Firmware, Internet and Manufacturing - Cyber Security Informer

New Windows/Linux Firmware Attack

Schneier on Security

DECEMBER 12, 2023

And the BIOS makers probably pulled some random graphics library off the Internet and never gave it a moment’s thought after that. So the ability has to be in the BIOS, which means that the vulnerabilities aren’t being protected by any of the OS’s defenses.

Firmware

Firmware Manufacturing Internet Internet

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

GreyNoise worked with VulnCheck to disclose the two vulnerabilities responsibly. “The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. Affected devices use VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40

Firmware

Firmware Manufacturing IoT Healthcare

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Configure a Firewall: Most routers come with a built-in firewall to block unauthorized incoming internet traffic.

Wireless

Wireless Firmware Firewall Manufacturing

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT

IoT DDOS Internet Internet

To Make the Internet of Things Safe, Start with Manufacturing

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

This aptly describes the Internet of Things (IoT), where many small things are coming together to shape what we all hope will deliver a great leap in the way we live and do business. Typically, when they are manufactured, IoT devices receive their initial identity in the form of a “digital birth certificate.” Digital Code Signing.

Manufacturing

Manufacturing Internet Internet IoT

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” .” reads the analysis published by Akamai. ” concludes the report.

Manufacturing

Manufacturing Malware Firmware IoT

Secret Backdoors Found in German-made Auerswald VoIP System

The Hacker News

DECEMBER 21, 2021

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

Penetration Testing

Penetration Testing Firmware Telecommunications Manufacturing

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. “Software-based remediation is unlikely due to the infeasibility of changing device UIDs, which are permanently assigned during the manufacturing process.

IoT

IoT Firewall Manufacturing Computers and Electronics

Quantum Threats and How to Protect Your Data

SecureWorld News

DECEMBER 8, 2024

Attackers are intercepting and storing encrypted internet traffic in anticipation of future quantum decryptiona practice known as "store now, decrypt later." Ensure quantum-ready hardware: Require that new infrastructure device purchases, such as routers and firewalls, have quantum-resistant or upgradable firmware.

Encryption

Encryption Firewall Education Firmware

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware

Firmware IoT Manufacturing Cyber Risk

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. The Internet of Things Cybersecurity Improvement Act of 2020 , which was enacted Dec.

Manufacturing

Manufacturing IoT Firmware Architecture

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

Machine Identities are Essential for Securing Smart Manufacturing. The Industrial Internet of Things (IIoT) puts networked sensors and intelligent devices directly on the manufacturing floor to collect data, drive artificial intelligence and do predictive analytics. Benefits of IIoT in the manufacturing sector.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. A Safer Internet of Things. The post The Internet of Things Is Everywhere.

Internet

Internet Internet IoT Software

Router Vulnerability and the VPNFilter Botnet

Schneier on Security

JUNE 11, 2018

It can eavesdrop on traffic passing through the router specifically, log-in credentials and SCADA traffic, which is a networking protocol that controls power plants, chemical plants and industrial systems attack other targets on the Internet and destructively "kill" its infected device. Internet of Things malware isn't new.

Malware

Malware Firmware Internet Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Internet Internet

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698. “We do not recommend that security researchers act in this manner, as they expose end-users to further risks without patches being available from the manufacturer.” DIR-X4860 A1 firmware version 1.00, 1.04

Wireless

Wireless Firmware Manufacturing Hacking

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

Security Affairs

MAY 12, 2021

Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list. As with many inventions of the 20th century, the internet has drastically changed using the phone. However, as with everything connected to the internet, beware of vulnerabilities. Most devices.

Manufacturing

Manufacturing Internet Internet Firmware

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Update the firmware on CompactRIO controllers to v8.5 Updating the firmware patches the Safe Mode where defaults are loaded.

Firmware

Firmware Manufacturing Software Authentication

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. I had an eye-opening conversation about all of this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany.

IoT

IoT Government Internet Internet

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Unfortunately, often manufacturers sell older OS versions as newer ones. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware

Malware Firmware Antivirus Manufacturing

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. 7}' 1432d89.

Firmware

Firmware Manufacturing Passwords Penetration Testing

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co., Mitigation.

Firmware

Firmware Surveillance Marketing VPN

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Hacker Combat

SEPTEMBER 22, 2022

More than 2,000 PDUs were directly exposed to the internet in 2021, and roughly a third of those were iBoot PDUs, according to a Censys research. The affected product, according to the government, has been used in numerous nations and businesses, including the crucial manufacturing sector.

Firmware

Firmware Firewall Manufacturing Internet

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients). The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The most severe issue is the presence of Telnet backdoor accounts hardcoded in the firmware.

Firmware

Firmware Accountability Advertising Manufacturing

Device manufacturers need to rethink how to lock down IoT

SC Magazine

MAY 27, 2021

Today’s columnist, Matt Wyckhouse of Finite State, says to lock down IoT devices, manufacturers have to build security in from the start. Embedded, internet-connected devices control the most critical infrastructure on the planet. The Security Signals research said that attacks on firmware increased five-fold in four years.

