2014, Internet, IoT and Passwords - Cyber Security Informer

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. The Threat is Definitely Real.

IoT

IoT Cybersecurity Manufacturing Internet

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. reads the analysis published by the experts.

IoT

IoT DDOS Architecture Passwords

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The availability online of a new collection of Telnet credentials for more than 500,000 servers, routers, and IoT devices made the headlines. This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Kilmer said Faceless has emerged as one of the underground’s most reliable malware-based proxy services, mainly because its proxy network has traditionally included a great many compromised “Internet of Things” devices — such as media sharing servers — that are seldom included on malware or spam block lists.

Malware

Malware Passwords Accountability Advertising

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. IoT market growth. IoT Security Neglected.

Wireless

Wireless IoT Manufacturing Mobile

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. IoT #malware branches seen in ????????

IoT

IoT Passwords Advertising Malware

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

A hacker has taken over at least 29 IoT botnets

Security Affairs

MAY 5, 2019

Hacker “Subby” brute-forces the backends of 29 IoT botnets that were using weak or default credentials. A hacker that goes online with the moniker ‘Subby’ took over 29 IoT botnets in the past few week s with brute-force attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Advertising Hacking Passwords

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). Security IoT devices. If you have an IoT device at home, know there are ways to secure it. If you plan to get an IoT device soon, buy from a well-known brand.

Malware

Malware IoT DDOS DNS

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved.

IoT

IoT Passwords Malware Advertising

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “This one seems to target enterprise systems.”

IoT

IoT Cryptocurrency Malware System Administration

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

Kenneth Currin Schuchman (21) from Vancouver, Washington pleaded guilty to creating and operating multiple DDoS IoT botnet , including Satori. Kenneth Currin Schuchman (21) from Vancouver, Washington, aka Nexus Zeta, pleaded guilty to creating and operating multiple DDoS IoT botnets. Pierluigi Paganini.

IoT

IoT DDOS Internet Internet

The 7 Biggest Cybersecurity Scoops from February 2015

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. 10 Million Passwords Leaked Online. Security consultant Mark Burnett leaked 10 million usernames and passwords online through his personal blog last week, in a very risky move. Worst Passwords of 2014.

Passwords

Passwords Cybersecurity Internet Internet

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. Kunz and his colleagues were able to brute-force the IoT radio in just 10 minutes and achieve root access with full privileges. . Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. The iLnkP2P system allows users to remotely connect to their IoT devices using a mobile phone or a PC. Potentially affected IoT devices include cameras and smart doorbells. Pierluigi Paganini.

IoT

IoT Hacking Manufacturing Advertising

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. ” IoT risk must be taken seriously. ” continues Microsoft.

IoT

IoT Hacking Advertising Government

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The IoT malware ran only on systems with an x86 architecture. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Architecture Malware

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

The news is not surprising, unfortunately in many cases IoT devices, including IP cameras, are deployed without proper security measures. As worrying as it may seem, this comes as a clear reminder that when cameras are placed on the internet, they must be properly installed with security in mind.

IoT

IoT Internet Internet Hacking

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Security Affairs

FEBRUARY 18, 2020

Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. Artifacts extracted from the FW analysis: Smartlock Passwords & User’s Logs. But it saves my time while hacking (I)IoT targets. SecurityAffairs – hacking IoT, Focaccia board).

IoT

IoT Hacking Firmware Advertising

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. Change the default username and passwords for all network devices, especially IoT devices. Pierluigi Paganini.

DDOS

DDOS IoT Internet Internet

Over 100 irrigation systems left exposed online without protection

Security Affairs

OCTOBER 27, 2020

Researchers found more than 100 smart irrigation systems running ICC PRO that were left exposed online without a password last month. The ICC PRO systems were deployed with default factory settings, which don’t have a password for the default user’s account. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks IoT Advertising Passwords

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

In a typical PPI network, clients will submit their malware—a spambot or password-stealing Trojan, for example —to the service, which in turn charges per thousand successful installations, with the price depending on the requested geographic location of the desired victims. But on Dec.

Passwords

Passwords Malware Internet Internet

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Security Affairs

DECEMBER 23, 2018

An attacker could use IoT search engines such as ZoomEye or Shodan to scan the internet for devices having default passwords. “Hence the attacker can craft a ZoomEye / Shodan dork to implicitly get a list of the devices having default password. ” reads the blog post published by the expert.

IoT

IoT Internet Internet Passwords

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

“The Guardzilla IoT-enabled home video surveillance system contains a shared Amazon S3 credential used for storing saved video data. It has a CVSSv3 base score of 8.6 , since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.” Pierluigi Paganini.

Firmware

Firmware Surveillance IoT Passwords

Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Security Affairs

NOVEMBER 21, 2018

These Mirai variants are the first one that doesn’t target Internet of Things devices, the bot was specifically developed to target Linux servers. These versions of Mirai behave much like the original but are tailored to run on Linux servers and not underpowered IoT devices.”

IoT

IoT Advertising Malware Architecture

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

. “According to court documents, the botnets were initially based largely on the source code previously developed by other individuals to create the Mirai botnet;” In September 2019, Schuchman pleaded guilty to creating and operating multiple DDoS IoT botnets. ” the DoJ concludes. Pierluigi Paganini.

DDOS

DDOS IoT Advertising Internet

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. The Enemybot botnet employs several methods to spread and targets other IoT devices. The botnet implements multiple obfuscation techniques to avoid detection and hides C2 on the Tor network.

