2023, Firmware, Information Security and IoT

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Security Affairs

JANUARY 15, 2024

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. The vulnerability was reported to the vendor in August 2023 and was addressed by the vendor in November 2023.

Firmware

Firmware IoT Hacking Information Security

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The experts reported the two vulnerabilities to the respective vendors, but they plan to release the fixes in December 2023. and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware

Firmware Wireless DDOS IoT

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS

DDOS Firmware VPN Firewall

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. ” reads the advisory published by the security firm. “NETGEAR is aware of multiple security vulnerabilities on the RAX30. . for the RAX30 router family.

Hacking

Hacking Firmware Authentication DNS

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware

Firmware VPN Wireless Passwords

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. Access to 112 Emergency Service. YouTube Video 1 , YouTube Video 2 ).

Malware

Malware Firmware IoT Hacking

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Security Affairs

MARCH 3, 2023

In some cases, the attacker can also overwrite protected data in the TPM firmware. ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. .” ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. This may lead to a crash or arbitrary code execution within the TPM.”

Firmware

Firmware IoT Authentication Hacking

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.

Scams

Scams DDOS Cryptocurrency Accountability

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Approval Date: 5/12/2023 Description: Initial Policy Drafted [This section can also be made into a Policy Version History with a table of previous versions and approvals.] Broader is always better to control risks, but can be more costly.] Vulnerability Management Policy & Procedure A. Policy Version Version 1.0 Appendix I.

Penetration Testing

Penetration Testing Risk Firmware Software

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. Chalubo (ChaCha-Lua-bot) is a Linux malware that was first spotted in late August 2018 by Sophos Labs while targeting IoT devices. The attack only impacted a single ASN.

Malware

Malware Internet Internet Firmware

Cyber Security Informer

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Trending Sources

Multiple DDoS botnets were observed targeting Zyxel devices

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

ASUS addressed critical flaws in some router models

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Interview With a Crypto Scam Investment Spammer

Vulnerability Management Policy Template

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

Stay Connected