Security Affairs

DECEMBER 23, 2018

A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw was discovered by experts at Tenable that explained that an authenticated remote unprivileged user can change or download the running configuration or replace the appliance firmware where they shouldn’t.

Firmware 111

Firmware Authentication Software Advertising 111

Security Affairs

JULY 10, 2019

The experts at the healthcare cybersecurity firm CyberMDX have found some flaws in the firmware of the anesthesia machines, the issues could expose patients to serious risks. ” Experts pointed out that the devices lack authentication allowing anyone of the same network to execute commands supported by the machines. .

Hacking 73

Hacking Healthcare Advertising Firmware 73

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. Pierluigi Paganini.

Malware 105

Malware Firmware Advertising Manufacturing 105

Security Affairs

NOVEMBER 20, 2018

The vulnerabilities are two remote code execution (RCE) flaws(CVE-2018-3950, CVE-2018-3951), a denial-of-service issue (CVE-2018-3948), and a server information disclosure bug (CVE-2018-394). The CVE-2018-3948 DoS flaw affects the URI-parsing function of the TL-R600VPN HTTP server. Pierluigi Paganini.

Authentication 69

Authentication Advertising Firmware Hacking 69

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. Pierluigi Paganini.

Internet 98

Internet Internet Firmware Advertising 98

Security Affairs

JULY 29, 2018

“Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” Samsung SmartThings Hub runs a Linux-based firmware and allows for communications with various IoT devices using various wireless standards Zigbee, Z-Wave, and Bluetooth. RCE Chain – CVE-2018-3911.

Firmware 52

Firmware IoT Advertising Wireless 52

CyberSecurity Insiders

JANUARY 26, 2022

In September 2016, source code of one of the most popular botnets named Mirai was leaked and uploaded to one of the hacking community forums, and later uploaded to GitHub with detailed information on the botnet, its infrastructure, configuration and how to build it. Install security and firmware upgrades from vendors, as soon as possible.

Malware 81

Malware IoT Authentication Antivirus 81

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT 52

IoT Hacking Internet Internet 52

Security Affairs

APRIL 16, 2021

Gafgyt also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads, which we will discuss further on. Figure 8: GPON Router Exploit inside binary (CVE-2018-10561). Keep systems and firmware updated with the latest releases and patches. SecurityAffairs – hacking, Mirai).

Malware 121

Malware DDOS IoT Firmware 121

Pen Test

OCTOBER 12, 2023

Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Keeping firmware up to date is essential for security.

Encryption 52

Encryption Firmware Surveillance Technology 52

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. Even if the vulnerability has been patched, many Dahua devices are still running ancient firmware. — Ankit Anubhav (@ankit_anubhav) July 13, 2018.

IoT 58

IoT Engineering Passwords Firmware 58

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • Use multifactor authentication where possible. Focus on awareness and training.

Passwords 66

Passwords Government Firmware Accountability 66

eSecurity Planet

MARCH 1, 2023

To prevent unwanted access and protect data in transit, wireless connections must be secured with strong authentication procedures, encryption protocols, access control rules, intrusion detection and prevention systems, and other security measures. As a result, wireless networks are prone to eavesdropping, illegal access and theft.

Wireless 89

Wireless Encryption Authentication IoT 89

Security Affairs

AUGUST 13, 2018

The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 The issues tracked with CVE identifiers CVE-2018-14782 through CVE-2018-14785, are an Information Exposure, a Cross-site Request Forgery, a Cross-site Scripting, an Information Exposure through Directory Listing.

Wireless 46

Wireless Firmware Manufacturing Advertising 46

Security Affairs

MAY 14, 2019

. “ A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.” ” reads the advisory published by Cisco.

Firmware 86

Firmware Authentication Software Advertising 86

Security Affairs

AUGUST 14, 2018

. “In this paper, we show that reusing a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication.”

