Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. CVE-2018-1160 is an out-of-bounds write issue that resides in dsi_opensess.c.

Firmware 80

Firmware VPN Wireless Passwords 80

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT 57

IoT Engineering Passwords Firmware 57

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS 83

DDOS Firmware Surveillance IoT 83

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update.

Surveillance 81

Surveillance Hacking Firmware Manufacturing 81

Security Affairs

JULY 29, 2018

. “Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” The access to those IoT devices could allow attackers to gather sensitive information managed by the devices within the home and perform unauthorized activities. RCE Chain – CVE-2018-3911.

Firmware 51

Firmware IoT Advertising Wireless 51

Security Affairs

DECEMBER 29, 2018

. “During the 0DAYALLDAY Research Event a vulnerability was discovered ( CVE-2018-5560 ) in the Guardzilla Security Video System Model #: GZ521W. The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.”

Firmware 83

Firmware Surveillance IoT Passwords 83

Security Affairs

FEBRUARY 15, 2020

Now experts found 12 vulnerabilities in the BLE software development kits (SDKs) of seven SoC vendors (Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor) that could be exploited to hack into various smart devices, including devices and environmental tracking or sensing systems.

IoT 107

IoT Firmware Advertising Hacking 107

CyberSecurity Insiders

JANUARY 26, 2022

Alien Labs expects to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally. The Mirai botnet targets mostly routers and IoT devices, and it supports different architectures including Linux x64, different ARM versions, MIPS, PowerPC, and more. Background. The original source of the code is yet unknown.

Malware 81

Malware IoT Authentication Antivirus 81

Security Affairs

OCTOBER 6, 2018

Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers. The stack buffer overflow ( CVE-2018-16595 ) is a “memory corruption vulnerability that is tied to the lack of sanitization of user input. Security Affairs – Sony Bravia, hacking ).

Wireless 89

Wireless IoT Advertising Firmware 89

Security Affairs

NOVEMBER 1, 2018

Security experts from the IoT security firm Armis, the same that found the BlueBorne Bluetooth flaws, have discovered two serious vulnerabilities in BLE chips designed by Texas Instruments. The BLEEDINGBIT vulnerabilities affect several Texas Instruments chips, the CVE-2018-16986 flaw affects CC2640 and CC2650 chips running BLE-STACK 2.2.1

Firmware 79

Firmware Manufacturing IoT Mobile 79

Security Affairs

APRIL 16, 2021

Gafgyt (also known as Bashlite) is a prominent malware family for *nix systems, which mainly target vulnerable IoT devices like Huawei routers, Realtek routers and ASUS devices. Gafgyt also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads, which we will discuss further on.

Malware 119

Malware DDOS IoT Firmware 119

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 239

Scams DDOS Cryptocurrency Accountability 239

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. SecurityAffairs – hacking, QSnatch).

Malware 102

Malware Firmware Advertising Manufacturing 102

Pen Test

OCTOBER 12, 2023

It's suitable for resource-constrained RF devices, making it a popular choice for low-power IoT applications. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Hard-Coded Passwords: Some RF devices may have passwords hard-coded into their firmware, which is a significant security risk.

Encryption 52

Encryption Firmware Surveillance Technology 52

Security Affairs

JUNE 23, 2020

This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. It is quite easy for hackers to use tools specifically designed to hack printers such as PRET (Printer Exploitation Toolkit). SecurityAffairs – hacking, printers). ” continues the report. .

Internet 96

Internet Internet Firmware Advertising 96

Malwarebytes

MAY 7, 2021

This alone seems to go against the Secure by Design proposal , an already-drafted law that gives power to the Department of Culture, Media, and Sports (DCMS) to order tech makers (phone, tablet, IoT) to be transparent about when they’ll stop providing security updates to their new devices from launch. Lack of updates. A wake up call to ISPs.

Risk 134

Risk Passwords Internet Internet 134

eSecurity Planet

MARCH 1, 2023

WPA3 is the newest protocol and offers better security features such as stronger encryption, protection against dictionary attacks, and easier setting of IoT devices, but has yet to become widely used. Update your router firmware from your router’s manufacturer and install them to ensure your router is up to date and secure.

