Security Affairs

MARCH 9, 2022

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. SecurityAffairs – hacking, IoT).

Firmware 89

Firmware IoT Authentication Backups 89

Security Boulevard

JUNE 28, 2022

IoT and Machine Identity Management in Financial Services. Tue, 06/28/2022 - 17:39. How is IoT changing the financial sector? IoT has already positively impacted the financial sector and will only continue to in the future. IoT has also transformed the financial services sector in a variety of ways: Real-time data.

Financial Services 64

Financial Services IoT Banking Retail 64

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware 106

Firmware Wireless DDOS IoT 106

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 78

Firmware VPN Wireless Passwords 78

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system.

IoT 112

IoT DDOS Malware Firmware 112

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile 124

Mobile Hacking Firmware Surveillance 124

Security Affairs

JANUARY 30, 2023

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.

Firmware 96

Firmware Hacking Internet Internet 96

Security Affairs

APRIL 2, 2022

Between February and March 2022, researchers from the FortiGuard Labs team observed Beastmode operators adding five new exploits in a few weeks, with three targeting some TOTOLINK routers. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices. SecurityAffairs – hacking, Beastmode botnet).

DDOS 81

DDOS Firmware Surveillance IoT 81

Security Affairs

AUGUST 18, 2022

The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek’s RTL819x system on a chip was released online. ” reads the advisory published by Realtek, which published the issue in March 2022. SecurityAffairs – hacking, Realtek).

Firmware 145

Firmware IoT Hacking Authentication 145

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. Number of router vulnerabilities according to cve.mitre.org, 2010–2022 ( download ). Number of router vulnerabilities according to nvd.nist.gov, 2010–2022 ( download ). search results for “default password” in April 2022.

DDOS 94

DDOS Passwords IoT Firmware 94

Security Affairs

MARCH 31, 2022

The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022. “This can be done by setting up a dedicated SSID exclusively for IoT devices, or by moving them to the guest network if the router does not support the creation of additional SSIDs.”

IoT 70

IoT Firmware Marketing Authentication 70

Security Affairs

MARCH 3, 2023

Both vulnerabilities were reported in November 2022 by cybersecurity firm Quarkslab. In some cases, the attacker can also overwrite protected data in the TPM firmware. ” Quarkslab researchers pointed out that the vulnerabilities could potentially affect billions of devices, including IoT devices, servers, and embedded systems.

Firmware 96

Firmware IoT Authentication Hacking 96

SecureList

NOVEMBER 14, 2022

But first, let’s examine how they fared with the predictions for 2022. What we predicted in 2022. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors. Mobile devices exposed to wide attacks. Source: Meta.

Firmware 110

Firmware Surveillance Mobile Telecommunications 110

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology also warns customers of other three flaws, tracked as CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 that could allow remote attackers to run arbitrary code on affected devices. SecurityAffairs – hacking, Synology). Critical Upgrade to 7.1-42661-1 42661-1 or above.

Firmware 79

Firmware Hacking Cybersecurity Internet 79

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. “At its peak on January 26th, 2022, Censys observed 4,988 Deadbolt-infected services out of the 130,000 QNAP devices currently on the internet. Pierluigi Paganini.

Ransomware 94

Ransomware Firmware Internet Internet 94

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 252

Scams DDOS Cryptocurrency Accountability 252

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware 211

Malware VPN Internet Internet 211

Security Affairs

OCTOBER 22, 2022

The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. SecurityAffairs – hacking, Daixin Team). Pierluigi Paganini.

Ransomware 65

Ransomware VPN Cybercrime Accountability 65

ForAllSecure

APRIL 26, 2022

Like any other criminal hack. It’s about challenging our expectations about the people who hack for a living. A village is like a mini conference within a larger conference and it is not just at DEF CON, ICS village is also at RSAC, Hack the Capital, AvergerCon, BSides, and many more. The hack was on that pipeline.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52

eSecurity Planet

NOVEMBER 6, 2023

CVE-2022-4886 (Path Sanitization Bypass): This 8.8-level also adds Supplemental and Environmental safety measurements and values relevant to operational technology (OT), industrial control systems (ICS), and Internet of Things (IoT) contexts. See the Best Container & Kubernetes Security Solutions & Tools Oct.

Software 110

Software Education Ransomware Firmware 110

SecureList

MARCH 14, 2022

On March 10, 2022 Kaspersky’s Global Research and Analysis Team (GReAT) shared their insights into the current (and past) cyberattacks in Ukraine. We advise organizations to: Take typical measures against DDoS attacks, ransomware and destructive malware, phishing, targeted attacks, supply-chain attacks and firmware attacks.

DDOS 89

DDOS Firmware Internet Internet 89