Adam Shostack

JANUARY 2, 2025

You can start threat modeling IoT with the four question framework: What are you building? But there are specifics to IoT, and those specifics influence how you think about each of those questions. In the IoT world, the question of did we do a good job becomes have we done a good enough job? What can go wrong? Don Bailey)

IoT 130

IoT Engineering Internet Internet 130

Troy Hunt

MARCH 19, 2022

Download it for free. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically.

IoT 337

IoT 337

Schneier on Security

SEPTEMBER 12, 2022

Shikitega also downloads Mettle, a Metasploit interpreter that gives the attacker the ability to control attached webcams and includes a sniffer, multiple reverse shells, process control, shell command execution and additional abilities to control the affected system. […]. Bottom line: Shikitega is a nasty piece of code.

Malware 315

Malware Backups IoT Software 315

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT 136

IoT DDOS Passwords Malware 136

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” reads the report published by IBM. ” file.

IoT 145

IoT DDOS Architecture Passwords 145

Troy Hunt

APRIL 29, 2021

Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. Download it for free.

IoT 308

IoT Firewall Data breaches Malware 308

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT 143

IoT Cybersecurity Manufacturing Internet 143

Security Affairs

SEPTEMBER 18, 2024

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices.

IoT 138

IoT Wireless DDOS Architecture 138

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? Pierluigi Paganini.

Manufacturing 145

Manufacturing IoT Malware Cryptocurrency 145

SecureList

NOVEMBER 29, 2024

The group’s victims according to its DLS as a percentage of all groups’ published victims during the period under review ( download ) Number of new modifications In Q3 2024, we detected three new ransomware families and 2109 new variants, or half of what we discovered in the previous reporting period. 2 China 0.95 3 Libya 0.68

Mobile 106

Mobile Adware Ransomware Malware 106

SecureWorld News

JANUARY 16, 2025

Digital transformation: The integration of IoT, SCADA systems, and advanced analytics has increased operational efficiency but also expanded the attack surface. Conducting regular training sessions on recognizing phishing emails, avoiding suspicious downloads, and following cybersecurity protocols can build a resilient workforce.

Energy and Utilities 108

Energy and Utilities IoT Backups Artificial Intelligence 108

Security Affairs

JUNE 20, 2025

TB of data in just 45 seconds, like streaming 9,350 HD movies or downloading 9.35 The attack occurred on October 29, when a Mirai -variant botnet composed of 13,000 IoT devices launched a 5.6 Earlier in 2025, Cloudflare reported over 13.5 Tbps DDoS attack blasted 37.4 million songs in under a minute. terabytes in just 45 seconds is.”

DDOS 120

DDOS IoT Hacking Internet 120

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. GreyNoise also observed an instance of an attack using wget to download a shell script for reverse shell access. “Organizations using VHD PTZ camera firmware < 6.3.40

Firmware 121

Firmware Manufacturing IoT Healthcare 121

CyberSecurity Insiders

JANUARY 28, 2022

Moreover, predictions made by Gartner indicate that a staggering 59% of organizations plan to support their IoT networks through 5G- which opens up new avenues for cybercriminals to exploit. This article explores the possible ramifications that 5G could have for IoT security, along with some steps that enterprises can take to prepare for it.

IoT 131

IoT Technology Mobile Software 131

Security Affairs

DECEMBER 26, 2024

. “Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” dyn” for C2 communication.

Manufacturing 89

Manufacturing Malware Firmware IoT 89

SecureWorld News

OCTOBER 3, 2024

But what does 5G mean for utility IoT? This is where IoT (Internet of Things) devices come into play. Think of 5G as a highway and IoT devices as cars. But in the utility industry, IoT is very powerful. IoT is helping utilities shift from routine to proactive solutions. Let's get started.

IoT 111

IoT Energy and Utilities Internet Internet 111

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT 98

IoT DDOS Architecture Internet 98

Security Affairs

NOVEMBER 5, 2018

“The group distributes the bot by exploiting a common command injection vulnerability on internet of things (IoT) devices and Linux servers. The malicious code changes the working directory to “/tmp” and downloads a payload and run it with the Perl interpreter. .” ” reads the analysis published by TrendMicro.

IoT 111

IoT Advertising DDOS Malware 111

Security Affairs

APRIL 8, 2020

Cybersecurity researchers discovered a new IoT botnet, tracked as Dark Nexux, that is used to launch distributed denial-of-service (DDoS) attacks. Dark Nexux is the name of a new emerging IoT botnet discovered by Bitdefender that is used to launch DDoS attacks. through 8.6). net:80), and then executes them. Pierluigi Paganini.