Wireless 98

Wireless Encryption Authentication IoT 98

Security Affairs

DECEMBER 25, 2018

The flaw tracked as CVE-2018-20377 is known at least since 2012 when Rick Murray described it in a blog post. . “On Friday, December 21, 2018, our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi. SecurityAffairs – Orange Livebox ADSL modems, hacking). admin/admin).

Passwords 84

Passwords Wireless Firmware Advertising 84

Security Affairs

JULY 20, 2018

“Like any other IoT device, these robot vacuum cleaners could be marshalled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners. Securi ty Affairs – Smart vacuums, hacking). “A microSD card could be used to exploit weaknesses in the vacuum’s update mechanism.

Firmware 43

Firmware Surveillance Authentication Technology 43

Security Affairs

OCTOBER 20, 2018

Both the vulnerabilities (dubbed CVE-2018-18472 and CVE-2018-18471) remain unpatched at the time of this publication. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware 59

Firmware IoT VPN Authentication 59

Responsible Cyber

APRIL 8, 2020

Small and mid-sized enterprises (SMEs) are increasingly at risk of cyber-attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco’s 2018 SMB Cybersecurity Report. IoT Opens Excessive Entry Points. The Internet of Things (IoT) is undeniably the future of technology. DDoS Attacks.

Cybersecurity 98

Cybersecurity DDOS Small Business Phishing 98

Threatpost

SEPTEMBER 17, 2018

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

Surveillance 88

Surveillance Firmware IoT Hacking 88

Security Affairs

JULY 23, 2018

The first vulnerability, tracked as CVE-2018-3937, is a command injection issue that affects the measurementBitrateExec features implemented in the IPELA E Series Network Camera. Both vulnerabilities effects Sony IPELA E series G5 firmware 1.87.00, the tech giant released an update last week to address them. Pierluigi Paganini.

Advertising 51

Advertising Firmware Hacking Surveillance 51

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. To find out how many printers were on the menu for our experiment, we searched for IP addresses with open ports on specialized IoT search engines, such as Shodan and Censys.

Hacking 143

Hacking IoT Firmware Internet 143

Threatpost

JULY 20, 2018

Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet.

Firmware 43

Firmware IoT Malware Hacking 43

Security Affairs

JUNE 22, 2019

In September 2018, researchers observed the Hide and Seek (HNS) IoT botnet targeting Android devices with ADB option enabled. By default, Android has Android Debug Bridge (ADB) option disabled, but often vendors enable it to customize the operating system, then ship the devices with the feature turned on.

Cryptocurrency 64

Cryptocurrency Malware Advertising Firmware 64

ForAllSecure

OCTOBER 5, 2021

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working? Vamosi: Welcome to The Hacker Mind and original podcast from ForAllSecure, it's about challenging our expectations about the people who hack for a living.

IoT 52

IoT DDOS Malware Internet 52

The Security Ledger

AUGUST 16, 2019

Sarah Zatko of the Cyber Independent Testing Lab joins us to talk about CITL's big new study of firmware security. » Related Stories Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson Episode 156: Looming over Black Hat: doing Security at Massive Scale Huge Survey of Firmware Finds No Security Gains in 15 Years.

Firmware 40

Firmware Software Internet Internet 40

Security Affairs

FEBRUARY 23, 2019

The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware 86

Ransomware DNS Firmware Encryption 86

Security Affairs

MARCH 7, 2019

” In April 2018, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. In December 2018 the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running. .”

Cyber Attacks 81

Cyber Attacks Advertising Firmware Data collection 81

SecureList

FEBRUARY 16, 2021

After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests. Dear players, The PUBG MOBILE team are currently actively working to resolve the DDoS attacks against our systems and the new hacking issues. For information, please check out here: [link].

DDOS 134

DDOS Cryptocurrency Marketing Internet 134

ForAllSecure

FEBRUARY 10, 2021

How do the current DMCA laws impact those who hack digital devices? In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. ” So should analyzing a device’s firmware for security flaws be considered illegal?

InfoSec 52

InfoSec Manufacturing Technology Software 52

ForAllSecure

FEBRUARY 10, 2021

How do the current DMCA laws impact those who hack digital devices? In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. ” So should analyzing a device’s firmware for security flaws be considered illegal?

InfoSec 52

InfoSec Manufacturing Technology Software 52