Security Affairs

NOVEMBER 5, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data.

Firmware 127

Firmware Manufacturing Authentication IoT 127

CyberSecurity Insiders

MARCH 25, 2021

billion IoT devices active across the world – a figure that is expected to grow to 75 billion by 2025. This tripling will be a phenomenal feat to achieve in the next four years and relies upon IoT projects that are currently planned or under development to mature quickly. 1 Consider using generic IoT service modules.

IoT 100

IoT Authentication Passwords Data collection 100

Security Affairs

OCTOBER 1, 2019

Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT botnet is named after an Italian luxury brand of fashion and leather goods. The IOT threat detection engine picked the infection IP has shown below hosting number of bins for different architectures. Compromising C&C. Inference.

IoT 105

IoT Advertising Engineering Architecture 105

Security Affairs

MAY 16, 2025

CookieAttack : Enhances BrowserAttack with advanced cookie handling to further imitate authentic web interactions. “DDoS Botnet families tend to congregate on Linux and IoT platforms. The malware bypasses detection using Base64 encoding, dynamic URLs, and simulates human behavior.

DDOS 113

DDOS Education IoT Malware 113

Security Affairs

MAY 20, 2025

The company offers cellular service, along with 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure. No cases of misuse of the information have been confirmed to date. SK Telecom announced it had enhanced defensive measures and blocked illegal SIM card changes and abnormal authentication attempts.

Malware 108

Malware Mobile Data breaches Wireless 108

Security Affairs

SEPTEMBER 2, 2019

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “This one seems to target enterprise systems.”

IoT 111

IoT Cryptocurrency Malware System Administration 111

Security Affairs

JANUARY 16, 2025

Over the years, multiple security experts have identified several vulnerabilities in MikroTik routers, such as a remote code execution vulnerability detailed by VulnCheck researchers here. The botnet’s SOCKS proxy setup enables access for hundreds of thousands of compromised machines. ” reads the report published by Infoblox.

DNS 139

DNS Malware Firmware Authentication 139

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,IOT)

Firmware 71

Firmware IoT Wireless Surveillance 71

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Non-encrypted data, insecure protocols and poor user authentication mechanisms are among the security issues that leave seismological networks open to breaches, the authors note.

IoT 128

IoT InfoSec Data collection Encryption 128

Security Affairs

JULY 14, 2020

Researchers spotted a new version of the Mirai IoT botnet that includes an exploit for a vulnerability affecting Comtrend routers. Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.

IoT 137

IoT Advertising DDOS Authentication 137

The Last Watchdog

APRIL 4, 2022

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. To protect against these attacks, businesses need to implement a wide range of strong API security measures such as authentication, authorization, encryption, and vulnerability scanning.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector.

IoT 135

IoT Firmware Internet Internet 135

The Last Watchdog

DECEMBER 31, 2019

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.

Cyber Risk 173

Cyber Risk Risk Firewall Surveillance 173

Security Affairs

DECEMBER 15, 2020

Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device.

Firmware 140

Firmware Authentication Mobile IoT 140

Daniel Miessler

MAY 8, 2020

Next come your social media accounts, and then any accounts that control IoT systems in your house. Get their passwords changed (see above), and enable two-factor authentication. This is where you take your higher-risk systems, like your IoT devices, your entertainment systems, gaming systems, etc., Change your DNS to 1.1.1.2,

Passwords 255

Passwords DNS Accountability IoT 255

Security Affairs

FEBRUARY 6, 2021

Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take control of a device’s wireless communications. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

IoT 124

IoT Wireless Authentication Passwords 124

Security Affairs

MARCH 8, 2022

Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. “Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent.”reads

Manufacturing 102

Manufacturing IoT Authentication Financial Services 102

Security Affairs

MARCH 16, 2025

Attacks on Middle Eastern countries Ballista New IoT Botnet Targeting Thousands of TP-Link Archer Routers Captain MassJacker Sparrow: Uncovering the Malwares Buried Treasure Enhancing Malware Fingerprinting through Analysis of Evasive Techniques Hacking Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT (..)

Spyware 74

Spyware Cybercrime Ransomware IoT 74

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices.

IoT 140

IoT Cybercrime Internet Internet 140

Security Affairs

OCTOBER 21, 2021

An actionable way to defend against remote access threats is to require multi factor authentication (MFA) for these connections. IoT Devices. IoT devices include wearable devices, coffee makers, sensors, and cameras, all of which connect to the Internet. Many organizations don’t have visibility into all of their IoT devices.

