Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019.

Malware 105

Malware Firmware Advertising Manufacturing 105

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012.

IoT 107

IoT DDOS Authentication Advertising 107

Security Affairs

OCTOBER 1, 2018

“Just like the regular dnschanger , this campaign attempts to guess the password on the router’s web authentication page or bypass the authentication through the dnscfg. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages. Pierluigi Paganini.

DNS 77

DNS Malware Firmware Phishing 77

Security Affairs

JUNE 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 68

Firmware Advertising Ransomware Hacking 68

Security Affairs

AUGUST 5, 2020

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data. Likely the threat actors who compiled this list scanned the internet for Pulse Secure VPN servers between June 24 and July 8, 2020, and exploited the CVE-2019-11510 vulnerability to gather server details.

VPN 136

VPN Passwords Banking Advertising 136

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 “One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues Cyble.

Computers and Electronics 101

Computers and Electronics Ransomware Mobile Telecommunications 101

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 7)C0 NAS520 before firmware V5.21(AASZ.3)C0 CVE-2014-2321.

Malware 85

Malware IoT Firmware Authentication 85

Security Affairs

MAY 2, 2019

The issues, including a hardcoded session ID, allow unauthenticated, remote attacker to stop, start, and disconnect any screen sharing session due to insufficient authentication checking in the moderator controls. Waiting for the fix, users have to configure their environments to avoid these systems being exposed to the internet.

Wireless 76

Wireless Firmware Advertising Authentication 76

Security Affairs

OCTOBER 7, 2019

According to the Fortinet, the vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 router families. We rated this as a critical issue since the vulnerability can be triggered remotely without authentication.” “The vulnerability begins with a bad authentication check.

Authentication 94

Authentication Advertising Firmware Hacking 94

Security Affairs

FEBRUARY 25, 2020

. “Multiple ZyXEL network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.” “ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. and earlier.

Authentication 70

Authentication Advertising Firmware Internet 70

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS 77

DDOS Hacking Internet Internet 77

Security Affairs

DECEMBER 17, 2019

TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Archer MR200v4: [link].

Passwords 94

Passwords Advertising Firmware Authentication 94

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking 44

Hacking Firmware Advertising DDOS 44

Security Affairs

AUGUST 14, 2018

. “In this paper, we show that reusing a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication.”

Encryption 46

Encryption Authentication Internet Internet 46

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. New vulnerabilities are created every day by cybercriminals, leading to many IoT devices being installed with out-of-date firmware and other exploitable vulnerabilities.”.

Wireless 100

Wireless IoT Manufacturing Mobile 100

Security Affairs

JULY 29, 2018

. “Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” Samsung SmartThings Hub runs a Linux-based firmware and allows for communications with various IoT devices using various wireless standards Zigbee, Z-Wave, and Bluetooth. RCE Chain – CVE-2018-3911.

Firmware 52

Firmware IoT Advertising Wireless 52

Security Affairs

DECEMBER 24, 2018

” Once the mobile app has discovered the IP address of the lights, it authenticates with them, receives an authentication token and retrieves information about the device. Experts found a flaw in the authentication process, it only authenticates the lights to the app and not visa- versa. . Pierluigi Paganini.

IoT 79

IoT Hacking DNS Authentication 79

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. “Prima Systems FlexAir, Versions 2.3.38

Backups 58

Backups Authentication Advertising Firmware 58

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. Even if the vulnerability has been patched, many Dahua devices are still running ancient firmware. Pierluigi Paganini.

IoT 58

IoT Engineering Passwords Firmware 58

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet. Nowadays, malware is an indispensable part of the internet (even if we do not like it).

IoT 134

IoT Cybersecurity Manufacturing Internet 134

Security Affairs

JULY 20, 2018

The first bug can only be exploited by an authenticated attacker, but Positive Technologies says all Diqee 360 devices come with a default password of 888888 for the admin account, which very few users change, and which attackers can incorporate into their exploit chain. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 43

Firmware Surveillance Authentication Technology 43

Security Affairs

APRIL 26, 2019

Upon connecting, most clients will immediately attempt to authenticate as an administrative user in plaintext , allowing an attacker to obtain the credentials to the device.” Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Pierluigi Paganini.

IoT 83

IoT Hacking Manufacturing Advertising 83

CyberSecurity Insiders

JANUARY 26, 2022

Maintain minimal exposure to the Internet on Linux servers and IoT devices and use a properly configured firewall. Install security and firmware upgrades from vendors, as soon as possible. 2830690: ETPRO EXPLOIT GPON Authentication Bypass Attempt (CVE-2018-10561). 2032077: ET EXPLOIT ZTE Cable Modem RCE Attempt (CVE-2014-2321).

Malware 81

Malware IoT Authentication Antivirus 81

Security Affairs

NOVEMBER 10, 2019

It also concluded that the top three cybersecurity reasons that respondents use AI now are for network intrusion detection and prevention, fraud detection and secure user authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Risk 96

Risk Cybersecurity Artificial Intelligence Education 96

Security Affairs

OCTOBER 20, 2018

Meaning, authentication bypasses weren’t enough. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. Firmware Analysis. Summary of Our Findings.

Firmware 61

Firmware IoT VPN Authentication 61

Privacy and Cybersecurity Law

NOVEMBER 6, 2018

California recently became the first state in the union to pass a cybersecurity law addressing “smart” devices and Internet of Things (IoT) technology. The term IoT generally refers to anything connected to the internet, including smart home devices (e.g., Amazon’s Alexa, NEST thermostats, etc.). Code § 1798.91.06(a))

IoT 45

IoT Cybersecurity Manufacturing Technology 45

Privacy and Cybersecurity Law

NOVEMBER 5, 2018

California recently became the first state in the union to pass a cybersecurity law addressing “smart” devices and Internet of Things (IoT) technology. The term IoT generally refers to anything connected to the internet, including smart home devices (e.g., Amazon’s Alexa, NEST thermostats, etc.). Code § 1798.91.06(a))

IoT 45

IoT Cybersecurity Manufacturing Technology 45

Digital Shadows

NOVEMBER 10, 2022

For instance, financially-motivated threat actors often plant in malicious URLs spoofing these events to fraudulent sites, hoping to maximize their chances of scamming naive internet users for a quick (illicit) profit. Nowadays, such pages are necessary to build a brand, generate new business, and resolve customer issues.

Cyber threats 52

Cyber threats Media Social Engineering Mobile 52

Malwarebytes

APRIL 5, 2023

2000 Children’s Internet Protection Act (CIPA): Requires K–12 schools to restrict children’s exposure to obscene digital content, monitor the online activity of minors, and educate students about appropriate behavior on the internet. Keep all operating systems, software, and firmware up to date.

Education 61

Education Ransomware Cybersecurity Risk 61