Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords 355

Passwords IoT Password Management Data breaches 355

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords 362

Passwords Authentication Firmware Accountability 362

Schneier on Security

JANUARY 28, 2019

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords. Devices in people's homes and on enterprise networks will be tested alike. [.].

IoT 267

IoT Government Firmware Hacking 267

Adam Levin

DECEMBER 30, 2020

In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.”. The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT 300

IoT Hacking Internet Internet 300

Krebs on Security

APRIL 26, 2019

A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research. If the code stamped on your IoT device begins with one of these, it is vulnerable.

IoT 278

IoT Firewall Manufacturing Computers and Electronics 278

SecureWorld News

JANUARY 8, 2025

From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks. Industry leaders back the initiative Key stakeholders have expressed their enthusiasm for the Cyber Trust Mark's potential to improve IoT security and consumer trust.

IoT 115

IoT Manufacturing Government Cybersecurity 115

Krebs on Security

MARCH 20, 2020

This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.

IoT 282

IoT DDOS VPN Firewall 282

Security Affairs

MARCH 8, 2025

The attacker then moved via RDP to a server and attempted to deploy ransomware as a password-protected zip file, but the victims EDR tool blocked it. They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware. ” concludes the report.

Ransomware 127

Ransomware IoT Encryption Passwords 127

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT 279

IoT Healthcare Internet Internet 279

Security Boulevard

APRIL 30, 2024

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard. Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear.

IoT 135

IoT Passwords Social Engineering Telecommunications 135

Security Affairs

MARCH 5, 2025

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. ” states GreyNoise. discovered on 2025-03-02.

IoT 74

IoT DDOS Passwords Hacking 74

Tech Republic Security

SEPTEMBER 22, 2021

NordPass: Only 33% of users surveyed had changed the default passwords on their IoT devices, leaving the rest vulnerable to attack.

IoT 215

IoT Malware Passwords 215

Tech Republic Security

SEPTEMBER 8, 2021

Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.

IoT 218

IoT Malware Passwords 218

SecureWorld News

NOVEMBER 7, 2024

A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

IoT 101

IoT Firmware Encryption Authentication 101

Troy Hunt

MAY 28, 2021

Today, it's finally happened with Pwned Passwords now completely open to all. And just to make things really interesting, we're all going to build some code for the FBI to feed passwords obtained in the process of their various investigations into HIBP.

Passwords 340

Passwords IoT Government 340

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT 133

IoT DDOS Passwords Malware 133

SecureWorld News

OCTOBER 31, 2024

Spooky fact : The infamous Mirai botnet attack in 2016 turned more than 600,000 IoT devices into cyber zombies, leading to one of the most significant DDoS attacks in history. Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns.

IoT 118

IoT Phishing DDOS Backups 118

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. The Threat is Definitely Real.

IoT 142

IoT Cybersecurity Manufacturing Internet 142

Penetration Testing

APRIL 7, 2024

Genzai Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as input and scan them for default password issues and potential vulnerabilities based on... The post Genzai: The IoT security toolkit appeared first on Penetration Testing.

IoT 111

IoT Penetration Testing Passwords Internet 111

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. reads the analysis published by the experts.

IoT 145

IoT DDOS Architecture Passwords 145

CyberSecurity Insiders

NOVEMBER 25, 2021

A new legislation was introduced in the Britain’s parliament last week aiming to better protect IoT devices from sophisticated hackers. Now, comes the big question…what if companies indulging in the manufacturing of IoT cannot comply with the newly planned Britain’s digital law.? Well, it’s simple….the Hope it does!

IoT 139

IoT Manufacturing Telecommunications Cyber Attacks 139

Adam Shostack

JANUARY 2, 2025

You can start threat modeling IoT with the four question framework: What are you building? But there are specifics to IoT, and those specifics influence how you think about each of those questions. In the IoT world, the question of did we do a good job becomes have we done a good enough job? What can go wrong? Don Bailey)

IoT 130

IoT Engineering Internet Internet 130

eSecurity Planet

NOVEMBER 19, 2021

IoT security is where endpoint detection and response ( EDR ) and enterprise mobility management ( EMM ) meet the challenges of a rapidly expanding edge computing infrastructure. As the enterprise attack surface grows, IoT is yet another attack vector organizations aren’t fully prepared to defend.

