Engineering, Firmware and Internet - Cyber Security Informer

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware. Cybersecurity awareness and incident response Train employees to recognize phishing attempts and social engineering. Report ransomware incidents to the FBI Internet Crime Complaint Center (IC3) , CISA, or MS-ISAC.

Ransomware

Ransomware IoT Encryption Social Engineering

Your Brother printer might have a critical security flaw - how to check and what to do next

Zero Day

JULY 3, 2025

Of those eight flaws, seven can be fully patched with firmware updates. Rapid7's zero-day research has revealed eight security holes across 689 Brother printer, scanner, and label-maker models -- and an additional 59 devices from Fujifilm, Toshiba Tec, Ricoh, and Konica Minolta. CVE-2024-51978 carries a CVSS score of 9.8

Password Management

Password Management Passwords Firmware Artificial Intelligence

Mercedes-Benz Head Unit security research report

SecureList

JANUARY 17, 2025

This setup allowed us to establish communication over DoIP (Diagnostic Over Internet Protocol): Communication between diagnostic software and hardware The TCP communication between the diagnostic tool and the diagnostic hardware device is performed over Ethernet using custom protocols (Protocol Data Unit, PDU). SMR-F files, but uncompressed.

Backups

Backups Architecture Firmware Software

MY TAKE: Technology breakthroughs, emerging standards are coalescing to assure IoT integrity

The Last Watchdog

NOVEMBER 10, 2024

The Internet of Things is growing apace. It requires technical innovation to mesh with supporting security standards and emerging government regulations much quicker and smoother than has ever happened in the Internet era. It also validates the integrity of the firmware and checks for any unauthorized modifications.

IoT

IoT Technology Computers and Electronics Energy and Utilities

Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Security Boulevard

JUNE 27, 2025

networks and Internet-connected devices for disruptive cyber attacks." Detect and mitigate OT-specific threats: Leverage advanced detection engines tailored to industrial control systems to identify anomalous network behavior, enforce security policies, and track changes that could signal a breach in progress. and beyond.

Cyber threats

Cyber threats Risk Cyber Risk Passwords

Wyze wants to keep prying eyes away from your cameras with this new feature

Zero Day

JUNE 20, 2025

How it works When you set up a Wyze camera , your user ID will be digitally stamped onto the camera's firmware. It will be rolled out through an update, so if your Wyze app and camera firmware stay up to date, you'll receive the feature. The camera then digitally stamps that same ID onto every photo, video, and livestream.

Password Management

Password Management Small Business Artificial Intelligence Digital transformation

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

Remove direct internet access to device management interfaces, restricting admins to internal and secure management networks. Keep firmware updated. Other mitigation recommendations include: Disable unnecessary network edge services, especially unsecured ones such as HTTP. Use modern encryption standards.

Risk

Risk Cybersecurity Data privacy Software

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Zero Day

JUNE 14, 2025

But every PC that was sold with Windows preinstalled after mid-2016 was required to have a TPM, so that's a simple matter of flipping a switch in the firmware menu.

Password Management

Password Management Small Business Software Artificial Intelligence

Your car's USB port is more useful than you think. 5 features you're missing out on

Zero Day

JUNE 16, 2025

Update your car's multimedia unit firmware What is firmware? All modern devices require manufacturer firmware updates to keep them running smoothly. Namely, it provides a more stable connection, higher audio fidelity, and reduced potential for interference. Show more 3. Your vehicle's multimedia unit is no exception.

Wireless

Wireless Password Management Energy and Utilities Small Business

How to maximize your Windows 11 PC's battery life in 9 easy steps

Zero Day

JULY 15, 2025

Use shutdown /fw to restart and go to the firmware user interface. But a few of those switches deserve to be on your shortlist. Run shutdown /r to do a full shutdown and restart after a brief grace period.

Artificial Intelligence

Artificial Intelligence Digital transformation Password Management Software

5 Chromecast features that maximize your TV's potential (and a smart home hack)

Zero Day

JUNE 23, 2025

Check out Chromecast Preview The Chromecast Preview Program is a user-opt-in channel that updates your Google device with the latest firmware version before it's made broadly available. When you want to disconnect, use the Google Home app to stop streaming from your music app.

Hacking

Hacking Password Management Small Business Passwords

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. These are the carriers that provide Internet access to rural areas all across America. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Authentication

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

Zero Day

JULY 11, 2025

Technical support, firmware and software updates, and troubleshooting assistance for affected products will also stop on that date. " Wemo says the Wemo app used to control devices will no longer be supported after Jan. If your Wemo product is still under warranty on or after Jan.

