Engineering, Firmware and Passwords - Cyber Security Informer

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Your Brother printer might have a critical security flaw - how to check and what to do next

Zero Day

JULY 3, 2025

First noticed by Rapid7 in May and publicly disclosed on June 25 , this unpatchable vulnerability lets an attacker who knows -- or can find out -- your printer's serial number generate its default administrator password. But the "good" news is you can still protect yourself by changing that default password today.

Password Management

Password Management Passwords Firmware Artificial Intelligence

Cybersecurity in Aviation: Rising Threats and Modernization Efforts

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity

Cybersecurity Social Engineering Computers and Electronics Risk

Fully segregated networks? Your dual-homed devices might disagree

Pen Test Partners

MAY 21, 2025

Crucially, due to a combination of outdated firmware resulting in unintended exposure of network services and cleartext transmission of weak, reused and default passwords, these dual-homed devices could enable an attacker to compromise critical control and safety networks from untrusted network zones.

Firewall

Firewall Firmware Engineering Penetration Testing

The Crypto Game of Lazarus APT: Investors vs. Zero-days

SecureList

OCTOBER 23, 2024

First vulnerability (CVE-2024-4947) The heart of every web browser is its JavaScript engine. The JavaScript engine of Google Chrome is called V8 — Google’s own open-source JavaScript engine. We started reverse engineering the game’s code and discovered that there was more content available beyond this start menu.

Engineering

Engineering Accountability Social Engineering Cryptocurrency

Unanswered Questions Loom Over Cyber Attacks on M&S, Co-op & Harrods

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. Using strong, unique passwords and enabling multi-factor authentication (MFA) or preferably passkeys wherever possible remains vital.

Cyber Attacks

Cyber Attacks Retail Cyber threats Backups

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

The rise of AI-driven phishing and social engineering, increased targeting of critical infrastructure, and the emergence of more sophisticated fileless malware are all trends that have shaped the cybersecurity battlefield this year. Keep Software Updated: Enable automatic updates for your operating system, applications, and security software.

Malware

Malware Ransomware Healthcare Encryption

Wyze wants to keep prying eyes away from your cameras with this new feature

Zero Day

JUNE 20, 2025

In an announcement Tuesday about its new VerifiedView program, Wyze explained that it already uses "strong protections like password requirements, two-factor authentication , cloud security, encryption, tools to detect suspicious logins, and much more."

Password Management

Password Management Small Business Artificial Intelligence Digital transformation

Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Security Boulevard

JUNE 27, 2025

Detect and mitigate OT-specific threats: Leverage advanced detection engines tailored to industrial control systems to identify anomalous network behavior, enforce security policies, and track changes that could signal a breach in progress. organization that even touches operational technology (OT) systems.

Cyber threats

Cyber threats Risk Cyber Risk Passwords

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

The Cyber Centre has also observed router compromises stemming from basic security mistakes, such as the use of default and weak passwords, and of default security settings. Keep firmware updated. However, breaches occur because these patches are not consistently applied or implemented in a timely manner, the advisory reads.

Risk

Risk Cybersecurity Data privacy Software

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Zero Day

JUNE 14, 2025

But every PC that was sold with Windows preinstalled after mid-2016 was required to have a TPM, so that's a simple matter of flipping a switch in the firmware menu.

Password Management

Password Management Small Business Software Artificial Intelligence

Your car's USB port is more useful than you think. 5 features you're missing out on

Zero Day

JUNE 16, 2025

Update your car's multimedia unit firmware What is firmware? All modern devices require manufacturer firmware updates to keep them running smoothly. Namely, it provides a more stable connection, higher audio fidelity, and reduced potential for interference. Show more 3. Your vehicle's multimedia unit is no exception.

Wireless

Wireless Password Management Energy and Utilities Small Business

How to maximize your Windows 11 PC's battery life in 9 easy steps

Zero Day

JULY 15, 2025

Use shutdown /fw to restart and go to the firmware user interface. But a few of those switches deserve to be on your shortlist. Run shutdown /r to do a full shutdown and restart after a brief grace period.

Artificial Intelligence

Artificial Intelligence Digital transformation Password Management Software

5 Chromecast features that maximize your TV's potential (and a smart home hack)

Zero Day

JUNE 23, 2025

Check out Chromecast Preview The Chromecast Preview Program is a user-opt-in channel that updates your Google device with the latest firmware version before it's made broadly available. Featured Were 16 billion passwords from Apple, Google, and Facebook leaked?

Hacking

Hacking Password Management Small Business Passwords

At last, wireless earbuds that sound great, feel comfortable, and won't break the bank

Zero Day

JUNE 14, 2025

Fortunately, I already had the Baseus app installed ( Android / iOS ), and the MC1s automatically connected and informed me there was a firmware upgrade. With the firmware updated and the earbuds connected to both phone and app, I went into the EQ section of the app and added my standard custom EQ curve.

