Authentication, Firmware and Wireless - Cyber Security Informer

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Security Affairs

JUNE 3, 2021

Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications.

Wireless

Wireless IoT Encryption Firmware

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

Wireless security is the protection of wireless networks, devices and data from unwanted access and breaches. It involves a variety of strategies and practices designed to preserve the confidentiality, integrity and availability of wireless networks and their resources. What is Wireless Security?

Wireless

Wireless Encryption Authentication IoT

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Planet Technology has released firmware version 1.305b241111 to address these issues. ” concludes the report.

Firmware

Firmware IoT Wireless Surveillance

Friends Don't Let Friends Use Dodgy WiFi: Introducing Ubiquiti's Dream Machine and FlexHD

Troy Hunt

MARCH 12, 2020

I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. There was a firmware update pending too so I took that and that was the end of the story. I went overboard and I don't regret it one bit!

Wireless

Wireless Firmware Accountability Mobile

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. The goal of the amendment – called a “delegated act” – is to ensure that all wireless devices are safe before they are sold in the EU. It’s never one and done,” Broomhead said.

Wireless

Wireless IoT Manufacturing Mobile

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear is warning users of a critical remote code execution flaw that could allow an unauthenticated attacker to take control of its wireless routers. “NETGEAR has released fixes for a unauthenticated remote code execution security vulnerability on the following product models: R7800, running firmware versions prior to 1.0.2.68.

Firmware

Firmware Wireless Advertising Authentication

NETGEAR fixes a severe bug in its routers. Patch it asap!

Security Affairs

DECEMBER 30, 2022

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models.

Firmware

Firmware Wireless Authentication Hacking

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

The expert explained that the attackers can set up a rogue WiFi access point and exploit wireless connection feature of the Canon EOS 80D DSLR cameras, another scenario sees attacker compromising the device through the PC it connects to. Owners of Canon EOS 80D DSLR can address the issues by installing the firmware version 1.0.3.

Ransomware

Ransomware Firmware Wireless Encryption

Cisco addresses critical issues in IP Phones and UCS Director

Security Affairs

APRIL 17, 2020

The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device: IP Phone 7811, 7821, 7841, and 7861 Desktop Phones IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones Unified IP Conference Phone 8831 Wireless IP Phone 8821 and 8821-EX.

Big data

Big data Wireless Advertising Firmware

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor.

Firmware

Firmware Passwords Authentication Wireless

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

The WiFi Protected Access 3 ( WPA3) protocol was launched in June 2018 to address all known security issues affecting the previous standards and mitigate wireless attacks such as the KRACK attacks and DEAUTH attacks.

Passwords

Passwords Hacking Wireless Authentication

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Security Affairs

AUGUST 1, 2023

Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access. Keep the printer’s firmware and software up to date and disable unnecessary services or protocols on the printer that are not required for its intended function.

Wireless

Wireless Passwords Firmware Authentication

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

MARCH 3, 2023

WPA2 is a security protocol that secures wireless networks using the advanced encryption standard (AES). WEP and WPA are both under 4%, while WPA2 commands a 73% share of known wireless encryption connections. If this option is not available, you may need to upgrade the router firmware.

Wireless

Wireless Encryption Passwords IoT

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. Affected devices implement wireless capabilities and cover a wide spectrum of use cases: from residential gateways, travel routers, Wi-Fi repeaters, IP cameras to smart lightning gateways or even connected toys.”

IoT

IoT Firmware Internet Internet

After Log4j, December’s Patch Tuesday has snuck up on us

Malwarebytes

DECEMBER 16, 2021

No form of authentication is required for exploitation. CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution vulnerability. You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter.

Wireless

Wireless Passwords Firmware Authentication

ITHC (IT Health Check) and PSN compliance: an overview and considerations

IT Security Guru

JUNE 22, 2021

The configuration of your wireless network. Check that your OS, applications and firmware are updated with appropriate patches. Authentication and access control, these include: Ensuring all passwords are changed from defaults. Don’t forget to factor in employees personal devices. External systems. With CoCo: 2.

Passwords

Passwords Authentication Wireless Government

Android vulnerabilities could allow arbitrary code execution

Malwarebytes

OCTOBER 6, 2022

Qualcomm is a US-based chip maker that specializes in semiconductors, software, and services related to wireless technology. Looking at the three vulnerabilities listed above it seems that someone has taken a good look at the initial connection and authentication routines inn the Qualcomm WLAN firmware.

