eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. IoT market growth. IoT Security Neglected.

Wireless 109

Wireless IoT Manufacturing Mobile 109

Security Boulevard

MAY 30, 2022

Why Healthcare IoT Requires Strong Machine Identity Management. The healthcare industry has been leveraging IoT devices for years, steadily increasing its use in facilities and patient care. By 2027, the IoT in Healthcare market is expected to reach $290 billion , up from just $60 billion in 2019. brooke.crothers.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Critical Success Factors to Widespread Deployment of IoT. Digital technology and connected IoT devices have proliferated across industries and into our daily lives. Finally, IoT devices are being used extensively in smart vehicles and home appliances to provide enhanced user experiences. Threat vectors on IoT.

IoT 96

IoT Manufacturing Energy and Utilities Data collection 96

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT 135

IoT Cybersecurity Manufacturing Internet 135

Security Affairs

APRIL 26, 2019

Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. The iLnkP2P system allows users to remotely connect to their IoT devices using a mobile phone or a PC. Potentially affected IoT devices include cameras and smart doorbells. Pierluigi Paganini.

IoT 90

IoT Hacking Manufacturing Advertising 90

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012.

IoT 114

IoT DDOS Authentication Firmware 114

Security Boulevard

JUNE 28, 2022

IoT and Machine Identity Management in Financial Services. How is IoT changing the financial sector? IoT has already positively impacted the financial sector and will only continue to in the future. The most notable and well-documented example of investment in the IoT infrastructure has been by retail banks.

Financial Services 64

Financial Services IoT Banking Retail 64

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance 100

Surveillance Hacking Firmware Manufacturing 100

Security Affairs

MARCH 9, 2022

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. SecurityAffairs – hacking, IoT).

Firmware 98

Firmware IoT Authentication Backups 98

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector. Pierluigi Paganini.

IoT 122

IoT Firmware Internet Internet 122

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 135

Firmware Authentication Hacking Software 135

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT 67

IoT Engineering Passwords Firmware 67

Security Affairs

DECEMBER 15, 2020

Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. SecurityAffairs – hacking, Medtronic). The flaw could be exploited by an attacker to remotely execute code taking over the device.

Firmware 109

Firmware Authentication Mobile IoT 109

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022.

IoT 85

IoT Firmware Marketing Authentication 85

SiteLock

AUGUST 27, 2021

The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices. Was an 11-year old really able to hack election results? Does your financial institution respect your 2-factor authentication?

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

Security Affairs

SEPTEMBER 2, 2021

. “we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” SecurityAffairs – hacking, BrakTooth). ” continue the researchers.

Firmware 99

Firmware Manufacturing IoT Technology 99

Malwarebytes

APRIL 13, 2022

On April 9, hacking group BlueHornet tweeted about an experimental exploit for NGINX 1.18 Specifically, the NGINX LDAP reference implementation which uses LDAP to authenticate users of applications being proxied by NGINX. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server.

Authentication 105

Authentication IoT Password Management Firmware 105

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 118

Firmware Wireless Passwords Internet 118

Security Affairs

MARCH 3, 2023

“An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing access to sensitive data. In some cases, the attacker can also overwrite protected data in the TPM firmware. Both vulnerabilities were reported in November 2022 by cybersecurity firm Quarkslab. ” states Quarkslab.

Firmware 98

Firmware IoT Authentication Hacking 98

Security Boulevard

MARCH 18, 2021

The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet. . This means that currently there are three IoT devices for every one human on the planet. The Technical Challenge of IoT Security.

Internet 137

Internet Internet IoT Software 137

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 SecurityAffairs – hacking, QNAP NAS). ” reads the report published by 360 Netlab. .

Firmware 129

Firmware Advertising Malware Internet 129

eSecurity Planet

NOVEMBER 4, 2021

CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. It’s called hardware pen-testing , and it usually targets IoT devices such as desktop computers, tablets, smartphones, fax machines, printers, and many other electronics.