Wireless

Wireless Banking Password Management Small Business

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

Zero Day

JULY 11, 2025

Technical support, firmware and software updates, and troubleshooting assistance for affected products will also stop on that date. " Wemo says the Wemo app used to control devices will no longer be supported after Jan. If your Wemo product is still under warranty on or after Jan.

Artificial Intelligence

Artificial Intelligence Digital transformation Password Management Software

New Apple Public Betas are coming for iOS 26, iPadOS 26, WatchOS 26, and more: Here's what to expect

Zero Day

JULY 15, 2025

Jada Jones/ZDNET Betas will be available across the entire Apple ecosystem of devices, including iOS 26, iPadOS 26, MacOS Tahoe 26, TVOS 26, HomePod software 26, WatchOS 26, HomePod Software 26, and AirPods Firmware. AirPods Firmware iOS 26 brings two features to AirPods with Apple's advanced H2 audio chip.

Artificial Intelligence

Artificial Intelligence Software Firmware Digital transformation

Why these $160 earbuds are my new favorite for work and travel over the AirPods

Zero Day

JUNE 6, 2025

Also: Apple just gave me 3 big reasons to keep my AirPods for longer - and be excited for iOS 26 The dongle will also allow you to download firmware updates to the earbuds without installing anything on your computer, something plenty of people are prohibited from doing on work-issued devices.

Password Management

Password Management Software Artificial Intelligence Passwords

These $70 wireless earbuds sound great, feel comfortable, and are on sale

Zero Day

JUNE 28, 2025

Fortunately, I already had the Baseus app installed ( Android / iOS ), and the MC1s automatically connected and informed me there was a firmware upgrade. With the firmware updated and the earbuds connected to both phone and app, I went into the EQ section of the app and added my standard custom EQ curve.

Wireless

Wireless Password Management Small Business Software

Your Roku has secret settings and menu screens - here's how to unlock them

Zero Day

JULY 10, 2025

You can also search for firmware and software updates, run USB port tests, and more. This will get you to the Reset and update menu (also called "Secret Screen") that has options for a factory reset and refresh -- including a soft reset. Show more Elyse Betters Picaro / ZDNET 5.

Artificial Intelligence

Artificial Intelligence Digital transformation Wireless Software

My laptop webcam wasn't cutting it for video calls - then I discovered this accessory

Zero Day

JUNE 26, 2025

I decided to install the Emeet Studio App (which is available for MacOS and Windows) and was immediately informed there was a firmware update. On top of that, the Pixy also intelligently detects facial contours to automatically adjust exposure in facial areas to ensure accurate and natural skin tones.

Password Management

Password Management Small Business Software Artificial Intelligence

The Amazon Fire TV Omni QLED is great for gaming, but works just as well with Alexa

Zero Day

JULY 15, 2025

One factory reset and several firmware updates later, we were able to get the issue fixed. So if you're having issues sharing anything via AirPlay or Chromecast, I suggest checking the settings menu for the latest firmware update. I ended up contacting Amazon for troubleshooting help.

Software

Software Artificial Intelligence Digital transformation Retail

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. ” reads the advisory published by Dragos. Pierluigi Paganini.

Passwords

Passwords Software Firmware Malware

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

The Hacker News

JULY 18, 2022

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet.

Passwords

Passwords Firmware Engineering Software

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. IoT firmware should be self-healing.

IoT

IoT Firmware Risk Encryption

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

When security engineers removed the backdoor account in the first week of January, the intruders responded by sending a message saying they wanted 50 bitcoin (~$2.8 The company would spend the next few days furiously rotating credentials for all employees, before Ubiquiti started alerting customers about the need to reset their passwords.

IoT

IoT Accountability Passwords Firmware

Microsoft found auth bypass, system hijack flaws in Netgear routers

Security Affairs

JULY 1, 2021

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. “In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited.” html) and the firmware image itself (.chk

Firmware

Firmware Authentication Encryption Passwords

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Security Affairs

SEPTEMBER 18, 2021

The flaws were discovered by Google security engineer Gynvael Coldwind, Netgear addressed then early this month. NETGEAR urge its customers using the following products to download the latest firmware: GC108P fixed in firmware version 1.0.8.2 GC108PP fixed in firmware version 1.0.8.2 and Draconian Fear (CVSS score: 7.8).

Firmware

Firmware Engineering Hacking Passwords

I ditched my phone for this E Ink handset for two weeks - here's my buying advice now

Zero Day

JUNE 27, 2025

The Mudita Center desktop app is a free companion for MacOS, Windows, and Linux so you can sync contacts to the phone, update the firmware, and transfer compatible eBooks to the phone to use with the Reader application. I was looking forward to using this device as an e-reader.