Manufacturing

Manufacturing IoT Firmware Software

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

The Last Watchdog

JUNE 27, 2023

The models of the EM-30 and S-56(u) series, which are available as an embedded component in the form of an e.MMC or as flexible, interchangeable SD memory cards, offer maximum reliability due to proven firmware architecture. They also guarantee 100% data security. specifications and is fully backward compatible.

IoT

IoT Manufacturing Media Technology

Millions of home routers on Mirai Botnet Radar

CyberSecurity Insiders

AUGUST 13, 2021

Tenable researchers claim hackers are exploiting a security flaw termed authentication-bypass vulnerability that is impact routers and internet of things (IoT) devices. What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan.

Firmware

Firmware Malware DDOS Manufacturing

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Flashing Firmware: Flashing BUSSide firmware inside the NodeMCU is quick and easy: # apt-get install esptool # git clone [link] # esptool --port /dev/ttyUSB0 write_flash 0x00000 BUSSide/FirmwareImages/*.bin. his majesty, the Firmware). In a couple of minutes you should get extracted the firmware. What do you do?

IoT

IoT Hacking Firmware Advertising

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet.

IoT

IoT Firmware Internet Internet

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

Being constantly connected to the internet, they are either protected by basic passwords or, in some cases, have no password protection at all. In response, manufacturers are intensifying their cybersecurity efforts, incorporating advanced CI/CD workflows to safeguard medical devices from escalating attacks.

Healthcare

Healthcare Manufacturing Internet Internet

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware

Firmware Passwords Manufacturing Mobile

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

Malwarebytes

AUGUST 24, 2021

Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed Denial of Service (DDoS) attacks. The vulnerabilities were found and disclosed by IoT Inspector , a platform for automated security analysis of IoT firmware. Vulnerabilities.

Firmware

Firmware IoT Internet Internet

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

The researchers analyzed the firmware and set up a 2G base station in order to intercept and analyze the devices’ communications. Itel it2160 – The device was spotted transferring some info to the domain asv.transsion.com (Country, Model, Firmware version, Language. And the manufacturer if you find any incomprehensible activity.

Mobile

Mobile Malware Firmware Manufacturing

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Shell DNSChanger is written in the Shell programming language and combines 25 Shell scripts that allow the malware to carry out brute-force attacks on routers or firmware packages from 21 different manufacturers. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages.

DNS

DNS Malware Firmware Phishing

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Manufacturing Passwords Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware

Malware Firmware Advertising Manufacturing

Building a foundation of trust for the Internet of Things

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

Invariably, Internet of Things (IoT) strategies form the backbone of those efforts. With consumers in particular prioritising convenience and functionality over security, it’s down to manufacturers to ensure security is embedded into devices from the point of creation. The goal is then to analyse it and take impactful action.

Internet

Internet Internet IoT Manufacturing

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Malwarebytes

MAY 8, 2023

While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” Among them are household names like Lenovo and HP. Prevent intrusions.

Firmware

Firmware Ransomware Backups Malware

New Windows/Linux Firmware Attack

PTZOptics cameras zero-days actively exploited in the wild

Webinars

Trending Sources

5 Ways to Ensure Home Router Security with a Remote Workforce

Webinars

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

To Make the Internet of Things Safe, Start with Manufacturing

IoT Unravelled Part 3: Security

Dynamic analysis of firmware components in IoT devices

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Secret Backdoors Found in German-made Auerswald VoIP System

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

P2P Weakness Exposes Millions of IoT Devices

Quantum Threats and How to Protect Your Data

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

March to 5G could pile on heavier security burden for IoT device manufacturers

Machine Identities are Essential for Securing Smart Manufacturing

The Internet of Things Is Everywhere. Are You Secure?

Router Vulnerability and the VPNFilter Botnet

3.5m IP cameras exposed, with US in the lead

D-Link addressed three critical RCE in wireless router models

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

NI CompactRIO controller flaw could allow disrupting production

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Experts found backdoors in a popular Auerswald VoIP appliance

Patch now! Insecure Hikvision security cameras can be taken over remotely

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Botnet operators target multiple zero-day flaws in LILIN DVRs

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Device manufacturers need to rethink how to lock down IoT

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

Millions of home routers on Mirai Botnet Radar

Hacking IoT & RF Devices with BürtleinaBoard

Realtek SDK flaws exploited to deliver Mirai bot variant

The High-Stakes Game of Ensuring IoMT Device Security

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

Malware found pre-installed in cheap push-button mobile phones sold in Russia

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

FBI warns of ransomware threat to food and agriculture

QSnatch malware infected over 62,000 QNAP NAS Devices

Building a foundation of trust for the Internet of Things

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Stay Connected