Wireless

Wireless Mobile Encryption Firmware

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. The first time the feeder is used, the user must set up the wireless network that the feeder will use from this app. The package is a compressed archive protected by a password.

Firmware

Firmware Passwords Manufacturing Mobile

ICS-CERT warns of critical flaws in NetComm industrial routers

Security Affairs

AUGUST 13, 2018

Security researcher has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless. Sood has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless that can be exploited remotely to take control of affected devices.

Wireless

Wireless Firmware Manufacturing Advertising

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: “An attacker can make an authenticated HTTP request to trigger this vulnerability.” ” states Talos. on January 19, 2023.

Wireless

Wireless Firmware Authentication Passwords

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

SEPTEMBER 9, 2024

Companies should improve security by deploying endpoint detection and response (EDR), limiting remote access, and utilizing multi-factor authentication. The problem: D-Link’s DAP-2310 Wireless Access Point vulnerability known as “BouncyPufferfish” allows for unauthenticated remote code execution.

Firmware

Firmware Backups Firewall Risk

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 CVE-2015-2051. CVE-2016-1555.

Malware

Malware IoT Firmware Authentication

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”

Security Boulevard

MARCH 14, 2024

Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed while searching for the FortiNAC firmware. The first target I landed on was the Fortinet Wireless LAN Manager (WLM).

Wireless

Wireless Firmware Authentication

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Additionally, be cautious when adding new friends; verify their authenticity through known offline connections. Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. Opt for strong, hard-to-crack passwords.

Firmware

Firmware IoT Accountability Passwords

Tens of flaws in Samsung SmartThings Hub expose smart home to attack

Security Affairs

JULY 29, 2018

“Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” Samsung SmartThings Hub runs a Linux-based firmware and allows for communications with various IoT devices using various wireless standards Zigbee, Z-Wave, and Bluetooth. ” states the report.

Firmware

Firmware IoT Advertising Wireless

Remotely Accessing Secure Kali Pi

Kali Linux

NOVEMBER 27, 2022

Overview While wired networking in the initramfs does not require a lot of extras, wireless has a few more moving parts. Overview While wired networking in the initramfs does not require a lot of extras, wireless has a few more moving parts. Interface Name First, we need to know what our wireless interface is called.

Firmware

Firmware Wireless Passwords VPN

Cybersecurity and its impact on the home

CyberSecurity Insiders

NOVEMBER 23, 2021

Firstly, always keep software up to date – firmware included. Use higher level security protocols, like WAP2, on wireless networks. Authentication is key – you need to be assured that only the right people are using your networks. The principles that will make the home secure are the same that are used in business.

Cybersecurity

Cybersecurity IoT Wireless Risk

FortiNAC: Network Access Control (NAC) Product Review

eSecurity Planet

MARCH 30, 2023

FortiNAC functions well as a basic NAC for wired and wireless connections with employee and guest users on traditional workstations, laptops, servers, and mobile devices. Additionally, FortiNAC can enforce company policies on device patching and firmware version. FortiNAC is integrated with FortiGate and other Fortinet products.

IoT

IoT Firewall Wireless Mobile

Car owners warned of another theft-enabling relay attack

Malwarebytes

MAY 17, 2022

2020 saw people rewriting key-fob firmware via Bluetooth. Bluetooth is a short-range wireless technology which uses radio frequencies and allows you to share data. ” The authentication challenge is beamed out into the void. In 2016, we had a brakes and doors issue. The second person is standing by the house with a device.

Wireless

Wireless Firmware Authentication Hacking

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

Update and patch operating systems, software, and firmware as soon as updates and patches are released. Audit user accounts with administrative privileges and configure access controls with least privilege in mind, and use multifactor authentication. CVE-2015-1635 : An RCE vulnerability in specific versions of Windows (e.g.,

Ransomware

Ransomware Encryption Backups Accountability

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

SEPTEMBER 9, 2024

Industrial networks include wired and wireless technologies such as Ethernet, Modbus, and Profibus. Patch management: Keeping software and firmware up to date to close security gaps. Firmware manipulation is particularly dangerous because it often remains undetected until significant damage occurs.

