Architecture, Firmware, Hacking and IoT

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. SecurityAffairs – hacking, Mozi botnet). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. And how do you vet those firmware updates? Air Force Photo by Senior Airman Perry Aston).

Manufacturing

Manufacturing IoT Firmware Architecture

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. The question is, who is hacking the internet of things today, and how does one even get started? Funny thing.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. The question is, who is hacking the internet of things today, and how does one even get started? Funny thing.

IoT

IoT Hacking Internet Internet

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. The only way to recover infected devices is to manually reinstall the device’s firmware. SecurityAffairs – Silex malware, hacking). pic.twitter.com/Ue661ku0fy — Larry W.

IoT

IoT Malware Advertising Firmware

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT

IoT DDOS Malware Firmware

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the report.

DDOS

DDOS Firmware VPN Firewall

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet. . This means that currently there are three IoT devices for every one human on the planet. The Technical Challenge of IoT Security.

Internet

Internet Internet IoT Software

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

eSecurity Planet

NOVEMBER 4, 2021

The unranked list contains 12 entries that categorize data found in hardware programming, design, and architecture. CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. The most popular firmware is BIOS and UEFI.

Software

Software Firmware Computers and Electronics Risk

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Security Affairs

JUNE 18, 2019

.” The RCE flaw affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered. The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered.

Architecture

Architecture Firmware Advertising IoT

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

Gafgyt (also known as Bashlite) is a prominent malware family for *nix systems, which mainly target vulnerable IoT devices like Huawei routers, Realtek routers and ASUS devices. Gafgyt uses existing vulnerabilities in IoT devices to turn them into bots and later perform DDoS attacks on specifically targeted IP addresses.

Malware

Malware DDOS IoT Firmware

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

Alien Labs expects to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally. The Mirai botnet targets mostly routers and IoT devices, and it supports different architectures including Linux x64, different ARM versions, MIPS, PowerPC, and more. Background. Source code analysis.

Malware

Malware IoT Authentication Antivirus

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

In September 2018, researchers observed the Hide and Seek (HNS) IoT botnet targeting Android devices with ADB option enabled. In order to determine what miner to deliver, the bot collects system information, such as manufacturer, hardware details, and processor architecture. The script for a.

Cryptocurrency

Cryptocurrency Malware Advertising Firmware

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working? Vamosi: Welcome to The Hacker Mind and original podcast from ForAllSecure, it's about challenging our expectations about the people who hack for a living.

IoT

IoT DDOS Malware Internet

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 “Upon execution, the zi script downloads different architectures of Mirai bot, runs the downloaded binaries, and removes the binaries. are vulnerable to this pre-authentication command injection vulnerability. The vendor advisory is also available.

DDOS

DDOS Authentication Advertising Firmware

What is Incident Response? Ultimate Guide + Templates

eSecurity Planet

JULY 25, 2023

Once attackers have access, they may steal sensitive data, install malicious software or use the hacked machine as a launchpad for further cyber attacks on systems within the network. Architecture model: A diagram or description of the network and system architecture used to understand possible attack surfaces.

Software

Software Data breaches DDOS Ransomware

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

The Security Ledger

APRIL 11, 2019

Supply chain hacks like ME Docs and ASUS aren't inevitable. Supply chain hacks like ME Docs and ASUS aren’t inevitable. Software supply chain hacks are a growing problem. With devices that use a DICE architecture, a signed-but-malicious software updates would not be installed. Read the whole entry. »

Hacking

Hacking Architecture IoT Software

Cyber Security Roundup for March 2021

Security Boulevard

FEBRUARY 28, 2021

From IoT devices to internet-based services, the security of countless devices and web-based services' are dependant upon a secure Linux account privilege model. While these Linux operating systems remain unpatched to prevent exploitation of the CVE-2021-3156 vulnerability, there are waiting to be hacked. Npower App Hack.

Energy and Utilities

Energy and Utilities Ransomware DDOS Accountability

Cyber Security Informer

Western Digital customers have to update their My Cloud devices to latest firmware version

Overview of IoT threats in 2023

Trending Sources

Mozi Botnet is responsible for most of the IoT Traffic

March to 5G could pile on heavier security burden for IoT device manufacturers

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Silex malware bricks thousands of IoT devices in a few hours

A new Zerobot variant spreads by exploiting Apache flaws

Multiple DDoS botnets were observed targeting Zyxel devices

The Internet of Things Is Everywhere. Are You Secure?

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Mirai code re-use in Gafgyt

BotenaGo strikes again – malware source code uploaded to GitHub

Android Botnet leverages ADB ports and SSH to spread

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

Mukashi, the new Mirai variant that targets Zyxel NAS

What is Incident Response? Ultimate Guide + Templates

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

Cyber Security Roundup for March 2021

Stay Connected