article thumbnail

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords 362
article thumbnail

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN 127
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Compromising the Secure Boot Process

Schneier on Security

In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

Firmware 335
article thumbnail

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

Many have argued that this is an unnecessary step, as the same results could be achieved by just sending a security alert to all users, as there's no guarantee that the users found to be using default or easy-to-guess passwords would change their passwords after being notified in private. I am interested in the results of this survey.

IoT 258
article thumbnail

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. . “Organizations using VHD PTZ camera firmware < 6.3.40 CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware 119
article thumbnail

Yubico Security Keys with a Crypto Flaw

Schneier on Security

government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.

Firmware 272
article thumbnail

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 363