Encryption 46

Encryption Authentication Internet Internet 46

Security Affairs

JULY 20, 2018

The two vulnerabilities have been tracked as CVE-2018-10987 and CVE-2018-10988 , the former could be exploited by a remote attacker meanwhile the latter needs physical access to the device. Securi ty Affairs – Smart vacuums, hacking). vacuum cleaner as root. ” reads the report published by the experts.

Firmware 43

Firmware Surveillance Authentication Technology 43

Security Affairs

OCTOBER 20, 2018

Meaning, authentication bypasses weren’t enough. Both the vulnerabilities (dubbed CVE-2018-18472 and CVE-2018-18471) remain unpatched at the time of this publication. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . Firmware Analysis. Seagate GoFlex Home.

Firmware 61

Firmware IoT VPN Authentication 61

Security Affairs

OCTOBER 8, 2018

A Teenager Hacked a Tamper-Proof Wallet. The hack focuses on the device’s microcontrollers. The hack focuses on the device’s microcontrollers. The proxy microcontroller is reportedly so insecure it cannot differentiate between authentic firmware and that which a cybercriminal creates. About the author.

Cryptocurrency 79

Cryptocurrency Hacking Manufacturing Advertising 79

Security Boulevard

JUNE 28, 2022

IoT has helped mitigate many risks associated with fraud and has helped detect and block hacked accounts. In June 2018, Visa payment systems crashed throughout Europe , preventing millions of customers from using POS devices to pay for goods. Build a Zero Trust policy where trust can only be given when it is verified and authenticated.

Financial Services 64

Financial Services IoT Banking Retail 64

Security Affairs

JUNE 22, 2019

In September 2018, researchers observed the Hide and Seek (HNS) IoT botnet targeting Android devices with ADB option enabled. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported.”

Cryptocurrency 66

Cryptocurrency Malware Advertising Firmware 66

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2). Unique Considerations for Infusion Pump Hacking. Perhaps the most well-known research was presented in 2018 at Blackhat by Billy Rios and Johnathan Butts.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

Malwarebytes

FEBRUARY 1, 2023

As a result, 40 million credit and debit card details were stolen, and Target spent a total of $202 million to recover from the hack. A hardware supply chain attack was reportedly unveiled by Bloomberg in 2018. Make multi-factor authentication (MFA) a norm. What is a supply chain attack?

Software 72

Software Risk Backups Technology 72

ForAllSecure

OCTOBER 29, 2020

Listen to EP 08: Hacking Voting Systems. Vamosi: Bowen’s public inquiry revealed findings of multiple buffer overflows, software updates without authentication, and inadequate randomization of the ballots so that valid secrecy can be compromised -- among other vulnerabilities. Apple Podcasts. Google Podcasts. Spotify Podcasts.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

OCTOBER 29, 2020

Listen to EP 08: Hacking Voting Systems. Vamosi: Bowen’s public inquiry revealed findings of multiple buffer overflows, software updates without authentication, and inadequate randomization of the ballots so that valid secrecy can be compromised -- among other vulnerabilities. Apple Podcasts. Google Podcasts. Spotify Podcasts.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

OCTOBER 20, 2020

Listen to EP 08: Hacking Voting Systems. Vamosi: Bowen’s public inquiry revealed findings of multiple buffer overflows, software updates without authentication, and inadequate randomization of the ballots so that valid secrecy can be compromised -- among other vulnerabilities. Apple Podcasts. Google Podcasts. Spotify Podcasts.

Hacking 40

Hacking Mobile Software Technology 40

ForAllSecure

FEBRUARY 10, 2021

How do the current DMCA laws impact those who hack digital devices? In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. ” So should analyzing a device’s firmware for security flaws be considered illegal?

InfoSec 52

InfoSec Manufacturing Technology Software 52

ForAllSecure

FEBRUARY 10, 2021

How do the current DMCA laws impact those who hack digital devices? In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. ” So should analyzing a device’s firmware for security flaws be considered illegal?

InfoSec 52

InfoSec Manufacturing Technology Software 52