Artificial Intelligence

Artificial Intelligence Digital transformation Password Management Software

At last, wireless earbuds that sound great, feel comfortable, and won't break the bank

Zero Day

JUNE 14, 2025

Fortunately, I already had the Baseus app installed ( Android / iOS ), and the MC1s automatically connected and informed me there was a firmware upgrade. With the firmware updated and the earbuds connected to both phone and app, I went into the EQ section of the app and added my standard custom EQ curve.

Wireless

Wireless Banking Password Management Small Business

New Apple Public Betas are coming for iOS 26, iPadOS 26, WatchOS 26, and more: Here's what to expect

Zero Day

JULY 15, 2025

Jada Jones/ZDNET Betas will be available across the entire Apple ecosystem of devices, including iOS 26, iPadOS 26, MacOS Tahoe 26, TVOS 26, HomePod software 26, WatchOS 26, HomePod Software 26, and AirPods Firmware. AirPods Firmware iOS 26 brings two features to AirPods with Apple's advanced H2 audio chip.

Artificial Intelligence

Artificial Intelligence Software Firmware Digital transformation

Your Roku has secret settings and menu screens - here's how to unlock them

Zero Day

JULY 10, 2025

Also: I changed 6 settings on my Roku TV to give it an instant performance boost Need your IP and MAC addresses or want to check your internet connection? You can also search for firmware and software updates, run USB port tests, and more. That's what this screen is for on your Roku.

Artificial Intelligence

Artificial Intelligence Digital transformation Wireless Software

These $70 wireless earbuds sound great, feel comfortable, and are on sale

Zero Day

JUNE 28, 2025

Fortunately, I already had the Baseus app installed ( Android / iOS ), and the MC1s automatically connected and informed me there was a firmware upgrade. With the firmware updated and the earbuds connected to both phone and app, I went into the EQ section of the app and added my standard custom EQ curve.

Wireless

Wireless Password Management Small Business Software

Why these $160 earbuds are my new favorite for work and travel over the AirPods

Zero Day

JUNE 6, 2025

Also: Apple just gave me 3 big reasons to keep my AirPods for longer - and be excited for iOS 26 The dongle will also allow you to download firmware updates to the earbuds without installing anything on your computer, something plenty of people are prohibited from doing on work-issued devices.

Password Management

Password Management Software Artificial Intelligence Passwords

My laptop webcam wasn't cutting it for video calls - then I discovered this accessory

Zero Day

JUNE 26, 2025

I decided to install the Emeet Studio App (which is available for MacOS and Windows) and was immediately informed there was a firmware update. On top of that, the Pixy also intelligently detects facial contours to automatically adjust exposure in facial areas to ensure accurate and natural skin tones.

Password Management

Password Management Small Business Software Artificial Intelligence

The Amazon Fire TV Omni QLED is great for gaming, but works just as well with Alexa

Zero Day

JULY 15, 2025

One factory reset and several firmware updates later, we were able to get the issue fixed. So if you're having issues sharing anything via AirPlay or Chromecast, I suggest checking the settings menu for the latest firmware update. I ended up contacting Amazon for troubleshooting help.

Software

Software Artificial Intelligence Digital transformation Retail

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT

IoT DDOS Internet Internet

Router Security

Schneier on Security

FEBRUARY 19, 2021

Nonetheless, all but one vendor spread several private keys in almost all firmware images. Engineering teams come together, design and build the router, and then disperse. There’s often no one around to write patches, and most of the time router firmware isn’t even patchable.

Firmware

Firmware Software Engineering Internet

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Encryption

How to Reverse Engineer, Sniff & Bruteforce Vulnerable RF Adult Toys with WHID Elite

Security Affairs

AUGUST 2, 2019

First of all, I have followed the usual Reverse Engineering approach I use for investigating new RF devices and turned on the winning combination LimeSDR/RTL-SDR + URH. Which means, we can easily fuzz and thus exhaust the space between them with the main WHID Elite Firmware. Which allows us to eliminate the Rolling-Code assumption.

Engineering

Engineering Firmware InfoSec Hacking

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

Spectre and Meltdown Attacks Against Microprocessors

Schneier on Security

JANUARY 5, 2018

Unlike our computer and phones, these systems are designed and produced at a lower profit margin with less engineering expertise. The second is that some of the patches require updating the computer's firmware. The first is that these vulnerabilities affect embedded computers in consumer devices. It also requires more coordination.

Firmware

Firmware Software Phishing Engineering

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. WHO’S BEHIND SOCKSESCORT?

Malware

Malware VPN Internet Internet

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. I had an eye-opening conversation about all of this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany.

IoT

IoT Government Manufacturing Internet

I ditched my phone for this E Ink handset for two weeks - here's my buying advice now

Zero Day

JUNE 27, 2025

The Mudita Center desktop app is a free companion for MacOS, Windows, and Linux so you can sync contacts to the phone, update the firmware, and transfer compatible eBooks to the phone to use with the Reader application. I was looking forward to using this device as an e-reader.

