Cybersecurity, Firmware and Manufacturing

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security

NSTIC

JUNE 22, 2023

NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series—such as the recommendation for documentation in Action 3.d These development practices can also provide

IoT

IoT Manufacturing Cybersecurity Firmware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. The Internet of Things Cybersecurity Improvement Act of 2020 , which was enacted Dec.

Manufacturing

Manufacturing IoT Firmware Architecture

Firmware: A New Attack Vector Requiring Industry Leadership

Dark Reading

SEPTEMBER 11, 2019

It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.

Firmware

Firmware Manufacturing Cybersecurity

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

Regrettably, cybersecurity is often an overlooked aspect in the development of many smart devices, and medical devices in particular. In response, manufacturers are intensifying their cybersecurity efforts, incorporating advanced CI/CD workflows to safeguard medical devices from escalating attacks.

Healthcare

Healthcare Manufacturing Internet Internet

Why you should secure your embedded server management interfaces

CSO Magazine

JANUARY 14, 2022

All server manufacturers provide this functionality in firmware through a set of chips that run independent of the rest of the server and OS. Over the years, security researchers have found and demonstrated vulnerabilities in the BMC implementations of different server manufacturers and attackers have taken advantage of some of them.

Manufacturing

Manufacturing Firmware Cybersecurity

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. To address this threat, organizations of all sizes while conducting a risk assessment need to take into account the vulnerabilities of all third-party software or firmware.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Firmware

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The Secure boot is a security standard developed by members of the PC industry to ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

Firmware

Firmware Manufacturing Hacking Cybersecurity

Millions of home routers on Mirai Botnet Radar

CyberSecurity Insiders

AUGUST 13, 2021

According to a research carried out by Maryland based Cybersecurity firm Tenable, hackers are targeting millions of home routers to add them to the Mirai botnet radar that is used to launch DDoS Cyber attack campaigns. The post Millions of home routers on Mirai Botnet Radar appeared first on Cybersecurity Insiders.

Firmware

Firmware DDOS Malware Manufacturing

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

“According to Vladimir Kononovich, some manufacturers rely on security through obscurity, with proprietary protocols that are poorly studied and the goal of making it difficult for attackers to procure equipment to find vulnerabilities in such devices. Wincor is currently owned by ATM manufacturer giant Diebold Nixdorf.

Hacking

Hacking Firmware Encryption Manufacturing

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

I had an eye-opening conversation about all of this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany. We can’t expect the consumer to be an expert on IoT cybersecurity, that’s just not realistic,” he says. In 2023, the U.S.

IoT

IoT Government Internet Internet

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Hacker Combat

SEPTEMBER 22, 2022

Researchers from the industrial cybersecurity company Claroty discovered a total of seven flaws with the iBoot-PDU product, including one that might have allowed a remote, unauthenticated attacker to execute arbitrary code. The vendor has released firmware version 1.42.06162022 to address the problem.

Firmware

Firmware Firewall Manufacturing Internet

Vulnerability makes hackers hijack video streams from millions of connected cameras

CyberSecurity Insiders

JUNE 29, 2021

Security researchers say that the flaw is related to software component used in cloud surveillance platform ThroughTek that is used by OEMs while manufacturing IP Cameras, baby monitoring cams and pet monitoring solutions along with robotic and battery devices. score to the newly discovered P2P SDK vulnerability.

Firmware

Firmware IoT Surveillance Manufacturing

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

IoT devices are exposed to cybersecurity vulnerabilities. However, if you know where the dangers lurk, there is a way to minimize the cybersecurity risks. Here are five significant cybersecurity vulnerabilities with IoT in 2020. The cybersecurity issues related to IoT are a brand-new topic in the niche. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw.

Firmware

Firmware Manufacturing Software Authentication

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. The zero-days reveal just how many items can threaten an organization’s cybersecurity. While we’ve known about the dangers of IoT devices for a long time, plenty of cybersecurity tools still don’t sufficiently cover them.

Hacking

Hacking IoT Firmware Cybersecurity

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. The experts focused on Carrier’s LenelS2 access control panels, manufactured by HID Mercury. The US Cybersecurity and Infrastructure Security Agency (CISA) has also published an advisory about these vulnerabilities.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Ransomware gang attacks MSI and demands $4m for decryption

CyberSecurity Insiders

APRIL 9, 2023

The manufacturer of notebooks, PCs, and GPUs stated that its IT team is working 24×7 to recover the data from the incident from a business continuity plan and is urging users not to download any kind of BIOS and firmware updates from external web resources and instead depend on the official website for all needs.

Ransomware

Ransomware Firmware Manufacturing Cyber Attacks

The Chip War’s Impact on Cybersecurity and the Supply Chain

Security Boulevard

MARCH 28, 2023

The post The Chip War’s Impact on Cybersecurity and the Supply Chain appeared first on Security Boulevard. “The semiconductor supply chain remains one of the most complicated and most critical supply chains that underpin the entire global.

Cybersecurity

Cybersecurity Manufacturing Firmware IoT

Mobile Adware makes online banking services as Prime Targets

CyberSecurity Insiders

MARCH 1, 2021

Kaspersky claims that the Android devices mostly those belonging to Chinese OEMs are coming pre-installed with adware and some even in the firmware components. But threat analysts who took part in the research say that some manufactures are indulging in spreading adware simply to receive extra profits.

Adware

Adware Banking Mobile Firmware

SiteLock’s Top Five Cybersecurity Predictions For 2020

SiteLock

AUGUST 27, 2021

It’s safe to say that the volume and magnitude of high-profile data breaches and ransomware attacks that punctuated 2019 really kept the cybersecurity industry on its toes. We’ve analyzed the current state of the industry and packaged up our top five cybersecurity predictions for 2020. In comparison to last year, research.

