Authentication, Firmware, Hacking and Manufacturing

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Wincor is currently owned by ATM manufacturer giant Diebold Nixdorf. ” reads the post published by Positive Techologies. Both issues received a CVSSv3.0 score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Please contact your device manufacturer for more information on the patch status about specific devices.” WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. .” WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. ” reads the advisory.

Firmware

Firmware Surveillance Authentication Manufacturing

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 The reign of a Chinese brand.

Surveillance

Surveillance Manufacturing Passwords Internet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication

Authentication Firmware Hacking Passwords

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. The experts focused on Carrier’s LenelS2 access control panels, manufactured by HID Mercury. CVE-2022-31486 Authenticated command injection <=1.291 (no patch) Base 8.8, ” reads the post published by Trellix.

Firmware

Firmware Penetration Testing Manufacturing Authentication

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. SecurityAffairs – hacking, ABB Totalflow). Pierluigi Paganini.

Firmware

Firmware Authentication Passwords Manufacturing

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Update the firmware on CompactRIO controllers to v8.5 Updating the firmware patches the Safe Mode where defaults are loaded.

Firmware

Firmware Manufacturing Software Authentication

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance.

Firewall

Firewall VPN Firmware Internet

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” SecurityAffairs – hacking, BrakTooth). ” continue the researchers.

Firmware

Firmware Manufacturing IoT Technology

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet.

IoT

IoT Firmware Internet Internet

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Roughly 50% of vulnerable devices is manufactured by Chinese company Hichip. Upon connecting, most clients will immediately attempt to authenticate as an administrative user in plaintext , allowing an attacker to obtain the credentials to the device.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Hacking Manufacturing Advertising

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally.

Data breaches

Data breaches Ransomware Firmware Manufacturing

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs

JULY 10, 2019

The experts at the healthcare cybersecurity firm CyberMDX have found some flaws in the firmware of the anesthesia machines, the issues could expose patients to serious risks. ” Experts pointed out that the devices lack authentication allowing anyone of the same network to execute commands supported by the machines. .

Hacking

Hacking Healthcare Advertising Firmware

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. EU Amendment Applies to Many Devices.

Wireless

Wireless IoT Manufacturing Mobile

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. .”

Malware

Malware Firmware Advertising Manufacturing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Upgrade to the latest firmware version. .” reads the joint report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Mirai, Jeep Hack, etc.) There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

.” The Chinese researchers who discovered the vulnerabilities pointed out that CODESYS V2 Runtime is used by many manufacturers, and most of these manufacturers still use outdated versions. The vulnerabilities affect a large number of manufacturers using a version of CODESYS V2 Runtime older than V2.4.7.57.

Software

Software Manufacturing Firmware Risk

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Boulevard

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. SecurityAffairs – hacking, ABB Totalflow). Pierluigi Paganini.

Firmware

Firmware Authentication Passwords Manufacturing

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Keeping firmware up to date is essential for security.

Encryption

Encryption Firmware Surveillance Technology

Critical unfixed flaws affect ABB Safety PLC Gateways

Security Affairs

DECEMBER 18, 2018

Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB. Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life.

Firmware

Firmware Advertising Manufacturing Authentication

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada. SecurityAffairs – hacking, Zeppelin ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Encryption Firmware Backups

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

Why Healthcare IoT Requires Strong Machine Identity Management

Security Boulevard

MAY 30, 2022

Due to the nature of these devices, the lack of security is often the result of weak design by the device manufacturer. Another alert by CISA has warned about critical vulnerabilities in Siemens software that could potentially impact millions of medical devices from multiple manufacturers. Hackable pacemakers.

Healthcare

Healthcare IoT Manufacturing Risk

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. “Just like the regular dnschanger , this campaign attempts to guess the password on the router’s web authentication page or bypass the authentication through the dnscfg.

DNS

DNS Malware Firmware Phishing

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Install updates/patch operating systems, software, and firmware as soon as they are released. Use multifactor authentication with strong pass phrases where possible. Pierluigi Paganini.

Ransomware

Ransomware Passwords Backups Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Use multifactor authentication where possible.