Software 117

Software Firmware Computers and Electronics Risk 117

Security Boulevard

JANUARY 17, 2024

The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication). These discussions have been driven by the SEC’s X (formerly known as Twitter) account being hacked in order to goose the price of Bitcoin.

Authentication 69

Authentication Accountability Hacking Firmware 69

Security Affairs

JULY 1, 2020

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). SecurityAffairs – hacking, Netgear).

Authentication 138

Authentication Firmware Hacking Mobile 138

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking 48

Hacking Firmware Advertising DDOS 48

Security Affairs

JUNE 3, 2021

Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications. SecurityAffairs – hacking, Realtek RTL8170C Wi-Fi module). ” reads a reported published by Vdoo. Pierluigi Paganini.

Wireless 98

Wireless IoT Encryption Firmware 98

Security Affairs

AUGUST 18, 2022

.” Millions of devices, including routers and access points, are exposed to hacking. A remote attacker can exploit the flaw to execute arbitrary code without authentication by sending to the vulnerable devices specially crafted SIP packets with malicious SDP data. . SecurityAffairs – hacking, Realtek).

Firmware 145

Firmware IoT Hacking Authentication 145

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. Moreover, most of these routers had the name HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD, indicating they had already been compromised. Attacks by this malware as a percentage of all attacks on Kaspersky IoT honeypots in 2021. Verdict. %*.

DDOS 89

DDOS Passwords IoT Firmware 89

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor.

Firmware 113

Firmware Passwords Authentication Wireless 113

eSecurity Planet

MARCH 1, 2023

To prevent unwanted access and protect data in transit, wireless connections must be secured with strong authentication procedures, encryption protocols, access control rules, intrusion detection and prevention systems, and other security measures. As a result, wireless networks are prone to eavesdropping, illegal access and theft.

Wireless 98

Wireless Encryption Authentication IoT 98

eSecurity Planet

MARCH 3, 2023

The protocol protects your incoming and outgoing internet traffic and makes it difficult for cyber criminals to intercept your data or hack your device. If this option is not available, you may need to upgrade the router firmware. PMF ensures that these devices are authenticated and encrypted even if they don’t support WPA3.

Wireless 97

Wireless Encryption Passwords IoT 97

Pen Test

OCTOBER 12, 2023

Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. It's suitable for resource-constrained RF devices, making it a popular choice for low-power IoT applications. Keeping firmware up to date is essential for security.

Encryption 52

Encryption Firmware Surveillance Technology 52

CyberSecurity Insiders

JANUARY 26, 2022

Alien Labs expects to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally. The Mirai botnet targets mostly routers and IoT devices, and it supports different architectures including Linux x64, different ARM versions, MIPS, PowerPC, and more. Background. The original source of the code is yet unknown.

Malware 81

Malware IoT Authentication Antivirus 81

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. “Just like the regular dnschanger , this campaign attempts to guess the password on the router’s web authentication page or bypass the authentication through the dnscfg. Pierluigi Paganini.

DNS 85

DNS Malware Firmware Phishing 85

Security Affairs

JULY 29, 2018

. “Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” The access to those IoT devices could allow attackers to gather sensitive information managed by the devices within the home and perform unauthorized activities. RCE Chain – CVE-2018-3911.

Firmware 60

Firmware IoT Advertising Wireless 60

Security Affairs

FEBRUARY 5, 2020

HiSilicon is the largest domestic designer of integrated circuits in China, its chips are used by millions of IoT devices worldwide, including security cameras, DVRs, and NVRs. SecurityAffairs – HiSilicon chips, hacking). The p resence of backdoor mechanisms in the HiSilicon chips was already documented by other experts in the past.

Firmware 92

Firmware Encryption Advertising Passwords 92

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. SecurityAffairs – hacking, QSnatch).

Malware 113

Malware Firmware Advertising Manufacturing 113