Authentication, Encryption and Firmware

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

Strong authentication: Each device, no matter how small, should have strong, unique authentication measures to prevent unauthorized access. Firmware integrity checks: Regularly check that each device's firmware is up to date and verified—especially when outdated firmware is one of the most common entry points for attackers.

IoT

IoT Firmware Encryption Authentication

New Bluetooth Vulnerability

Schneier on Security

SEPTEMBER 17, 2020

When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.

Authentication

Authentication Social Engineering Firmware Engineering

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Cigent Technology Extends Firmware to Secure SSDs

Security Boulevard

APRIL 27, 2021

Cigent Technology today launched Cigent Data Defense, an offering that combines existing multifactor authentication and encryption capabilities to secure sensitive data residing on solid-state drives (SSDs). The post Cigent Technology Extends Firmware to Secure SSDs appeared first on Security Boulevard.

Firmware

Firmware Technology Encryption Authentication

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Encryption

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

NOVEMBER 6, 2018

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Encryption

Encryption Firmware Passwords Advertising

FujiFilm printer credentials encryption issue fixed

Pen Test Partners

OCTOBER 31, 2023

With the default configuration of these printers, it’s possible to retrieve these credentials in an encrypted format without authenticating to the printer. A vulnerability in the encryption process of these credentials means that you can decrypt them with responses from the web interface. Medium) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Encryption

Encryption Passwords Firmware Engineering

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

Attackers employ a double extortion strategy, encrypting victim data and threatening to publicly release it if the ransom is unpaid. Enforce multi-factor authentication (MFA) : To add an extra layer of security against unauthorized access, MFA should be required for all services, especially webmail and virtual private networks (VPNs).

Ransomware

Ransomware Backups Firmware Insurance

Malware targeting SonicWall devices could survive firmware updates

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware

Firmware Malware Encryption Authentication

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption

Encryption Passwords Authentication Password Management

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Cybersecurity

Cybersecurity Digital transformation Computers and Electronics Encryption

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0. .

Firmware

Firmware Technology Advertising Authentication

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. An attacker without encryption keys cannot withdraw money. Wincor is currently owned by ATM manufacturer giant Diebold Nixdorf. score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese , iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions.

IoT

IoT Firewall Manufacturing Computers and Electronics

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable.

Firmware

Firmware Encryption Passwords Authentication

Researchers extract master encryption key from Siemens PLCs

CSO Magazine

OCTOBER 11, 2022

Security researchers have found a way to extract a global encryption key that was hardcoded in the CPUs of several Siemens programmable logic controller (PLC) product lines, allowing them to compromise their secure communications and authentication.

Encryption

Encryption Firmware Engineering Authentication

QR code SQL injection and other vulnerabilities in a popular biometric terminal

SecureList

JUNE 11, 2024

Second, terminals can be connected to other scanners, such as electronic pass readers, or support other authentication methods using built-in hardware. External appearance of the device The device has several physical interfaces, supporting four authentication methods: biometric (facial recognition), password, electronic pass, and QR code.

Firmware

Firmware Authentication Passwords Risk

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

The malware stole data and encrypted files to block remediation attempts. “The malware that exploited the vulnerability discovered by Guan was designed to steal information from infected computers and to encrypt files on them if a victim attempted to remediate the infection. ” reads the press release published by DoJ.

Firewall

Firewall Hacking Malware Passwords

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

OCTOBER 16, 2019

Machine identities are divvied out as digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites. These certificates leverage something called the public key infrastructure ( PKI ), a framework for encrypting data and authenticating the machines talking to each other.

Digital transformation

Digital transformation Firmware Authentication IoT

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. ” reads the analysis published by the experts.

Firmware

Firmware Accountability Advertising Manufacturing

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication

Authentication Risk Mobile Computers and Electronics

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). Pierluigi Paganini.

Ransomware

Ransomware Firmware Wireless Encryption

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS. .”

Malware

Malware Firmware Advertising Manufacturing

Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’

eSecurity Planet

APRIL 14, 2023

But depending on what code and data the hackers got access to, the worst-case scenario is that cyber criminals could create malicious firmware — and signed certificates to vouch for its authenticity. As one Slashdot commenter put it , “Everyone should assume that firmware on WD drives cannot be trusted at this point.”

Cyber Attacks

Cyber Attacks Firmware Marketing Authentication

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

A pivotal moment came when the FBI obtained over 7,000 decryption keys, allowing victims to unlock their encrypted data for free. Despite these setbacks, LockBit attempted to maintain its operations, quickly adapting by changing encryption methods and shifting its leak site strategy.

Malware

Malware Ransomware Passwords Healthcare

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. So, the question of unauthorized backdoors being present on any of its devices gets eliminated.

Mobile

Mobile Firmware Passwords Manufacturing

Securing the IoT at Scale: How PKI Can Help

Security Boulevard

MAY 27, 2022

Manufacturers need a scalable solution to address concerns like authentication, data encryption, and the integrity of firmware on connected devices. Security in IoT devices has lagged behind their production. The post Securing the IoT at Scale: How PKI Can Help appeared first on Keyfactor.