Password Management

Password Management Small Business Software Artificial Intelligence

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Flashing Firmware: Flashing BUSSide firmware inside the NodeMCU is quick and easy: # apt-get install esptool # git clone [link] # esptool --port /dev/ttyUSB0 write_flash 0x00000 BUSSide/FirmwareImages/*.bin. his majesty, the Firmware). In a couple of minutes you should get extracted the firmware. What do you do?

IoT

IoT Hacking Firmware InfoSec

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. If every victim had paid the ransom, this attack would have netted the hackers about $4,484,700.”

Ransomware

Ransomware Firmware Internet Internet

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. 11, Ubiquiti Inc. 11 this year, now would be a good time to care of that.

IoT

IoT Accountability Passwords Firmware

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

.” Experts used the search engines for Internet-connected devices, like Shodan.io, to search for ENIP-compatible internet-facing devices and discovered more than 8,000 systems exposed online. This would leave many running in the wild still today.” ” continues the report.

Hacking

Hacking Firmware Internet Internet

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Security Affairs

SEPTEMBER 18, 2021

The flaws were discovered by Google security engineer Gynvael Coldwind, Netgear addressed then early this month. NETGEAR urge its customers using the following products to download the latest firmware: GC108P fixed in firmware version 1.0.8.2 GC108PP fixed in firmware version 1.0.8.2 and Draconian Fear (CVSS score: 7.8).

Firmware

Firmware Engineering Hacking Passwords

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

. “Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” ” continues the report.

Firmware

Firmware Authentication Wireless Advertising

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. “Firmware Update 8.2B

Firmware

Firmware Manufacturing Passwords Penetration Testing

Microsoft found auth bypass, system hijack flaws in Netgear routers

Security Affairs

JULY 1, 2021

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. “In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited.” html) and the firmware image itself (.chk

Firmware

Firmware Authentication Encryption Passwords

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? In fact, the researchers found it was trivial to set up a system that mimics the XMEye cloud and push malicious firmware updates to any device. Source: xiongmaitech.com.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. In order to protect Dahua devices, users have to install the latest firmware version. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Authentication

Authentication Firmware Hacking Engineering

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

These devices are installed in airplanes to offer internet connectivity to the passengers, the above vulnerabilities can be exploited by an attacker to compromise the inflight entertainment system and potentially conduct other malicious activities. ” reads the advisory published by Contec.

Wireless

Wireless Firmware Passwords Engineering

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. Always remember. Never trust.

Social Engineering

Social Engineering Cyber Attacks Scams Phishing

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Your Brother printer might have a critical security flaw - how to check and what to do next

Trending Sources

Mercedes-Benz Head Unit security research report

MY TAKE: Technology breakthroughs, emerging standards are coalescing to assure IoT integrity

Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Wyze wants to keep prying eyes away from your cameras with this new feature

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Your car's USB port is more useful than you think. 5 features you're missing out on

How to maximize your Windows 11 PC's battery life in 9 easy steps

5 Chromecast features that maximize your TV's potential (and a smart home hack)

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

At last, wireless earbuds that sound great, feel comfortable, and won't break the bank

New Apple Public Betas are coming for iOS 26, iPadOS 26, WatchOS 26, and more: Here's what to expect

Your Roku has secret settings and menu screens - here's how to unlock them

These $70 wireless earbuds sound great, feel comfortable, and are on sale

Why these $160 earbuds are my new favorite for work and travel over the AirPods

My laptop webcam wasn't cutting it for video calls - then I discovered this accessory

The Amazon Fire TV Omni QLED is great for gaming, but works just as well with Alexa

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Router Security

Dynamic analysis of firmware components in IoT devices

IoT Unravelled Part 3: Security

How to Reverse Engineer, Sniff & Bruteforce Vulnerable RF Adult Toys with WHID Elite

CISA Order Highlights Persistent Risk at Network Edge

Spectre and Meltdown Attacks Against Microprocessors

Who and What is Behind the Malware Proxy Service SocksEscort?

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

I ditched my phone for this E Ink handset for two weeks - here's my buying advice now

Hacking IoT & RF Devices with BürtleinaBoard

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Whistleblower: Ubiquiti Breach “Catastrophic”

A critical flaw in industrial automation systems opens to remote hack

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Expert found multiple critical issues in MoFi routers

Experts found backdoors in a popular Auerswald VoIP appliance

Microsoft found auth bypass, system hijack flaws in Netgear routers

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Naming & Shaming Web Polluters: Xiongmai

PoC exploit for 2 flaws in Dahua cameras leaked online

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

Stay Connected

How to maximize your Windows 11 PC's battery life in 9 easy steps