Malware

Malware DDOS IoT Cybercrime

Korean Davolink routers are easy exploitable due to poor cyber hygene

Security Affairs

JULY 25, 2018

Davolink dvw 3200 routers have their login portal up on port 88, the access is password protected, but the password is hardcoded in the HTLM of login page. These Davolink dvw 3200 routers have their login portal up on port 88, the access is password protected. function clickApply(sel). {. function clickApply(sel). {.

Passwords

Passwords Advertising IoT Internet

California Passes First Of Its Kind IoT Cybersecurity Law

Privacy and Cybersecurity Law

NOVEMBER 6, 2018

California recently became the first state in the union to pass a cybersecurity law addressing “smart” devices and Internet of Things (IoT) technology. The term IoT generally refers to anything connected to the internet, including smart home devices (e.g., Amazon’s Alexa, NEST thermostats, etc.).

IoT

IoT Cybersecurity Manufacturing Technology

California Passes First Of Its Kind IoT Cybersecurity Law

Privacy and Cybersecurity Law

NOVEMBER 5, 2018

California recently became the first state in the union to pass a cybersecurity law addressing “smart” devices and Internet of Things (IoT) technology. The term IoT generally refers to anything connected to the internet, including smart home devices (e.g., Amazon’s Alexa, NEST thermostats, etc.).

IoT

IoT Cybersecurity Manufacturing Technology

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. The Enemybot botnet employs several methods to spread and targets other IoT devices. The Enemybot botnet borrows the code from the Gafgyt bot and re-used some codes from the infamous Mirai botnet.

DDOS

DDOS Architecture Malware Cybercrime

Tens of thousands of hot tubs are exposed to hack

Security Affairs

JANUARY 7, 2019

“Like most internet of things devices, the Wi-Fi module acts initially as in AP mode. “It said it was working with more than 1,000 owners in the UK and others globally to set up a system of individual usernames and passwords to secure the online controls. SecurityAffairs – IoT, hacking). ” reported the BBC.

Hacking

Hacking Cyber Attacks Mobile IoT

Hackers are targeting Cisco RV320/RV325, over 9K routers exposed online

Security Affairs

JANUARY 28, 2019

After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Cisco RV320/RV325 routers, IoT).

Small Business

Small Business IoT Advertising Internet

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

The Last Watchdog

OCTOBER 16, 2019

Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports. Rapid 7 estimates that there are upwards of 1.5

Big data

Big data Accountability Passwords Digital transformation

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers. Creator of multiple IoT botnets, including Satori, pleaded guilty. Over 600k GPS trackers left exposed online with a default password of ‘123456. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Crooks stole €1.5

IoT

IoT Data breaches DNS Advertising

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

For example, the startup Proteus Digital Health back in 2014 created sensor-enabled pharmaceuticals that received hundreds of millions of dollars in investments. For the user, this means that if the wearable device is openly connected to the internet, then attackers can easily intercept the data it sends.

Phishing

Phishing Healthcare IoT Authentication

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. In the OT attacks observed by IBM researchers, hackers attempted to exploit a combination of known ICS/SCADA vulnerabilities, as well as password-spraying attacks. ” concludes IBM. Pierluigi Paganini.

Advertising

Advertising Malware IoT Technology

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

GhostDNS scans for the IP addresses used by routers that use weak or no password then accesses them and changes the DNS settings to a rogue DNS server operated by the attackers. Experts believe this sub-module is the core module of DNSChanger that allows attackers to scan the Internet to find vulnerable routers. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The flaw affects the procedure for changing expired passwords, the backdoor could be exploited by a remote attacker to execute malicious commands with root privileges on the machine running vulnerable Webmin. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

Nine 2019 Cybersecurity Predictions

Security Affairs

JANUARY 8, 2019

The Internet of Things is a remarkable benchmark in human technological advancement. In 2014, the personal records of some 40 million Target shoppers, including names and credit card numbers, were stolen by hackers. Their way in was through the company’s internet-connected HVAC system.

Cybersecurity

Cybersecurity Small Business Internet Internet

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Mozi Botnet is responsible for most of the IoT Traffic

Webinars

Trending Sources

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Webinars

Giving a Face to the Malware Proxy Service ‘Faceless’

EU to Force IoT, Wireless Device Makers to Improve Security

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

A hacker has taken over at least 29 IoT botnets

Massive increase in XorDDoS Linux malware in last six months

Evolution of threat landscape for IoT devices – H1 2018

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Creator of multiple IoT botnets, including Satori, pleaded guilty

The 7 Biggest Cybersecurity Scoops from February 2015

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Chalubo, a new IoT botnet emerges in the threat landscape

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Hackers claim to have compromised 50,000 home cameras and posted footage online

Hacking the Twinkly IoT Christmas lights

TP-Link Archer routers allow remote takeover without passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Over 100 irrigation systems left exposed online without protection

The Link Between AWM Proxy & the Glupteba Botnet

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Guardzilla Security Video System Footage exposed online

Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Developer of DDoS Mirai based botnets sentenced to prison

EnemyBot malware adds new exploits to target CMS servers and Android devices

Korean Davolink routers are easy exploitable due to poor cyber hygene

California Passes First Of Its Kind IoT Cybersecurity Law

California Passes First Of Its Kind IoT Cybersecurity Law

Enemybot, a new DDoS botnet appears in the threat landscape

Tens of thousands of hot tubs are exposed to hack

Hackers are targeting Cisco RV320/RV325, over 9K routers exposed online

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

Security Affairs newsletter Round 230

Telehealth: A New Frontier in Medicine—and Security

OT attacks increased by over 2000 percent in 2019, IBM reports

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Roboto, a new P2P botnet targets Linux Webmin servers

Nine 2019 Cybersecurity Predictions

Stay Connected