Authentication, Information Security, IoT and Manufacturing

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. “Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent.”reads

Manufacturing

Manufacturing IoT Authentication Financial Services

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

Siemens Metaverse, a virtual space built to mirror real machines, factories, and other highly complex systems, has exposed sensitive data, including the company’s office plans and internet of things (IoT) devices. It contained ComfyApp credentials and endpoints. There are a lot of opportunities for threat actors here.

Manufacturing

Manufacturing IoT Technology Authentication

7 Ways Enterprises are Taking Advantage of Biometrics

Security Boulevard

AUGUST 11, 2023

Biometrics are known to have been a boon to digital security and data protection, but there are a variety of other use cases across industries. Biometrics are automated methods used to identify an individual or verify/authenticate an individual's identity based on physiological characteristics and behavioral traits.

Healthcare

Healthcare Authentication Passwords IoT

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

” The MiCODUS MV720 GPS Tracker is a popular vehicle GPS tracker manufactured in China, which is used by consumers for theft protection and location management, and by organizations for vehicle fleet management. The analysis of the sector usage on a global scale revealed significant differences by continent in the typical user profile.

Manufacturing

Manufacturing Passwords Mobile Authentication

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

The state of IoT is poor enough as it is, security wise. But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. Use multi-factor authentication with strong pass phrases where possible.

Ransomware

Ransomware Manufacturing Passwords Internet

How Dow Jones used the pandemic to undergo a zero trust overhaul

SC Magazine

MAY 18, 2021

It changed what was considered normal within that network, introducing more users overall, more mobile devices popping up on the network, and new cloud applications and IoT devices. They replaced their telecommunications network and built a new software-defined wide area network to handle policy, security and networking functions.

IoT

IoT Telecommunications Manufacturing Firewall

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. Improper Authentication Validation CWE-287 ( CVE-2023–1752 , CVSS3.0: Authorization Bypass Through User-Controlled Key CWE-639 ( CVE-2023–1749 , CVSS3.0:

Manufacturing

Manufacturing Media Firewall Education

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

SEPTEMBER 17, 2019

In this phase of the project that started in 2013 ( SOHOpelessly Broken 1.0 ) , the researchers assessed the security of 13 SOHO router and NAS devices and found a total of 125 new vulnerabilities. . This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices.”

Manufacturing

Manufacturing IoT Advertising Authentication

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

The FBI is working with private sector partners who manufacture smart devices to advise customers about the scheme and how to avoid being victimized. The FBI recommends users to enable two-factor authentication (2FA) for smart devices exposed online. Users should update their passwords on a regular basis.

Passwords

Passwords Surveillance Manufacturing Accountability

Spotlight Podcast: Intel’s Matt Areno – Supply Chain is the New Security Battlefield

The Security Ledger

SEPTEMBER 18, 2020

. » Related Stories Spotlight Podcast: CTO Zulfikar Ramzan on RSA’s Next Act: Security Start-Up Spotlight Podcast: Taking a Risk-Based Approach to Election Security PKI Points the Way for Identity and Authentication in IoT. Unfortunately, the information security industry has been slow to respond.

Manufacturing

Manufacturing Engineering IoT Cyber threats

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

. “we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers. Pierluigi Paganini.

Firmware

Firmware Manufacturing IoT Technology

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Security Affairs

FEBRUARY 26, 2020

A high-severity hardware vulnerability, dubbed Kr00k , in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. Cybersecurity researchers from ESET have discovered a new high-severity hardware vulnerability, dubbed Kr00k , that affects Wi-Fi chips manufactured by Broadcom and Cypress.

Encryption

Encryption Wireless Manufacturing Advertising

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

JULY 22, 2021

When millions of people around the world were sent home to work at the onset of the global COVD-19 pandemic, they left behind not only empty offices but also a host of Internet of Things (IoT) devices – from smartwatches to networked printers – that were still connected to corporate networks and cranking away.

IoT

IoT Risk Architecture Manufacturing

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. At the end of the process, the firmware was rewritten to the device’s memory. The mainboard of the Annke N48PBB.

Surveillance

Surveillance Hacking Firmware Manufacturing

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

Introduction This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as secure as it can be. Signing 3.4.

