Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. “Prima Systems FlexAir, Versions 2.3.38

Backups 55

Backups Authentication Advertising Firmware 55

CyberSecurity Insiders

JANUARY 26, 2022

Maintain minimal exposure to the Internet on Linux servers and IoT devices and use a properly configured firewall. Install security and firmware upgrades from vendors, as soon as possible. 2027881: ET EXPLOIT NETGEAR R7000/R6400 – Command Injection Inbound (CVE-2019-6277). Recommended actions. Conclusion.

Malware 81

Malware IoT Authentication Antivirus 81

Security Affairs

MARCH 29, 2019

It's been over 90 days since I reported it and @TPLINK never responded, so: arbitrary command execution on the TP-Link SR20 smart hub and router (and possibly other TP-Link device) — Matthew Garrett (@mjg59) March 28, 2019. While TDDP listens on all interfaces, the default firewall implemented in the routers prevents network access.

Advertising 71

Advertising Firmware Firewall Authentication 71

SecureList

JULY 19, 2023

The connection to the remote SMB server sends the user’s Net-NTLMv2 hash in a negotiation message, which the threat actor can use to either: Relay for authentication against other systems that support NTLMv2 authentication. only traces of connections to the WebUI could be stored in the firewall logs.

Firmware 88

Firmware Internet Internet Government 88

eSecurity Planet

FEBRUARY 16, 2021

Experts say the best defense is a multi-pronged network security strategy that includes a firewall, anti-malware software, network monitoring, intrusion detection and prevention (IDPS), and data protection. This exposed data includes everything from emails and documents typed to passwords entered for authentication purposes.

Malware 104

Malware Adware Spyware Antivirus 104

Security Boulevard

MARCH 18, 2021

In 2019 alone, attacks on IoT devices increased by 300%. Network security is a challenge because the proliferation of devices each with their own IP address means you can’t slap up a perimeter firewall to block all suspicious or unknown web traffic. With the increase in connected devices comes an increase in IoT attacks.

Internet 137

Internet Internet IoT Software 137

eSecurity Planet

MAY 28, 2021

The truth is that solutions like single sign-on (SSO) and multi-factor authentication (MFA) can spell disaster if initial access is all a malicious actor needs to traverse the network’s resources. From BIOS and firmware to UEFI code, VBOS is an attack vector that requires more attention. Current Target: VBOS.

Software 116

Software Firmware DNS VPN 116

eSecurity Planet

DECEMBER 7, 2023

New applications no longer use TDES, but TDES-encrypted data can be found in legacy environments and Microsoft only retired 3DES from use within Office 365 in 2019. The RSA algorithm remains the most popular public key cryptographic system today and introduced the concept of digital signatures for authentication outside of academia.

Encryption 107

Encryption Authentication Passwords Password Management 107