Security Affairs

APRIL 2, 2022

Between February and March 2022, researchers from the FortiGuard Labs team observed Beastmode operators adding five new exploits in a few weeks, with three targeting some TOTOLINK routers. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices. ” concludes the report.

DDOS 81

DDOS Firmware Surveillance IoT 81

Security Affairs

JANUARY 30, 2023

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.

Firmware 96

Firmware Hacking Internet Internet 96

Security Affairs

MARCH 31, 2022

The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022. According to the experts, there are 3 version of Wyze Cam devices on the market and the first one has been discontinued and will not receive security updates to address the flaws.

IoT 70

IoT Firmware Marketing Authentication 70

Security Affairs

AUGUST 18, 2022

The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek’s RTL819x system on a chip was released online. ” reads the advisory published by Realtek, which published the issue in March 2022. ”, which was presented at DEFCON30.”

Firmware 145

Firmware IoT Hacking Authentication 145

Security Affairs

MARCH 3, 2023

Both vulnerabilities were reported in November 2022 by cybersecurity firm Quarkslab. In some cases, the attacker can also overwrite protected data in the TPM firmware. ” Quarkslab researchers pointed out that the vulnerabilities could potentially affect billions of devices, including IoT devices, servers, and embedded systems.

Firmware 96

Firmware IoT Authentication Hacking 96

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 112

Hacking Firmware Internet Internet 112

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology also warns customers of other three flaws, tracked as CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 that could allow remote attackers to run arbitrary code on affected devices. Synology products affected by the flaw are: Product Severity Fixed Release Availability DSM 7.1

Firmware 79

Firmware Hacking Cybersecurity Internet 79

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. “At its peak on January 26th, 2022, Censys observed 4,988 Deadbolt-infected services out of the 130,000 QNAP devices currently on the internet.

Ransomware 94

Ransomware Firmware Internet Internet 94

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 252

Scams DDOS Cryptocurrency Accountability 252

Security Affairs

APRIL 13, 2022

Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous mobile robots, collectively named JekyllBot:5 , that could be exploited by remote attackers to hack the devices.

Mobile 123

Mobile Hacking Firmware Surveillance 123

Security Affairs

OCTOBER 22, 2022

The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. Implementing HIPAA security measures can prevent the introduction of malware on the system.

Ransomware 65

Ransomware VPN Cybercrime Accountability 65

Krebs on Security

JULY 25, 2023

Preserving bandwidth for both customers and victims was a primary concern for SocksEscort in July 2022, when 911S5 — at the time the world’s largest known malware proxy network — got hacked and imploded just days after being exposed in a story here. “Probably, they wanted to keep that revenue stream going.”

Malware 211

Malware VPN Internet Internet 211

Notice Bored

OCTOBER 19, 2021

This is an interesting policy example to have been selected for inclusion in ISO/IEC 27002:2022 , spanning the divide between 'cybersecurity' and 'the business'. Data on smartphones, laptops and all those IoT things proliferating like swarms of cockroaches in a horror movie. Why do data need to be backed up? What's the purpose?

Backups 56

Backups Risk Internet Internet 56

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52