IoT 115

IoT DDOS Architecture Advertising 115

Security Affairs

AUGUST 31, 2019

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. IoT #malware branches seen in ????????

IoT 109

IoT Passwords Advertising Malware 109

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. Kunz and his colleagues were able to brute-force the IoT radio in just 10 minutes and achieve root access with full privileges. . Pierluigi Paganini.

IoT 109

IoT Hacking Firmware Advertising 109

Security Affairs

OCTOBER 1, 2019

Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT botnet is named after an Italian luxury brand of fashion and leather goods. The IOT threat detection engine picked the infection IP has shown below hosting number of bins for different architectures. Figure 1: GUCCI Bot Binaries. Inference.

IoT 105

IoT Advertising Engineering Architecture 105

Security Affairs

JANUARY 21, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads.” ” reads the advisory. The payload targets AVTECH cameras, using command-line injection to fetch, execute, and remove shell scripts.

IoT 82

IoT Malware Hacking Cybercrime 82

Security Affairs

JUNE 22, 2023

Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices. The attack chain commences with the exploitation of one of the above issues, then the threat actor tries to download a shell script downloader from a remote server.

IoT 98

IoT Malware Encryption DDOS 98

Security Affairs

MARCH 12, 2025

. “The botnet exploits this vulnerability by injecting a payload that downloads and executes a cleartext shell dropper named dropbpb.sh, responsible for downloading the malware binaries and executing them on the compromised device.” 70) via HTTP on port 81. .” 70) via HTTP on port 81.

IoT 73

IoT Malware Encryption DDOS 73

Malwarebytes

JUNE 17, 2025

Collectively known as IoT (Internet of Things) devices, these connected objects have a nasty habit of collecting our data without us really understanding what they’re doing. The guidance highlights data that IoT vendors might collect. The security aspect of IoT is perhaps one of the most important of all.

IoT 113

IoT Manufacturing Internet Internet 113

Security Affairs

FEBRUARY 16, 2023

During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022. to the console.

IoT 98

IoT DDOS Encryption Malware 98

Security Affairs

NOVEMBER 5, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. GreyNoise also observed an instance of an attack using wget to download a shell script for reverse shell access. Organizations using VHD PTZ camera firmware < 6.3.40

Firmware 125

Firmware Manufacturing Authentication IoT 125

SecureList

JULY 6, 2022

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware. The device is based on the HiSilicon platform and runs Linux.

Firmware 125

Firmware IoT Architecture Manufacturing 125

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. However, as IoT innovation and adoption grows, so do the associated security risks. However, as IoT innovation and adoption grows, so do the associated security risks.

IoT 75

IoT Malware Education Government 75

Security Boulevard

MARCH 21, 2025

And get the latest on open source software security; cyber scams; and IoT security. The bill would require IoT manufacturers and internet service providers (ISPs) to provide clear and timely information about their connected devices support lifecycles. Plus, get fresh guidance on how to transition to quantum-resistant cryptography.

Risk 69

Risk IoT Cybersecurity Manufacturing 69

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. ” reads the analysis published by AT&T Alien Labs.

Malware 138

Malware IoT Cryptocurrency Engineering 138

Security Affairs

MARCH 16, 2021

Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.” “The IoT realm remains an easily accessible target for attackers.

Wireless 138

Wireless IoT DNS Architecture 138

Malwarebytes

JUNE 26, 2023

Poorly configured Linux and Internet of Things (IoT) devices are at risk of compromise from a cryptojacking campaign , according to researchers at Microsoft. Once the attackers have broken into their target system, a patched version of OpenSHH, a remote login tool , is downloaded from a remote server.

IoT 96

IoT Adware Firmware DDOS 96

Security Boulevard

MARCH 18, 2021

The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet. . This means that currently there are three IoT devices for every one human on the planet. The Technical Challenge of IoT Security.

Internet 137

Internet Internet IoT Technology 137

Schneier on Security

APRIL 20, 2020

Sure, defenders can use the same systems, but many of today's Internet of Things (IoT) systems have no engineering teams to write patches and no ability to download and install patches. The result will be hundreds of vulnerabilities that attackers can find and use.

Software 235

Software IoT Engineering Internet 235

The Last Watchdog

JULY 10, 2023

The new consumer research studied and focused on banking, the Internet of Things (IoT) and smart cities and found the following key takeaways from across the world: •Only 19% of respondents don’t worry about the security of their data. •36% 36% of respondents have been the victim of data loss, identity theft or digital fraud. •41%

Identity Theft 189

Identity Theft IoT Banking Internet 189