IoT 140

IoT Risk Firewall Software 140

Troy Hunt

AUGUST 20, 2021

It all feels a bit "business as usual" this week; data breaches, IoT and 3D printing. Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online. I love it because it's broadly relevant, easily consumable and totally, properly free.

CISO 68

CISO Password Management IoT Data breaches 68

eSecurity Planet

JANUARY 22, 2021

billion Internet of Things (IoT) devices. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. government, standards will not apply to the IoT market at-large. Implications for IoT devices.

IoT 145

IoT Cybersecurity Manufacturing Government 145

Troy Hunt

MARCH 12, 2021

Cyber stuff, audio stuff, IoT stuff - it's all there! Home Assistant started telling people not to use Pwned Password, and people got pissed (this is nuts, and it deserved a dedicated blog post) Sponsored by safepass.me: Get a FREE password audit on your Active Directory users with pwncheck from safepass.me.

Passwords 293

Passwords IoT Hacking 293

Troy Hunt

MAY 6, 2022

It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing.

IoT 306

IoT Data breaches Passwords 306

Troy Hunt

DECEMBER 4, 2020

It's a lighter weekly update this week, kinda feels like I'm still recovering from last week's epic IoT series TBH. Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online. But there's still an hour of content today including the fact that it's HIBP's birthday ??

Password Management 262

Password Management IoT Passwords 262

The Hacker News

AUGUST 14, 2024

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.

Passwords 132

Passwords IoT Cryptocurrency Cybersecurity 132

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords 134

Passwords Manufacturing Telecommunications Cyber Attacks 134

The Last Watchdog

MARCH 4, 2020

However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Related : The promise and pitfalls of IoT At the technology level, two fundamental things must get accomplished. More IoT standards are sure to come, but regulation will raise the bar only so high.

IoT 157

IoT Authentication Internet Internet 157

Troy Hunt

AUGUST 28, 2020

Having said that, some parts have been hard because I've made simple mistakes , but the nature of the IoT ecosystem as it stands today predisposes you to mistakes because there's so freakin' many moving parts that all need to be aligned. More on that in the video, plus some actual infosec content too! More on all of that next week ??

InfoSec 282

InfoSec IoT Passwords 282

SecureWorld News

FEBRUARY 20, 2025

Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments. He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise.

Ransomware 110

Ransomware IoT Encryption Social Engineering 110

Troy Hunt

SEPTEMBER 18, 2020

More IoT, more cyber and more Q&A so yeah, business as usual this week. helps you quickly secure your AD passwords and reduce the risk of Credential Stuffing. More specifically, a lot of this week's update talks about VPNs and where they still make sense with so much HTTPS all over the place these days. Sponsored by: safepass.me

VPN 283

VPN IoT Passwords Ransomware 283

Troy Hunt

JANUARY 22, 2021

You know, stuff like data breaches, new tech toys and having your genitalia locked in an vulnerable IoT device and held for ransom. Just normal stuff like that ?? with a security vulnerability. that locks your equipment in place and demands a ransom.

IoT 215

IoT Data breaches Password Management Passwords 215

Schneier on Security

NOVEMBER 7, 2018

Consumer Reports is starting to evaluate the security of IoT devices. They could be discovered by anyone who finds or guesses the camera's IP address­ -- and if you haven't set a strong password, a hacker might find it easy to gain access. This is the sort of sustained pressure we need on IoT device manufacturers.

Wireless 254

Wireless Manufacturing IoT Encryption 254

Troy Hunt

JUNE 11, 2021

Lots of stuff going on this week, beginning with me losing my mind try to get local control of IoT devices. I'm writing up a much more extensive blog post on this, suffice to say it's a complete mess and all of the suggestions I've had have been well-intentioned, but infeasible for various reasons.

IoT 264

IoT Passwords 264