2018, Firmware, Hacking and Passwords - Cyber Security Informer

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. CVE-2018-1160 is an out-of-bounds write issue that resides in dsi_opensess.c.

Firmware

Firmware VPN Wireless Passwords

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Example of available open printers on a single IoT search engine (Shodan.io): As we can see, many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. Change the default password.

Hacking

Hacking IoT Firmware Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

It had the username and password for the system printed on the machine. That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software. A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019.

Firmware

Firmware Manufacturing Passwords Software

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. the malware operators have removed CVE-2018-12613, a phpMyAdmin vulnerability that could allow threat actors to view or execute files.

IoT

IoT DDOS Malware Firmware

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance

Surveillance Hacking Firmware Manufacturing

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

found: * Weak default passwords. These passwords can be easily guessed by hackers, are common across devices and could grant someone access. Firmware updates aren’t only important for performance, they’re also needed to fix security issues when they arise. Below are the old router vulnerabilities Which? Lack of updates.

Risk

Risk Passwords Internet Internet

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

DECEMBER 25, 2018

Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. The flaw tracked as CVE-2018-20377 is known at least since 2012 when Rick Murray described it in a blog post. . SecurityAffairs – Orange Livebox ADSL modems, hacking). admin/admin).

Passwords

Passwords Wireless Firmware Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. Pierluigi Paganini.

Malware

Malware Firmware Advertising Manufacturing

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

. “During the 0DAYALLDAY Research Event a vulnerability was discovered ( CVE-2018-5560 ) in the Guardzilla Security Video System Model #: GZ521W. The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.”

Firmware

Firmware Surveillance IoT Passwords

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. Regularly back up data, air gap, and password protect backup copies offline. . Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. •

Passwords

Passwords Government Firmware Accountability

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The sample spreads via Telnet with weak passwords and some known exploits (see the list below). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices. Strong, complex passwords are essential to prevent unauthorized access.

Encryption

Encryption Firmware Surveillance Technology

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT

IoT Hacking Internet Internet

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Security Affairs

NOVEMBER 1, 2018

The BLEEDINGBIT vulnerabilities affect several Texas Instruments chips, the CVE-2018-16986 flaw affects CC2640 and CC2650 chips running BLE-STACK 2.2.1 “The security vulnerability for CVE-2018-16986 is present in these TI chips when scanning is used (e.g. to address the CVE-2018-16986 flaw. or earlier.

Firmware

Firmware Manufacturing IoT Mobile

ICS-CERT warns of critical flaws in NetComm industrial routers

Security Affairs

AUGUST 13, 2018

The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 The issues tracked with CVE identifiers CVE-2018-14782 through CVE-2018-14785, are an Information Exposure, a Cross-site Request Forgery, a Cross-site Scripting, an Information Exposure through Directory Listing.

Wireless

Wireless Firmware Manufacturing Advertising

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

A-Link WL54AP3 / WL54AP2 (CVE-2008-6823) D-Link DSL-2740R D-Link DIR 905L Medialink MWN-WAPR300 (CVE-2015-5996) Motorola SBG6580 Realtron Roteador GWR-120 Secutech RiS-11/RiS-22/RiS-33 (CVE-2018-10080) TP-Link TL-WR340G / TL-WR340GD TP-Link WR1043ND V1 (CVE-2013-2645). Security Affairs – Novidade exploit kit, hacking).

DNS

DNS Advertising Firmware Banking

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

The two vulnerabilities have been tracked as CVE-2018-10987 and CVE-2018-10988 , the former could be exploited by a remote attacker meanwhile the latter needs physical access to the device. Securi ty Affairs – Smart vacuums, hacking). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Surveillance Authentication Technology

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

In March 2018, security researchers at Antivirus firm Dr. Web discovered that 42 models of low-cost Android smartphones are shipped with the Android.Triada.231 ” The Guerrilla malware has a modular structure, each plugin was designed to support a specific feature, including: SMS Plugin : Intercepts one-time passwords sent via SMS.

Mobile

Mobile Advertising Malware Cybercrime

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

For example, Wi-Fi protected access (WPA) requires users to provide a password or passphrase to gain access to the network. Announced in 2018 by the Wi-Fi Alliance, WPA3 simplifies the process of configuring devices with little to no display interface — such as IoT devices— by introducing Wi-Fi Easy Connect.

Wireless

Wireless Encryption Authentication IoT

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

Both the vulnerabilities (dubbed CVE-2018-18472 and CVE-2018-18471) remain unpatched at the time of this publication. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware

Firmware IoT VPN Authentication

Top 9 Cybersecurity Challenges SMEs Currently Face

Responsible Cyber

APRIL 8, 2020

Small and mid-sized enterprises (SMEs) are increasingly at risk of cyber-attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco’s 2018 SMB Cybersecurity Report. Hold training sessions to help employees manage passwords and identify phishing attempts. Lack of Cybersecurity Knowledge. DDoS Attacks.

Cybersecurity

Cybersecurity DDOS Small Business Phishing

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

Unique Considerations for Infusion Pump Hacking. Perhaps the most well-known research was presented in 2018 at Blackhat by Billy Rios and Johnathan Butts. Lastly, the pump runs its own custom Real Time Operating System (RTOS) and firmware on a M32C microcontroller. Initial Access. Privilege Escalation. Crossing Systems.

Computers and Electronics

Computers and Electronics Authentication Software Risk

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 29, 2020

Listen to EP 08: Hacking Voting Systems. They invited us and other members of the public to try to hack it. There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? It's about challenging our expectations about the people who hack for a living.

Hacking

Hacking Mobile Software Technology

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 29, 2020

Listen to EP 08: Hacking Voting Systems. They invited us and other members of the public to try to hack it. There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? It's about challenging our expectations about the people who hack for a living.

Hacking

Hacking Mobile Software Technology

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 20, 2020

Listen to EP 08: Hacking Voting Systems. They invited us and other members of the public to try to hack it. There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? It's about challenging our expectations about the people who hack for a living.

Hacking

Hacking Mobile Software Technology

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

Vamosi: Welcome to The Hacker Mind and original podcast from ForAllSecure, it's about challenging our expectations about the people who hack for a living. And in September of 2018. Vamosi: The devices themselves are becoming less and less expensive, Yay, but would you rather upgrade the firmware on a toothbrush, probably not.

IoT

IoT DDOS Malware Internet

Cyber Security Informer

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

ASUS addressed critical flaws in some router models

Webinars

Trending Sources

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Webinars

Sounding the Alarm on Emergency Alert System Flaws

A new Zerobot variant spreads by exploiting Apache flaws

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Millions put at risk by old, out of date routers

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

QSnatch malware infected over 62,000 QNAP NAS Devices

Guardzilla Security Video System Footage exposed online

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Mozi Botnet is responsible for most of the IoT Traffic

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

ICS-CERT warns of critical flaws in NetComm industrial routers

Novidade, a new Exploit Kit is targeting SOHO Routers

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Top 9 Cybersecurity Challenges SMEs Currently Face

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

The Hacker Mind Podcast: Hacking Voting Systems

The Hacker Mind Podcast: Hacking Voting Systems

The Hacker Mind Podcast: Hacking Voting Systems

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

Stay Connected