2017, Firmware, Information Security and Internet

2017

Firmware

Information Security

Internet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0

IoT

IoT Firmware Malware Wireless

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access.

IoT

IoT DDOS Malware Firmware

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Security Affairs

NOVEMBER 24, 2022

The researchers identified over 1 million internet-exposed Boa server components around the world over the span of a week. “Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files. ” concludes the report.

IoT

IoT Firmware Software Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware

Malware Firmware Advertising Manufacturing

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Below the attack chain that was visible in the video PoC: The attacker takes control over the smart bulb by exploiting a vulnerability in smart light bulbs in 2017. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

. “The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. ” reads the press release published by DoJ.

Malware

Malware Government Firmware Firewall

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups. Limit ICS/SCADA systems’ network connections to only specifically allowed management and engineering workstations.

Passwords

Passwords Architecture Backups Cyber Attacks

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was not previously reported and can affect both home and business environments.”

Passwords

Passwords Advertising Firmware Authentication

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

“Once the attacker gains full access to the device through the botnet, the firmware level can be changed and additional malware can be planted on the device.” This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.”

IoT

IoT DDOS Architecture Passwords

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

The only way to recover infected devices is to manually reinstall the device’s firmware. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. It's trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device.

IoT

IoT Malware Advertising Firmware

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

Maryland was one of the very first states to recognize the importance of information security, not only as a critical issue for the nation, but also as a strategic industry for the state,” said Governor Larry Hogan. According to the U.S. This made it the nation’s eighth-largest technology hub.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. ” continues Akamai.

Internet

Internet Internet Firmware Hacking

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

From the 1960’s to 2000 infusion pumps were mostly electromechanical devices with some embedded electronics, but the turn of the century delivered “smarter” devices with better safety mechanisms and the possibility to program them, which slowly opened the door to information security challenges.

Computers and Electronics

Computers and Electronics Authentication Software Risk

Cyber Security Informer

BotenaGo botnet targets millions of IoT devices using 33 exploits

A new Zerobot variant spreads by exploiting Apache flaws

Webinars

Trending Sources

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Webinars

QSnatch malware infected over 62,000 QNAP NAS Devices

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

US dismantled the Russia-linked Cyclops Blink botnet

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

TP-Link Archer routers allow remote takeover without passwords

Mozi Botnet is responsible for most of the IoT Traffic

Silex malware bricks thousands of IoT devices in a few hours

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Stay Connected