IoT 140

IoT Phishing Passwords Scams 140

Security Affairs

AUGUST 5, 2022

Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. The bulk of the malware code contains an implementation of an SSH 2.0

IoT 143

IoT Malware Passwords Authentication 143

Security Affairs

JULY 1, 2021

Microsoft researchers discovered multiple vulnerabilities in the firmware of the Netgear DGN-2200v1 series router that can allow attackers to bypass authentication, access stored credentials, and even take over devices. “The critical security issues (those with CVSS Score: 7.1 – 9.4) SecurityAffairs – hacking, IoT).

Firmware 141

Firmware Authentication Encryption Passwords 141

Security Affairs

JULY 13, 2021

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. The vulnerability can allow attackers to bypass authentication mechanisms which can lead to native remote-code-execution on vulnerable PLCs.”

Authentication 121

Authentication IoT Encryption Engineering 121

Security Affairs

SEPTEMBER 11, 2024

The software firm released security updates to address a maximum security vulnerability, tracked as CVE-2024-29847, in its Endpoint Management software (EPM). could allow a remote authenticated attacker with admin privileges to execute arbitrary code on the core server. ” reads the advisory published by the company.

Software 132

Software Authentication IoT Hacking 132

SecureList

DECEMBER 9, 2024

A previous faulty update had already suggested broader problems with CrowdStrike’s security software at the time, though the problem didn’t receive that much publicity. XZ backdoor to bypass SSH authentication What happened? However, delegating tasks also introduces new information security challenges.

Internet 111

Internet Internet Risk Social Engineering 111

Security Affairs

APRIL 22, 2025

The company offers cellular service, along with 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure. No cases of misuse of the information have been confirmed to date. SK Telecom announced it had enhanced defensive measures and blocked illegal SIM card changes and abnormal authentication attempts.

Data breaches 90

Data breaches Risk Mobile Wireless 90

The Last Watchdog

JANUARY 22, 2024

23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex. Thanks to the analysis and help of Sternum IoT, ChargePoint was able to correct weaknesses in CPH50, reduce the attack surface and thus improve the security of the product.

IoT 100

IoT InfoSec Firmware Manufacturing 100

Security Affairs

NOVEMBER 16, 2022

Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT botnet in August, and reported that it is active since mid-June 2022. ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. Once stored public keys stored in ~/.ssh/authorized_keys,

DDOS 128

DDOS IoT Malware Architecture 128

Security Affairs

MARCH 31, 2022

Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited by threat actors to execute arbitrary code and access camera feeds. An unauthenticated access to contents of the SD card. ” Follow me on Twitter: @securityaffairs and Facebook.

IoT 98

IoT Firmware Marketing Authentication 98

Security Affairs

JUNE 3, 2021

Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications. ” reads a reported published by Vdoo.

Wireless 128

Wireless IoT Encryption Firmware 128

SecureList

FEBRUARY 1, 2022

Let’s see if there are any informational security issues with these wearables. Authentication for data transfer using this port is completely optional, and even when authentication is present, there is no encryption; in other words, the authentication data is sent as readable text.

Phishing 145

Phishing Healthcare IoT Authentication 145

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

The Last Watchdog

FEBRUARY 25, 2019

The IAM vendors took single sign-on to the next level, adding multi-factor authentication and other functionalities. What’s more, malicious hackers progressed to gaining access via manipulating the log-ons related to millions of sensors, servers and third-party software associated with rising corporate use of cloud services and IoT systems.

Government 169

Government Authentication Technology Data breaches 169

Security Affairs

SEPTEMBER 11, 2024

This file could bypass Mark of the Web (MOTW) defenses, potentially compromising security features like SmartScreen Application Reputation and Windows Attachment Services security prompts. CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability.

Social Engineering 131

Social Engineering IoT Engineering Authentication 131

Security Affairs

SEPTEMBER 17, 2019

Internet-connected embedded devices are often placed into a broader category referred to as IoT devices. According to the experts, the level of security for IoT devices is slightly improved since SOHOpelessly Broken 1.0,

Manufacturing 110

Manufacturing IoT Advertising Authentication 110

Security Affairs

MARCH 9, 2022

Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. SecurityAffairs – hacking, IoT). Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them.

Firmware 100

Firmware IoT Authentication Backups 100

Security Affairs

OCTOBER 9, 2021

The configuration file, first indexed on an IoT search engine on September 7, appears to be the main configuration file of the application hosted on the ‘upliftmedia’ subdomain of Sky.com, and includes plain text access credentials to databases hosted on the Sky.com domain. What’s the impact?

IoT 142

IoT Media Engineering Education 142