Ransomware

Ransomware DDOS Passwords Backups

The Hacker Mind Podcast: Hacking Teslas

ForAllSecure

JUNE 8, 2022

Even so, the car manufacturers carved out large groups of codes. Since then, car manufacturers have improved on this. It's about challenging our expectations about the people who hack for a living. It wasn't very robust. It was a mere 40 bit key length. And they further linked him to some 150 other car thefts in the area.

Hacking

Hacking Manufacturing Encryption Wireless

Router security in 2021

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. At the time of writing, of the 87 critical vulnerabilities published in 2021, more than a quarter (29.9%) remain unpatched and unreported by the vendor: Router manufacturers’ response to vulnerabilities found in their products in 2021 ( download ).

DDOS

DDOS Passwords IoT Firmware

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

To prevent unwanted access and protect data in transit, wireless connections must be secured with strong authentication procedures, encryption protocols, access control rules, intrusion detection and prevention systems, and other security measures. As a result, wireless networks are prone to eavesdropping, illegal access and theft.

Wireless

Wireless Encryption Authentication IoT

ICS-CERT warns of critical flaws in NetComm industrial routers

Security Affairs

AUGUST 13, 2018

Security researcher has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless. Sood has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless that can be exploited remotely to take control of affected devices.

Wireless

Wireless Firmware Manufacturing Advertising

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

level vulnerability involves a lack of validation, which allows attackers to steal Kubernetes API credentials from the ingress controller, compromise the authentication process by modifying settings, and gain access to internal files including service account tokens. CVE-2022-4886 (Path Sanitization Bypass): This 8.8-level

Software

Software Education Firmware Ransomware

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Use multifactor authentication where possible. Pierluigi Paganini.

Ransomware

Ransomware Encryption Passwords Malware

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

MARCH 3, 2023

The protocol protects your incoming and outgoing internet traffic and makes it difficult for cyber criminals to intercept your data or hack your device. The exact method for doing this may vary depending on your router manufacturer. If this option is not available, you may need to upgrade the router firmware.

Wireless

Wireless Encryption Passwords IoT

How Secure Are Bitcoin Wallets, Really?

Security Affairs

OCTOBER 8, 2018

His tale of woe proves a hacker couldn’t contact a Bitcoin wallet manufacturer, masquerade as a wallet owner and get the goods for access. A Teenager Hacked a Tamper-Proof Wallet. The hack focuses on the device’s microcontrollers. But, hacks carried out by malicious players never seem to follow such parameters.

Cryptocurrency

Cryptocurrency Hacking Manufacturing Advertising

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Nobody told them that their coffee machine could be hacked into or that their camera could be used to launch a DDoS attack. The Flaws in Manufacturing Process. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. SecurityAffairs – hacking, IoT). IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Webinars

Trending Sources

An RCE in Annke video surveillance product allows hacking the device

Webinars

Chipmaker Qualcomm warns of three actively exploited zero-days

3.5m IP cameras exposed, with US in the lead

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

HID Mercury Access Controller flaws could allow to unlock Doors

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

NI CompactRIO controller flaw could allow disrupting production

IoT Unravelled Part 3: Security

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Realtek SDK flaws exploited to deliver Mirai bot variant

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Ranzy Locker ransomware hit tens of US companies in 2021

Money Message gang leaked private code signing keys from MSI data breach

Severe vulnerabilities allow hacking older GE anesthesia machines

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

EU to Force IoT, Wireless Device Makers to Improve Security

QSnatch malware infected over 62,000 QNAP NAS Devices

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Critical Success Factors to Widespread Deployment of IoT

Two critical flaws affect CODESYS ICS Automation Software

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Critical unfixed flaws affect ABB Safety PLC Gateways

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Why Healthcare IoT Requires Strong Machine Identity Management

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

FBI warns of ransomware attacks targeting the food and agriculture sector

Avoslocker ransomware gang targets US critical infrastructure

The Hacker Mind Podcast: Hacking Teslas

Router security in 2021

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

ICS-CERT warns of critical flaws in NetComm industrial routers

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

FBI published a flash alert on Mamba Ransomware attacks

How to Configure a Router to Use WPA2 in 7 Easy Steps

How Secure Are Bitcoin Wallets, Really?

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Stay Connected