Cybersecurity

Cybersecurity Phishing Data breaches IoT

How to ensure security and trust in connected cars

CyberSecurity Insiders

MARCH 16, 2021

The cars we drive today have become truly connected objects, capable of a variety of functionalities that both users and manufacturers could have only dreamed of in past decades. However, with increased connectivity in our cars, new challenges are arising for both manufacturers and users. Technologies that enable connectivity in cars.

Manufacturing

Manufacturing IoT Technology Cybersecurity

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. So, why think much about security?

Mobile

Mobile Firmware Manufacturing Passwords

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

A joint analysis conducted by industrial cybersecurity firms Claroty and O torio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

Hacking

Hacking Internet Internet Manufacturing

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The experts performed reverse engineering of the firmware to fully unrestricted SSH access.

Surveillance

Surveillance Hacking Firmware Manufacturing

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. Common EU Security Standards. IoT Security Neglected.

Wireless

Wireless IoT Manufacturing Mobile

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Security Affairs

AUGUST 2, 2021

Cybersecurity researchers disclosed multiple flaws, dubbed PwnedPiper , that left a widely-used pneumatic tube system (PTS) vulnerable to attacks. The flaw affects the Translogic PTS system manufactured by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and thousands of hospitals worldwide.

Healthcare

Healthcare Firmware Manufacturing Ransomware

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” The foundation of Silicon Valley was set, and today comparable technology development pieces are being laid in Maryland on the cybersecurity front.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. MSI is urging users to obtain firmware/BIOS updates only from its official website fearing that threat actors could circulate malware-laced versions of the company’s BIOS.

Ransomware

Ransomware Firmware Hacking Manufacturing

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

MARCH 10, 2021

There are so many reasons why manufacturers connect their products to the Internet, whether it’s industrial machines, medical devices, consumer goods or even cars. Additionally, many auto manufacturers now have the ability to remotely update software to fix vulnerabilities or even upgrade functionality. Co-ordination is key.

IoT

IoT Firmware Manufacturing Encryption

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

An invalidation data region is created by varying the OP area that can be changed by the user or by the firmware manager. However, a threat actor can reduce the size of the OP area using the firmware manager generating an invalid data area. The OP area can be set for example by a maximum of 50%. ” reads the research paper.

Malware

Malware Firmware Manufacturing Media

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Driven by the need to secure themselves against increasing threats, organizations (both manufacturers and IoT consumers) realize that they need better built-in security. To secure data exchanged between IoT devices and the software required for operating these devices – bootstrap, firmware, apps – we need to establish a chain of trust.

IoT

IoT Manufacturing Energy and Utilities Data collection

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices.

Malware

Malware Firmware Advertising Manufacturing

637 flaws in industrial control system (ICS) products were published in H1 2021

Security Affairs

AUGUST 20, 2021

Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain. The cybersecurity firm warns that more than 70% of published vulnerabilities have been assigned critical or high severity ratings.

Firmware

Firmware Ransomware Manufacturing Software

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

Firmware

Firmware Manufacturing Education Engineering

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. Install updates/patch operating systems, software, and firmware as soon as they are released. ” Internet of Things.

Ransomware

Ransomware Manufacturing Passwords Internet

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

” reads the advisory published by Chinese cybersecurity firm NSFOCUS said. ” The Chinese researchers who discovered the vulnerabilities pointed out that CODESYS V2 Runtime is used by many manufacturers, and most of these manufacturers still use outdated versions. .”

Software

Software Manufacturing Firmware Risk

DOJ Disrupts Russia-Linked Botnet 'Cyclops Blink'

SecureWorld News

APRIL 7, 2022

highlighting the strength that public-private partnerships can bring to cybersecurity. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) released a security advisory identifying Cyclops Blink malware that targeted network devices manufactured by WatchGuard Technologies Inc.

Malware

Malware Firmware Manufacturing Firewall

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks.

Ransomware

Ransomware Encryption Firmware Backups

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Android devices shipped with backdoored firmware as part of the BADBOX network

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Webinars

Trending Sources

SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security

Webinars

March to 5G could pile on heavier security burden for IoT device manufacturers

Firmware: A New Attack Vector Requiring Industry Leadership

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

The High-Stakes Game of Ensuring IoMT Device Security

Why you should secure your embedded server management interfaces

Five Cybersecurity Trends that Will Affect Organizations in 2023

ESET warns of three flaws that affect over 100 Lenovo notebook models

Millions of home routers on Mirai Botnet Radar

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Vulnerability makes hackers hijack video streams from millions of connected cameras

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

NI CompactRIO controller flaw could allow disrupting production

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

HID Mercury Access Controller flaws could allow to unlock Doors

Ransomware gang attacks MSI and demands $4m for decryption

The Chip War’s Impact on Cybersecurity and the Supply Chain

Mobile Adware makes online banking services as Prime Targets

SiteLock’s Top Five Cybersecurity Predictions For 2020

How to ensure security and trust in connected cars

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Samsung offers Mobile Security protection as below

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

An RCE in Annke video surveillance product allows hacking the device

EU to Force IoT, Wireless Device Makers to Improve Security

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

MSI confirms security breach after Money Message ransomware attack

Guest Blog: TalkingTrust. What’s driving the security of IoT?

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Critical Success Factors to Widespread Deployment of IoT

QSnatch malware infected over 62,000 QNAP NAS Devices

637 flaws in industrial control system (ICS) products were published in H1 2021

MITRE and CISA publish the 2021 list of most common hardware weaknesses

FBI warns of ransomware threat to food and agriculture

Two critical flaws affect CODESYS ICS Automation Software

DOJ Disrupts Russia-Linked Botnet 'Cyclops Blink'

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Stay Connected