Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. ” reported ZDNet. Pierluigi Paganini.

VPN 130

VPN Passwords Banking Advertising 130

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. through 1.4.2.20.

Small Business 78

Small Business Firmware Advertising VPN 78

Security Affairs

FEBRUARY 11, 2019

“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 “Exposing your NAS on the internet (allowing remote access) is always a high risk thing to do (at least without a properly deployed remote access VPN and/or 2FA on all existing user accounts)!”

Antivirus 90

Antivirus Firmware Advertising VPN 90

Security Affairs

MARCH 30, 2019

Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. Firmware updates that address this vulnerability are not currently available.

Small Business 71

Small Business Firmware Advertising Engineering 71

Security Affairs

OCTOBER 10, 2018

Unfortunately, the cloud ID is not sufficiently random and complex to make guessing correct cloud IDs hard because the analysis of the Xiongmai firmware revealed it is derived from the device’s MAC address. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update.

Surveillance 80

Surveillance Hacking Firmware Manufacturing 80

Security Affairs

DECEMBER 1, 2018

The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. ” continues Akamai. ” continues Akamai.

Hacking 100

Hacking Internet Internet Advertising 100

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. According to a new report published by IBM, the Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020. ” continues the analysis. Pierluigi Paganini.

IoT 119

IoT DDOS Architecture Passwords 119

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. Even if the vulnerability has been patched, many Dahua devices are still running ancient firmware. — Ankit Anubhav (@ankit_anubhav) July 13, 2018.

IoT 55

IoT Engineering Passwords Firmware 55

Security Affairs

SEPTEMBER 6, 2019

Attackers could spy on the users, listen conversations made in the environment surrounding the GPS tracker, get and spoof the location of the tracker, send an SMS message to an arbitrary number to obtain the telephone number of the device and use SMS as an attack vector, replace the firmware of the device. Pierluigi Paganini.

Passwords 79

Passwords Manufacturing Advertising Firmware 79

Security Affairs

DECEMBER 29, 2019

Experts from Twelve Security claimed they found API tokens that would have allowed hackers to access Wyze user accounts from any iOS or Android device. In response to the incident, Wyze log out all Wyze users out of their accounts and unliked all third-party app integrations to generate new tokens. ” continues Wyze.

IoT 61

IoT Accountability Advertising Wireless 61

Security Affairs

MARCH 7, 2019

. “The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward public ports to the private devices and be open to the public internet,” reads the analysis published by Yang.

Cyber Attacks 80

Cyber Attacks Advertising Firmware Data collection 80

Security Affairs

JULY 20, 2018

The first bug can only be exploited by an authenticated attacker, but Positive Technologies says all Diqee 360 devices come with a default password of 888888 for the admin account, which very few users change, and which attackers can incorporate into their exploit chain. vacuum cleaner as root. .” Pierluigi Paganini.

Firmware 42

Firmware Surveillance Authentication Technology 42

Security Affairs

NOVEMBER 10, 2019

” It recognizes the worthiness of using AI for some cybersecurity requirements, such as to detect fraudulent bank account activity. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. However, the report calls AI “a double-edged sword.” Pierluigi Paganini.

Risk 91

Risk Cybersecurity Artificial Intelligence Education 91

Thales Cloud Protection & Licensing

NOVEMBER 7, 2017

Recently, NIST has been taking a closer look at the Internet of Things (IoT), inviting input on practical risks organizations face as they move into the age of connected devices. But its guidance, created with years of input from stakeholders, applies to the private sector and to enterprises of all sizes.

IoT 98

IoT Cybersecurity Manufacturing Digital transformation 98

Security Affairs

NOVEMBER 16, 2018

The attackers’ research vector is now shifting from software vulnerabilities to those located at the hardware and firmware level. The company’s records indicate that dumps account for 62% of data sold, which means that POS Trojans are the main method of compromising plastic cards. Espionage as one of the main APT groups’ goals.

Cybercrime 81

Cybercrime Hacking Banking Phishing 81

Security Affairs

OCTOBER 3, 2019

Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) warns organizations about high-impact ransomware attacks. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks. ” reads the public service announcement published by the IC3.

Ransomware 16

Ransomware Advertising Firmware Internet 16

McAfee

AUGUST 24, 2021

Even earlier, in 2015 research was published on the Hospira Symbiq Infusion Pump showing that it was possible to modify drug library files and raise dose limits through “unanticipated operations”, although authentication was required. Could this attack take place over the internet? Figure 3: Format String Vulnerability Testing.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

SecureList

DECEMBER 14, 2022

For instance, according to the New York Times, in 2003, the United States made plans for a huge cyberattack to freeze billions of dollars in Saddam Hussein’s bank accounts and cripple his government before the invasion of Iraq. It directly affected satellite modems firmwares , but was still to be understood as of mid-March.

DDOS 136

DDOS Ransomware Government Energy and Utilities 136