Password Management

Password Management Small Business Software Artificial Intelligence

Spectre and Meltdown Attacks Against Microprocessors

Schneier on Security

JANUARY 5, 2018

Unlike our computer and phones, these systems are designed and produced at a lower profit margin with less engineering expertise. The second is that some of the patches require updating the computer's firmware. Some patches require users to disable the computer's password, which means organizations can't automate the patch.

Firmware

Firmware Software Phishing Engineering

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Equipped with this password we then could authenticate successfully.

Firmware

Firmware Manufacturing Passwords Penetration Testing

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely reboot the device without having to know the root password. ” reads the advisory published by the expert.

Firmware

Firmware Authentication Wireless Advertising

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. To find out how many printers were on the menu for our experiment, we searched for IP addresses with open ports on specialized IoT search engines, such as Shodan and Censys.

Hacking

Hacking IoT Firmware Internet

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

“It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. There are possibilities of data plagiarism, falsification, system destruction, and malicious program execution if this vulnerability was exploited by malicious attackers who can access to this private webpage (with passwords information).”

Wireless

Wireless Firmware Passwords Engineering

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

NOVEMBER 6, 2018

The flaws were discovered by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, the duo discovered that it is possible to bypass password-based authentication to access to encrypted data stored on the drives. Anyway, an attacker can reprogram the firmware to ignore the password and use the DEK.

Encryption

Encryption Firmware Passwords Advertising

QR code SQL injection and other vulnerabilities in a popular biometric terminal

SecureList

JUNE 11, 2024

User-friendly: biometric identification does not require subjects to remember passwords or carry access cards. External appearance of the device The device has several physical interfaces, supporting four authentication methods: biometric (facial recognition), password, electronic pass, and QR code.

Firmware

Firmware Authentication Passwords Risk

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

In late 2016, the world witnessed the sheer disruptive power of Mirai , a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings. no password). Hangzhou Xiongmai Technology Co., BLANK TO BANK.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

The secrets of Schneider Electric’s UMAS protocol

SecureList

SEPTEMBER 29, 2022

Controllers are configured and programmed using engineering software – EcoStruxure™ Control Expert (Unity Pro), EcoStruxure™ Process Expert, etc. an engineering workstation) can reserve a device at any specific time for configuration or status monitoring. CVE-2020-28212: authentication bypass without Application Password.

Firmware

Firmware Authentication Passwords Engineering

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. This will help me later in the case I will be able to obtain a firmware that eventually is encrypted (i.e. known-plaintext attack). And indeed it was!

Firmware

Firmware Password Management Passwords Encryption

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. Then, more specifically, we analyzed the mobile application itself using static reverse engineering of the different use cases.

Firmware

Firmware Manufacturing Passwords Mobile

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” Frustratingly, Lumen was not able to determine how the SOHO devices were being infected with AVrecon.

Malware

Malware VPN Internet Internet

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. ” concludes the paper.

Wireless

Wireless Firmware Mobile Passwords

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. through 1.4.2.20.

Small Business

Small Business Firmware Advertising VPN

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Your Brother printer might have a critical security flaw - how to check and what to do next

Trending Sources

Cybersecurity in Aviation: Rising Threats and Modernization Efforts

Fully segregated networks? Your dual-homed devices might disagree

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Unanswered Questions Loom Over Cyber Attacks on M&S, Co-op & Harrods

Nastiest Malware 2024

Wyze wants to keep prying eyes away from your cameras with this new feature

Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Your car's USB port is more useful than you think. 5 features you're missing out on

How to maximize your Windows 11 PC's battery life in 9 easy steps

5 Chromecast features that maximize your TV's potential (and a smart home hack)

At last, wireless earbuds that sound great, feel comfortable, and won't break the bank

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

New Apple Public Betas are coming for iOS 26, iPadOS 26, WatchOS 26, and more: Here's what to expect

Why these $160 earbuds are my new favorite for work and travel over the AirPods

These $70 wireless earbuds sound great, feel comfortable, and are on sale

Your Roku has secret settings and menu screens - here's how to unlock them

My laptop webcam wasn't cutting it for video calls - then I discovered this accessory

The Amazon Fire TV Omni QLED is great for gaming, but works just as well with Alexa

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

IoT Unravelled Part 3: Security

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Whistleblower: Ubiquiti Breach “Catastrophic”

Microsoft found auth bypass, system hijack flaws in Netgear routers

Expert discloses details and PoC code for Netgear Seventh Inferno bug

I ditched my phone for this E Ink handset for two weeks - here's my buying advice now

Spectre and Meltdown Attacks Against Microprocessors

Experts found backdoors in a popular Auerswald VoIP appliance

Expert found multiple critical issues in MoFi routers

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Naming & Shaming Web Polluters: Xiongmai

The secrets of Schneider Electric’s UMAS protocol

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Who and What is Behind the Malware Proxy Service SocksEscort?

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Stay Connected

How to maximize your Windows 11 PC's battery life in 9 easy steps