IoT

IoT Firmware Manufacturing Encryption

Firmware Fuzzing 101

ForAllSecure

DECEMBER 16, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware

Firmware Engineering Architecture Authentication

Firmware Fuzzing 101

ForAllSecure

DECEMBER 15, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware

Firmware Engineering Architecture Authentication

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Security Affairs

JUNE 3, 2021

.” The vulnerabilities impact all embedded and IoT devices that use the Realtek RTL8710C module, they could be exploited only by attackers on the same Wi-Fi network or know the network’s pre-shared key (PSK) used to authenticate wireless clients on local area networks. ” continues the report. Pierluigi Paganini.

Wireless

Wireless IoT Encryption Firmware

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

Enable Multi-Factor Authentication (MFA) Even if your password is compromised, MFA adds an extra layer of security by requiring a second verification form, such as a code sent to your phone or generated by an authentication app. Use encrypted messaging apps like Signal or WhatsApp for private communications.

Identity Theft

Identity Theft Data breaches Passwords Encryption

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Security Affairs

FEBRUARY 5, 2020

More recent firmware versions had Telnet access and debug port (9527/ tcp ) disabled by default, but they had open port 9530/ tcp that could be exploited by attackers to send a special command to start telnet daemon and enable shell access with a static password ([ 1 ], [ 2 ], [ 3 ]). This is a subject of actual disclosure.”

Firmware

Firmware Encryption Advertising Passwords

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names.

Internet

Internet Internet Firmware Advertising

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” “As the communications are not encrypted, it is simple to Man-in-the-Middle the traffic and analyse the API.” ” reads the analysis published by MWR InfoSecurity.

IoT

IoT Hacking DNS Authentication

How to Secure DNS

eSecurity Planet

JULY 25, 2022

DNS Encryption: DoH vs. DoT. To combat DNS attacks, major companies such as Google have pushed forward DNS encryption over TLS (DoT) or HTTPS (DoH). Fortunately, encryption can harden access to DNS messages. DNS encryption over TLS has been introduced to embed messages in secure channels. Protecting DNS with DNSCrypt.

DNS

DNS Encryption Penetration Testing Architecture

Security Affairs newsletter Round 268

Security Affairs

JUNE 14, 2020

Firmware

Firmware Advertising Ransomware Hacking

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

The WPA Wireless security standard was designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and to establish secure connections that hackers cannot spy on. The Enterprise mode implements 192-bit encryption for networks that require extra security.

Passwords

Passwords Hacking Wireless Authentication

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication

Authentication Risk Mobile Computers and Electronics

Using iPhones and AirTags to sneak data out of air-gapped networks

Malwarebytes

MAY 13, 2021

To demonstrate their point, they released an ESP32 firmware that turns the micro-controller into an (upload only) modem. The security solely lies in the encryption of those location reports: The location can only be decrypted with the correct private key, which is on the owner’s device. How AirTags are involved.

Internet

Internet Internet Firmware Mobile

PYSA Ransomware Attacks Targeting Healthcare, Education and Government Institutions, FBI Warns

Hot for Security

MARCH 17, 2021

PYSA, also known as Mespinoza, is capable of exfiltrating and encrypting critical files and data, with the criminals specifically targeting higher education, K-12 schools and seminaries, the bureau warns. Install updates/patch operating systems, software, and firmware as soon as they are released. and others.

Education

Education Healthcare Government Ransomware

NGINX zero-day vulnerability: Check if you’re affected

Malwarebytes

APRIL 13, 2022

Specifically, the NGINX LDAP reference implementation which uses LDAP to authenticate users of applications being proxied by NGINX. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server. It’s written in Python and communicates with a LDAP authentication server.

Authentication

Authentication IoT Password Management Firmware

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

New Bluetooth Vulnerability

Trending Sources

Ubiquiti: Change Your Password, Enable 2FA

Cigent Technology Extends Firmware to Secure SSDs

IoT Unravelled Part 3: Security

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

FujiFilm printer credentials encryption issue fixed

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

Malware targeting SonicWall devices could survive firmware updates

Types of Encryption, Methods & Use Cases

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

P2P Weakness Exposes Millions of IoT Devices

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Researchers extract master encryption key from Siemens PLCs

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Chinese national charged for hacking thousands of Sophos firewalls

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Enhance your security posture by detecting risks on authenticator devices

Infecting Canon EOS DSLR camera with ransomware over the air

FBI published a flash alert on Mamba Ransomware attacks

USBAnywhere BMC flaws expose Supermicro servers to hack

QSnatch malware infected over 62,000 QNAP NAS Devices

Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’

Nastiest Malware 2024

Samsung offers Mobile Security protection as below

Securing the IoT at Scale: How PKI Can Help

Firmware Fuzzing 101

Firmware Fuzzing 101

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

A daily average of 80,000 printers exposed online via IPP

Hacking the Twinkly IoT Christmas lights

How to Secure DNS

Security Affairs newsletter Round 268

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Enhance your security posture by detecting risks on authenticator devices

Using iPhones and AirTags to sneak data out of air-gapped networks

PYSA Ransomware Attacks Targeting Healthcare, Education and Government Institutions, FBI Warns

NGINX zero-day vulnerability: Check if you’re affected

Stay Connected