IoT

IoT Firmware Mobile Manufacturing

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

In September 2018, researchers observed the Hide and Seek (HNS) IoT botnet targeting Android devices with ADB option enabled. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported.” The script for a.

Cryptocurrency

Cryptocurrency Malware Advertising Firmware

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. Department of Homeland Security described IoT security as a matter of homeland security. IoT devices expose users to two main weaknesses. The first is the very well-known lack of device security.

IoT

IoT Cybersecurity VPN Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page.

Malware

Malware Firmware Advertising Manufacturing

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices.

Malware

Malware Advertising Passwords Manufacturing

SBOMs: Securing the Software Supply Chain

eSecurity Planet

OCTOBER 26, 2021

In any instance, cryptographic authentication of SBOMs is imperative for verifying their authenticity. Read more: Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices. The Importance of Component Relationships. Proof of Concept: Healthcare SBOM. What SBOMs Mean for Cybersecurity.

Software

Software Risk Healthcare Cybersecurity

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

JANUARY 22, 2024

23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex. Thanks to the analysis and help of Sternum IoT, ChargePoint was able to correct weaknesses in CPH50, reduce the attack surface and thus improve the security of the product.

IoT

IoT InfoSec Firmware Manufacturing

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Unauthenticated vulnerability scans should be conducted to view the systems from the perspective of an external hacker and authenticated vulnerability scans should be conducted to view systems from the perspective of a hacker with stolen credentials. Broader is always better to control risks, but can be more costly.]

Penetration Testing

Penetration Testing Risk Firmware Software

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

granting them access to live and archived video feeds across multiple organizations, including manufacturing facilities, hospitals, schools, police departments and prisons. At the very least, there should have been some form of multi-factor authentication or password vault to protect the [server] account.

Surveillance

Surveillance IoT Accountability Passwords

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

Security experts have discovered a new variant of the infamous Mirai malware, tracked as Mukashi, was employed in attacks against network-attached storage (NAS) devices manufactured by Zyxel. are vulnerable to this pre-authentication command injection vulnerability. ” reads the analysis published by Palo Alto Network.

DDOS

DDOS Authentication Advertising Firmware

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

Troy Hunt

APRIL 15, 2019

Referencing that report, US Consumer groups drew a similar conclusion : US consumer groups are now warning parents not to buy the devices The manufacturers fixed the identified flaws. Obviously you want to remove the risk ASAP, but you also want to make sure that information about how to exploit it isn't made public beforehand.

Spyware

Spyware Passwords Manufacturing Marketing

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

What if the right to repair something that you own was denied simply because a manufacturer decided it could do that? And if you didn't put on the, you know, manufacturer approved tire. Given the control that medical device manufacturers have, and the FDA as well, when COVID hit something had to give.

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

What if the right to repair something that you own was denied simply because a manufacturer decided it could do that? And if you didn't put on the, you know, manufacturer approved tire. Given the control that medical device manufacturers have, and the FDA as well, when COVID hit something had to give.

InfoSec

InfoSec Manufacturing Technology Software

Cyber Security Informer

Access:7 flaws impact +150 device models from over 100 manufacturers

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Trending Sources

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Realtek SDK flaws exploited to deliver Mirai bot variant

Siemens Metaverse exposes sensitive corporate data

7 Ways Enterprises are Taking Advantage of Biometrics

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

FBI warns of ransomware threat to food and agriculture

How Dow Jones used the pandemic to undergo a zero trust overhaul

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

FBI warns swatting attacks on owners of smart devices

Spotlight Podcast: Intel’s Matt Areno – Supply Chain is the New Security Battlefield

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

IoT Devices a Huge Risk to Enterprises

An RCE in Annke video surveillance product allows hacking the device

IoT Secure Development Guide

Android Botnet leverages ADB ports and SSH to spread

IoT and Cybersecurity: What’s the Future?

QSnatch malware infected over 62,000 QNAP NAS Devices

QNAP urges users to update Malware Remover after QSnatch joint alert

SBOMs: Securing the Software Supply Chain

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

Vulnerability Management Policy Template

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Mukashi, the new Mirai variant that targets Zyxel NAS

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected