Authentication, Firmware and Manufacturing

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication

Authentication Firmware VPN Manufacturing

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

Machine Identities are Essential for Securing Smart Manufacturing. The Industrial Internet of Things (IIoT) puts networked sensors and intelligent devices directly on the manufacturing floor to collect data, drive artificial intelligence and do predictive analytics. Benefits of IIoT in the manufacturing sector. brooke.crothers.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

Zyxel addressed three RCEs in end-of-life NAS devices

Security Affairs

JUNE 5, 2024

The Outpost24 researcher Timothy Hjort reported the flaw to the manufacturer and published a detailed analysis and PoC exploit codes for the flaws. The vulnerabilities affect NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0 13)C0 and older.

Firmware

Firmware Authentication Manufacturing Hacking

TPM-Fail Attacks Against Cryptographic Coprocessors

Schneier on Security

NOVEMBER 15, 2019

In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at CommonCriteria (CC) EAL 4+, after fewer than 40,000 observations. Intel has a firmware update.

Firmware

Firmware Authentication Manufacturing

To Make the Internet of Things Safe, Start with Manufacturing

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

As an increasing number of connected devices are deployed within IoT ecosystems, enterprises need to identify and authenticate them. Typically, when they are manufactured, IoT devices receive their initial identity in the form of a “digital birth certificate.” We all know that software and firmware updates are an everyday occurrence.

Manufacturing

Manufacturing Internet Internet IoT

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication

Authentication Risk Mobile Computers and Electronics

Firmware Fuzzing 101

ForAllSecure

DECEMBER 16, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware

Firmware Architecture Engineering Authentication

Firmware Fuzzing 101

ForAllSecure

DECEMBER 15, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware

Firmware Architecture Engineering Authentication

Criminal group busted after stealing hundreds of keyless cars

Malwarebytes

OCTOBER 18, 2022

Europol said the gang focused on cars from two unnamed French car manufacturers, which probably means the developers found a vulnerability in the car’s firmware that allowed them to replace the original software. Vulnerabilities in the keyless entry systems have been found in the firmware of other car manufactures.

Firmware

Firmware Manufacturing Software Authentication

Securing the IoT at Scale: How PKI Can Help

Security Boulevard

MAY 27, 2022

Manufacturers need a scalable solution to address concerns like authentication, data encryption, and the integrity of firmware on connected devices. Security in IoT devices has lagged behind their production. The post Securing the IoT at Scale: How PKI Can Help appeared first on Keyfactor.

IoT

IoT Firmware Manufacturing Encryption

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Please contact your device manufacturer for more information on the patch status about specific devices.” WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. .” WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. ” reads the advisory.

Firmware

Firmware Surveillance Authentication Manufacturing

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication

Authentication Risk Mobile Computers and Electronics

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

After looking at 28 of the most popular manufacturers, our research team found 3.5 While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. Surge in internet-facing cameras. The reign of a Chinese brand.

Surveillance

Surveillance Manufacturing Passwords Internet

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

In response, manufacturers are intensifying their cybersecurity efforts, incorporating advanced CI/CD workflows to safeguard medical devices from escalating attacks. New security solutions are now aiding healthcare organizations' IT teams in promptly resolving issues, even with devices from various manufacturers.

Healthcare

Healthcare Manufacturing Internet Internet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. The experts focused on Carrier’s LenelS2 access control panels, manufactured by HID Mercury. CVE-2022-31486 Authenticated command injection <=1.291 (no patch) Base 8.8, ” reads the post published by Trellix.

Firmware

Firmware Penetration Testing Manufacturing Authentication

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

“According to Vladimir Kononovich, some manufacturers rely on security through obscurity, with proprietary protocols that are poorly studied and the goal of making it difficult for attackers to procure equipment to find vulnerabilities in such devices. Wincor is currently owned by ATM manufacturer giant Diebold Nixdorf.

Hacking

Hacking Firmware Encryption Manufacturing

Use cases of secure IoT deployment

Thales Cloud Protection & Licensing

MAY 31, 2021

In our previous blog post , we discussed the challenges for securing IoT deployments, and how businesses and consumers benefit from authenticating and validating IoT software and firmware updates. Requirements also included that the firmware was to be signed by the manufacturer and verified by the pacemaker.

IoT

IoT Computers and Electronics Manufacturing Firmware

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Update the firmware on CompactRIO controllers to v8.5 Updating the firmware patches the Safe Mode where defaults are loaded.

Firmware

Firmware Manufacturing Software Authentication

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The critical systems are widely used by oil and gas organizations worldwide.

Firmware

Firmware Authentication Passwords Manufacturing

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0

Authentication

Authentication Firmware Hacking Passwords

Millions of home routers on Mirai Botnet Radar

CyberSecurity Insiders

AUGUST 13, 2021

Tenable researchers claim hackers are exploiting a security flaw termed authentication-bypass vulnerability that is impact routers and internet of things (IoT) devices. What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan.

Firmware

Firmware DDOS Malware Manufacturing

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese , iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions.

IoT

IoT Firewall Manufacturing Computers and Electronics

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world.

Mobile

Mobile Firmware Manufacturing Passwords

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

MARCH 10, 2021

There are so many reasons why manufacturers connect their products to the Internet, whether it’s industrial machines, medical devices, consumer goods or even cars. Additionally, many auto manufacturers now have the ability to remotely update software to fix vulnerabilities or even upgrade functionality. Co-ordination is key.

IoT

IoT Firmware Manufacturing Encryption

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

Malwarebytes

AUGUST 24, 2021

Last time it was a vulnerability in the Arcadyan firmware found in devices distributed by some of today’s biggest router vendors and internet service providers, such as ASUS, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, and British Telecom. Exactly what Mirai wants. Vulnerabilities. Same botnet, same operator? Mitigation.

Firmware

Firmware IoT Internet Internet

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers. ” continue the researchers.

Firmware

Firmware Manufacturing IoT Technology

How to ensure security and trust in connected cars

CyberSecurity Insiders

MARCH 16, 2021

The cars we drive today have become truly connected objects, capable of a variety of functionalities that both users and manufacturers could have only dreamed of in past decades. However, with increased connectivity in our cars, new challenges are arising for both manufacturers and users. Technologies that enable connectivity in cars.

Manufacturing

Manufacturing IoT Technology Cybersecurity

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance.

Firewall

Firewall VPN Firmware Internet

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The experts performed reverse engineering of the firmware to fully unrestricted SSH access. – Source Nozomi.

Surveillance

Surveillance Hacking Firmware Manufacturing

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. ” reads the analysis published by the experts.

Firmware

Firmware Accountability Advertising Manufacturing

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. EU Amendment Applies to Many Devices.

Wireless

Wireless IoT Manufacturing Mobile

An educational robot security research

SecureList

FEBRUARY 27, 2024

Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. This was the first security-related issue we discovered.

Education

Education Manufacturing Firmware Internet

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet.

IoT

IoT Firmware Internet Internet

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Malwarebytes

AUGUST 25, 2023

is related to incorrect authentication of the bulb, which means the device can be impersonated, allowing for Tapo password theft and device manipulation. There are some workarounds suggested to “fix” these issues, but they’re aimed at the manufacturers as opposed to the users.

Passwords

Passwords Risk IoT Firmware

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. .”

Malware

Malware Firmware Advertising Manufacturing

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication. The truth, however, is far from that.

IoT

IoT Manufacturing Energy and Utilities Data collection

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

.” The Chinese researchers who discovered the vulnerabilities pointed out that CODESYS V2 Runtime is used by many manufacturers, and most of these manufacturers still use outdated versions. The vulnerabilities affect a large number of manufacturers using a version of CODESYS V2 Runtime older than V2.4.7.57.

Software

Software Manufacturing Firmware Risk

CISA and FBI issue alert about Zeppelin ransomware

Malwarebytes

AUGUST 16, 2022

While anyone can fall victim to these threat actors, the FBI noted that this malware has been used to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.

Ransomware

Ransomware Backups Passwords Authentication

ASUS fixed critical remote authentication bypass bug in several routers

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Trending Sources

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Machine Identities are Essential for Securing Smart Manufacturing

Zyxel addressed three RCEs in end-of-life NAS devices

TPM-Fail Attacks Against Cryptographic Coprocessors

To Make the Internet of Things Safe, Start with Manufacturing

Enhance your security posture by detecting risks on authenticator devices

Firmware Fuzzing 101

Firmware Fuzzing 101

Criminal group busted after stealing hundreds of keyless cars

Securing the IoT at Scale: How PKI Can Help

Chipmaker Qualcomm warns of three actively exploited zero-days

Enhance your security posture by detecting risks on authenticator devices

3.5m IP cameras exposed, with US in the lead

The High-Stakes Game of Ensuring IoMT Device Security

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

HID Mercury Access Controller flaws could allow to unlock Doors

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Use cases of secure IoT deployment

NI CompactRIO controller flaw could allow disrupting production

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Millions of home routers on Mirai Botnet Radar

IoT Unravelled Part 3: Security

P2P Weakness Exposes Millions of IoT Devices

Samsung offers Mobile Security protection as below

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

How to ensure security and trust in connected cars

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

An RCE in Annke video surveillance product allows hacking the device

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

EU to Force IoT, Wireless Device Makers to Improve Security

An educational robot security research

Ranzy Locker ransomware hit tens of US companies in 2021

Realtek SDK flaws exploited to deliver Mirai bot variant

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

QSnatch malware infected over 62,000 QNAP NAS Devices

Critical Success Factors to Widespread Deployment of IoT

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Two critical flaws affect CODESYS ICS Automation Software

CISA and FBI issue alert about Zeppelin ransomware

Stay Connected