Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware 143

Firmware DDOS Malware IoT 143

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS 98

DDOS Hacking Internet Internet 98

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. In early 2022, for instance, a security researcher effectively cut off the whole North Korea from the internet by exploiting unpatched vulnerabilities in critical routers and other network equipment.

DDOS 134

DDOS Passwords IoT Firmware 134

Security Affairs

DECEMBER 17, 2023

In November, Akamai warned of a new Mirai -based DDoS botnet, named InfectedSlurs , actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier.

Firmware 136

Firmware Wireless DDOS IoT 136

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. WHO’S BEHIND SOCKSESCORT?

Malware 238

Malware VPN Internet Internet 238

CyberSecurity Insiders

AUGUST 13, 2021

According to a research carried out by Maryland based Cybersecurity firm Tenable, hackers are targeting millions of home routers to add them to the Mirai botnet radar that is used to launch DDoS Cyber attack campaigns.

Firmware 136

Firmware Malware DDOS Manufacturing 136

Malwarebytes

AUGUST 24, 2021

Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed Denial of Service (DDoS) attacks. The vulnerabilities were found and disclosed by IoT Inspector , a platform for automated security analysis of IoT firmware. Mitigation.

Firmware 109

Firmware IoT Internet Internet 109

Malwarebytes

FEBRUARY 24, 2022

But the NCSC warns that it is likely that Sandworm is capable of compiling the same or very similar malware for other architectures and firmware. Among the latest attacks on Ukraine was a distributed denial of service (DDoS) attack. Internet access to the management interface of any device is a security risk.

Malware 145

Malware Firewall Firmware DDOS 145

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale. I’ll keep watch and keep reporting.

IoT 220

IoT Government Internet Internet 220

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking 145

Hacking IoT Firmware Internet 145

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT 145

IoT Firmware Advertising DNS 145

Security Affairs

MAY 19, 2020

“There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” The botnet borrows the code from Tsunami and Gafgyt botnets, it expanded the list of targeted devices and added new distributed denial of service (DDoS) capabilities.

IoT 141

IoT DDOS Authentication Advertising 141

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 121

Hacking Firmware Internet Internet 121

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 Mirai botnets are frequently used to conduct DDoS attacks.”

Firewall 98

Firewall Firmware VPN DDOS 98

Adam Levin

FEBRUARY 10, 2020

Most likely you didn’t pause before you clicked, and got phished or compromised in some other way–possibly by an internet of things device connected to your home network. Distributed denial of service attacks (DDoS) are a very likely mode of attack. Tip: Back up everything (for more, see below). Your Finances Glitch.

Passwords 245

Passwords Phishing Password Management Accountability 245

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. That echoes similar reports that have shown an increase in DDoS attacks worldwide. Also read: Top 8 DDoS Protection Service Providers for 2022.

IoT 145

IoT DDOS Malware Internet 145

Krebs on Security

OCTOBER 9, 2018

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? In fact, the researchers found it was trivial to set up a system that mimics the XMEye cloud and push malicious firmware updates to any device. Source: xiongmaitech.com.

Computers and Electronics 234

Computers and Electronics IoT Passwords Internet 234

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. com) with links to the bot was among the 48 domains associated with DDoS-for-hire services seized by the FBI in December.

IoT 123

IoT DDOS Malware Firmware 123

eSecurity Planet

AUGUST 10, 2021

In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactured by at least 17 vendors. Tenable First to Disclose Flaw. A Pattern of Exploits.

IoT 144

IoT DDOS Internet Internet 144

SecureList

SEPTEMBER 21, 2023

Dark web services: DDoS attacks, botnets, and zero-day IoT vulnerabilities Of all IoT-related services offered on the dark web, DDoS attacks are worth examining first. See translation I’m the world’s best-known DDoS attacker for hire (getting ahead of myself here). Our advantages: 1. Tested, tried.

IoT 137

IoT DDOS Passwords Malware 137

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control. million devices.

