars

10 Behaviors That Will Reduce Your Risk Online

5 Ways to Ensure Home Router Security with a Remote Workforce

MoonBounce: the dark side of UEFI firmware

Five Ways to Secure Your Home Office Webcam

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Expert found a secret backdoor in Zyxel firewall and VPN

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Zyxel firewalls targeted in recent ransomware attacks

Whistleblower: Ubiquiti Breach “Catastrophic”

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

IoT Unravelled Part 3: Security

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

P2P Weakness Exposes Millions of IoT Devices

Over 600k GPS trackers left exposed online with a default password of ‘123456’

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Botnet operators target multiple zero-day flaws in LILIN DVRs

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Privacy Roundup: Week 12 of Year 2025

Guardzilla Security Video System Footage exposed online

Millions of Arris routers are vulnerable to path traversal attacks

Naming & Shaming Web Polluters: Xiongmai

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Dovecat crypto-miner is targeting QNAP NAS devices

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

BlackCat Ransomware gang breached over 60 orgs worldwide

Ranzy Locker ransomware hit tens of US companies in 2021

SonicWall warns that SonicOS bug exploited in attacks

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

FBI warns of ransomware attacks targeting the food and agriculture sector

FBI published a flash alert on Mamba Ransomware attacks

Avoslocker ransomware gang targets US critical infrastructure

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

ITHC (IT Health Check) and PSN compliance: an overview and considerations

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

Stay Connected