2014, Firmware, IoT and Passwords - Cyber Security Informer

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. reads the analysis published by the experts.

IoT

IoT DDOS Architecture Passwords

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. The Threat is Definitely Real.

IoT

IoT Cybersecurity Manufacturing Internet

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. IoT market growth. IoT Security Neglected.

Wireless

Wireless IoT Manufacturing Mobile

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . ” continues the experts.

IoT

IoT Hacking Firmware Advertising

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. The iLnkP2P system allows users to remotely connect to their IoT devices using a mobile phone or a PC. Potentially affected IoT devices include cameras and smart doorbells. Pierluigi Paganini.

IoT

IoT Hacking Manufacturing Advertising

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” “The Guardzilla IoT-enabled home video surveillance system contains a shared Amazon S3 credential used for storing saved video data. . Pierluigi Paganini.

Firmware

Firmware Surveillance IoT Passwords

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. The expert also found hardcoded private keys for the SSH daemon in the device’s firmware.

Firmware

Firmware Passwords Advertising IoT

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019.

Malware

Malware Firmware Advertising Manufacturing

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Unfortunately, the cloud ID is not sufficiently random and complex to make guessing correct cloud IDs hard because the analysis of the Xiongmai firmware revealed it is derived from the device’s MAC address. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance

Surveillance Hacking Firmware Manufacturing

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

GhostDNS scans for the IP addresses used by routers that use weak or no password then accesses them and changes the DNS settings to a rogue DNS server operated by the attackers. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Security Affairs

FEBRUARY 5, 2020

HiSilicon is the largest domestic designer of integrated circuits in China, its chips are used by millions of IoT devices worldwide, including security cameras, DVRs, and NVRs. Login Password root xmhdipc root klv123 root xc3511 root 123456 root jvbzd root hi3518. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Encryption Advertising Passwords

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs

JULY 25, 2018

EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware. Many products of the vendor currently run the vulnerable firmware, including DVRs, NVRs, and IP cameras. “So, if I put reboot as password, the AVTech system gets rebooted,” Anubhav explained.

Firmware

Firmware Passwords IoT Advertising

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

DECEMBER 25, 2018

Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. “A flaw exists in these modems that allow remote unauthenticated users to obtain the device’s SSID and WiFi password.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Wireless Firmware Advertising

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Security Affairs

NOVEMBER 1, 2018

Security experts from the IoT security firm Armis, the same that found the BlueBorne Bluetooth flaws, have discovered two serious vulnerabilities in BLE chips designed by Texas Instruments. The flaw can only be exploited if the device using the chip has the over-the-air firmware download (OAD) feature enabled.

Firmware

Firmware Manufacturing IoT Mobile

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

“Like any other IoT device, these robot vacuum cleaners could be marshalled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Surveillance Authentication Technology

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

“ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials. ” reads a blog post published by Avast. concludes Avast.

DNS

DNS Passwords Advertising Banking

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware

Firmware IoT VPN Authentication

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. To find out how many printers were on the menu for our experiment, we searched for IP addresses with open ports on specialized IoT search engines, such as Shodan and Censys.

Hacking

Hacking IoT Firmware Internet

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Security Affairs

FEBRUARY 18, 2020

Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. Successfully dumped the smartlock’s firmware. And after having successfully dumped the firmware we can proceed at extracting some valuable evidences for the forensics case. Some Practical Use-Cases.

IoT

IoT Hacking Firmware Advertising

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working? They spoke at BlackHat USA 2021 where they launched a new tool to find IoT based CnC servers. Clearly, there needs to be another approach. Davanian: This is Ali.

IoT

IoT DDOS Malware Internet

California Passes First Of Its Kind IoT Cybersecurity Law

Privacy and Cybersecurity Law

NOVEMBER 6, 2018

California recently became the first state in the union to pass a cybersecurity law addressing “smart” devices and Internet of Things (IoT) technology. The term IoT generally refers to anything connected to the internet, including smart home devices (e.g., Amazon’s Alexa, NEST thermostats, etc.). Code § 1798.91.06(a))

IoT

IoT Cybersecurity Manufacturing Technology

California Passes First Of Its Kind IoT Cybersecurity Law

Privacy and Cybersecurity Law

NOVEMBER 5, 2018

California recently became the first state in the union to pass a cybersecurity law addressing “smart” devices and Internet of Things (IoT) technology. The term IoT generally refers to anything connected to the internet, including smart home devices (e.g., Amazon’s Alexa, NEST thermostats, etc.). Code § 1798.91.06(a))

IoT

IoT Cybersecurity Manufacturing Technology

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

Vamosi: But as someone who wrote a book questioning the security of our mass produced IoT devices, I wonder why no one bothered to test and certify these devices before they were installed? I moved here at the end of 2014. And then you have the smart meters and so the software on the smart meters that's just 100% on its firmware.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

Cyber Security Informer

Mozi Botnet is responsible for most of the IoT Traffic

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Webinars

Trending Sources

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Webinars

EU to Force IoT, Wireless Device Makers to Improve Security

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

TP-Link Archer routers allow remote takeover without passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Hacking the Twinkly IoT Christmas lights

Guardzilla Security Video System Footage exposed online

WAGO Industrial Switches affected by multiple flaws

Botnet operators target multiple zero-day flaws in LILIN DVRs

QSnatch malware infected over 62,000 QNAP NAS Devices

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

For nearly a year, Brazilian users have been targeted with router attacks

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

California Passes First Of Its Kind IoT Cybersecurity Law

California Passes First Of Its Kind IoT Cybersecurity Law

The Hacker Mind Podcast: Reverse Engineering Smart Meters

Stay Connected