Architecture 145

Architecture DDOS Advertising DNS 145

Security Affairs

FEBRUARY 4, 2019

Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquiti installs exposed online. Ubiquiti is aware of the issue and is currently working on a firmware update that will address it anyway it is trying to downplay it.

DDOS 111

DDOS Advertising Firmware Hacking 111

Security Affairs

MAY 31, 2024

Threat actors aimed at creating a botnet used to launch DDoS attacks. The experts believe with high confidence that the malicious firmware update was a deliberate act intended to cause an outage. “Our analysis revealed that one specific ASN had a drop of roughly 49% in the number of devices exposed to the internet.”

Malware 122

Malware Internet Internet Firmware 122

Security Affairs

FEBRUARY 4, 2019

Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquity installs exposed online. Ubiquity is aware of the issue and is currently working on a firmware update that will address it anyway it is trying to downplay it.

DDOS 106

DDOS Advertising Firmware Internet 106

Security Affairs

AUGUST 4, 2022

“The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. All the affected models have a patched firmware available for download on the vendor’s website.” ” reads the advisory published by Trellix. ” continues the analysis.

Hacking 100

Hacking Internet Internet Passwords 100

SecureList

MARCH 14, 2022

While most of the current attacks are of low complexity – such as DDoS or attacks using commodity and low-quality tools – more sophisticated attacks exist also, and more are expected to come. Make sure that any and all internet-facing systems are up-to-date with all the latest patches installed.

DDOS 120

DDOS Internet Internet Firmware 120

Security Affairs

SEPTEMBER 20, 2020

According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. The botnet supports the following capabilities: DDoS attack Collecting Bot Information Execute the payload of the specified URL Update the sample from the specified URL Execute system or custom commands.

IoT 145

IoT DDOS Architecture Passwords 145

Security Affairs

MARCH 13, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

Data breaches 98

Data breaches Firmware Hacking Ransomware 98

eSecurity Planet

MAY 2, 2024

Vendor reports note huge volume of attacks on local and public infrastructure, such as: CrowdStrike: Monitored hacktivist and nation-state distributed denial of service (DDoS) attacks related to the Israli-Palestinian conflict, including against a US airport. 50,000 DDoS attacks on public domain name service (DNS) resolvers.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . According to Kunz, more than one million devices are potentially at risk, an attacker can trigger the flaws to build a huge botnet that could be used to launch powerful DDoS attacks. ” continues the experts.

IoT 109

IoT Hacking Firmware Advertising 109

Responsible Cyber

APRIL 8, 2020

The Internet of Things (IoT) is undeniably the future of technology. DDoS Attacks. Distributed Denial of Service (DDoS) attacks have overwhelmed some of the largest websites in the world, including Reddit, Twitter, and Netflix. IoT Opens Excessive Entry Points. Indeed, it has added convenience to our hectic schedules.

Cybersecurity 98

Cybersecurity DDOS Small Business Phishing 98

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet. Nowadays, malware is an indispensable part of the internet (even if we do not like it).

IoT 141

IoT Cybersecurity Manufacturing Internet 141

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Artificial Intelligence 98

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking 69

Hacking Firmware Advertising DDOS 69

Security Affairs

AUGUST 20, 2021

According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IoT 106

IoT DNS Manufacturing Firmware 106

SiteLock

AUGUST 27, 2021

Simply defined, the internet of things (IoT) is a network of Internet-connected objects able to collect and exchange data. VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network. Most manufacturers of IoT enabled devices update their firmware frequently. Update, Update, Update.

IoT 98

IoT Spyware VPN Passwords 98

Malwarebytes

JUNE 26, 2023

Poorly configured Linux and Internet of Things (IoT) devices are at risk of compromise from a cryptojacking campaign , according to researchers at Microsoft. A portion of the install makes use of an open-source IRC bot with Distributed Denial of Service (DDoS) features. When possible, update OpenSSH to the latest version.

IoT 94

IoT Adware Firmware Internet 94