Firmware

Firmware Encryption Manufacturing Risk

Vulnerability Recap 8/12/24 – Old Vulnerabilities Unexpectedly Emerge

eSecurity Planet

AUGUST 13, 2024

If exploited, the vulnerability would allow a threat actor to execute their own code within the processor’s firmware using System Management Mode (SMM). The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default),” FreeBSD said in its notice.

Firmware

Firmware Software Wireless Security Defenses

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Malwarebytes

AUGUST 25, 2023

is related to incorrect authentication of the bulb, which means the device can be impersonated, allowing for Tapo password theft and device manipulation. Strong passwords, multi-factor authentication, even turning off products that won't be in use for a significant period of time. One vulnerability, with a CVSS score of 7.6

Passwords

Passwords Risk IoT Firmware

Why Healthcare IoT Requires Strong Machine Identity Management

Security Boulevard

MAY 30, 2022

IoT Business News has also published a list of four types of medical devices that are susceptible to hacking which include: wireless infusion pumps, implanted devices, smartpens, and vital sign monitors. They serve to identify and authenticate the various connected devices to the organization’s network.

Healthcare

Healthcare IoT Manufacturing Risk

Vulnerability Recap 8/13/24 – Old Vulnerabilities Unexpectedly Emerge

eSecurity Planet

AUGUST 13, 2024

If exploited, the vulnerability would allow a threat actor to execute their own code within the processor’s firmware using System Management Mode (SMM). The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default),” FreeBSD said in its notice.

Firmware

Firmware Software Wireless Security Defenses

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

The key requirements for any IoT security solution are: Device and data security, including authentication of devices and confidentiality and integrity of data. Strong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Meeting compliance requirements.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

AUGUST 10, 2021

A path traversal vulnerability enables attackers to bypass authentication to the web interface, which could be used to access other devices on a home or corporate network. Common in all the affected devices is firmware from Arcadyan, a communications device maker.

IoT

IoT DDOS Internet Internet

Network Protection: How to Secure a Network

eSecurity Planet

MARCH 22, 2023

Although beyond the scope of the network, effective network security relies upon the effective authentication of the user elsewhere in the security stack. Two-Factor Authentication (2FA) : In today’s ransomware-riddled environment, two-factor authentication should also be considered a minimum requirement for all forms of remote access.

Firewall

Firewall Network Security Penetration Testing Encryption

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Unauthenticated vulnerability scans should be conducted to view the systems from the perspective of an external hacker and authenticated vulnerability scans should be conducted to view systems from the perspective of a hacker with stolen credentials. Appendix I.

Penetration Testing

Penetration Testing Risk Firmware Software

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2). Lastly, the pump runs its own custom Real Time Operating System (RTOS) and firmware on a M32C microcontroller. Braun on January 11, 2021. Braun’s website.

Computers and Electronics

Computers and Electronics Authentication Software Risk

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

Trending Sources

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Friends Don't Let Friends Use Dodgy WiFi: Introducing Ubiquiti's Dream Machine and FlexHD

EU to Force IoT, Wireless Device Makers to Improve Security

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

NETGEAR fixes a severe bug in its routers. Patch it asap!

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Expert found multiple critical issues in MoFi routers

Infecting Canon EOS DSLR camera with ransomware over the air

Cisco addresses critical issues in IP Phones and UCS Director

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

How to Configure a Router to Use WPA2 in 7 Easy Steps

Realtek SDK flaws exploited to deliver Mirai bot variant

After Log4j, December’s Patch Tuesday has snuck up on us

ITHC (IT Health Check) and PSN compliance: an overview and considerations

Android vulnerabilities could allow arbitrary code execution

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

ICS-CERT warns of critical flaws in NetComm industrial routers

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

Tens of flaws in Samsung SmartThings Hub expose smart home to attack

Remotely Accessing Secure Kali Pi

Cybersecurity and its impact on the home

FortiNAC: Network Access Control (NAC) Product Review

Car owners warned of another theft-enabling relay attack

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

What Is Industrial Control System (ICS) Cyber Security?

Vulnerability Recap 8/12/24 – Old Vulnerabilities Unexpectedly Emerge

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Why Healthcare IoT Requires Strong Machine Identity Management

Vulnerability Recap 8/13/24 – Old Vulnerabilities Unexpectedly Emerge

Machine Identities are Essential for Securing Smart Manufacturing

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

Network Protection: How to Secure a Network

Vulnerability Management Policy Template

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Top SD-WAN Solutions for Enterprise Security

Stay Connected