Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, The vulnerabilities were disclosed during the Hardwear.io

Firmware 94

Firmware Penetration Testing Manufacturing Authentication 94

Security Affairs

MARCH 29, 2023

The first campaign was spotted in November 2022, the exploit chains discovered by TAG researchers were affecting Android and iOS and were delivered via bit.ly The initial landing page was observed hosting the exploits for a WebKit remote code execution zero-day ( CVE-2022-42856 ) and a sandbox escape ( CVE-2021-30900 ) issue.

Spyware 92

Spyware Surveillance Firmware Internet 92

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. To nominate, please visit:?

Ransomware 102

Ransomware Internet Internet Firmware 102

Security Affairs

APRIL 13, 2022

An attacker can hijack the robots to crash them into people and objects, use them to harass patients and staff, for surveillance purposes, to interfere with the delivery of critical patient medication, access patient medical records in violation of HIPAA, and more.

Mobile 136

Mobile Hacking Firmware Surveillance 136

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 94

Data breaches DDOS Artificial Intelligence Ransomware 94

SecureList

APRIL 27, 2022

This is our latest installment, focusing on activities that we observed during Q1 2022. In late February 2022, we identified two archives submitted from network addresses in Ukraine to an online multi-scanner service. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology.

Malware 137

Malware Firmware Government Phishing 137

SecureList

JUNE 20, 2023

In this blog post, we’ll discuss the results of a vulnerability research study focused on a popular model of smart pet feeder. The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process.

Firmware 95

Firmware Passwords Manufacturing Mobile 95