Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Passwords 80

Passwords Manufacturing Advertising Firmware 80

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance 82

Surveillance Hacking Firmware Manufacturing 82

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication 87

Authentication Firmware Hacking Passwords 87

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware 105

Firmware Surveillance Manufacturing Advertising 105

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. IoT firmware should be self-healing.

IoT 358

IoT Firmware Risk Manufacturing 358

Security Affairs

SEPTEMBER 10, 2019

” The IoT radio devices are manufactured by Imperial & Dabman (Series I and D) and are distributed in Germany by Telestar, but experts pointed out that it is possible to buy them via Ebay and Amazon by resellers. .” The telnetd service is being deactivated and old and weak passwords are as well being removed or changed.

IoT 84

IoT Hacking Firmware Advertising 84

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords. Pierluigi Paganini.

IoT 103

IoT DNS Manufacturing Firmware 103

Security Affairs

APRIL 26, 2019

Roughly 50% of vulnerable devices is manufactured by Chinese company Hichip. An attacker could chain the issues to steal password theft and possibly remotely compromise the devices, he only needs to know the IP address of the P2P server used by the device. ” reported Brian Krebs. Pierluigi Paganini.

IoT 82

IoT Hacking Manufacturing Advertising 82

Security Affairs

AUGUST 2, 2021

The flaw affects the Translogic PTS system manufactured by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and thousands of hospitals worldwide. An attacker could also push an insecure firmware upgrade to fully compromise the devices. SecurityAffairs – hacking, PTS Systems).

Healthcare 107

Healthcare Firmware Manufacturing Ransomware 107

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. At the time of writing, of the 87 critical vulnerabilities published in 2021, more than a quarter (29.9%) remain unpatched and unreported by the vendor: Router manufacturers’ response to vulnerabilities found in their products in 2021 ( download ).

DDOS 88

DDOS Passwords IoT Firmware 88

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 127

Ransomware Firmware Antivirus Accountability 127

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. SecurityAffairs – hacking, FBI).

Ransomware 95

Ransomware Passwords Backups Firmware 95

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Avoid reusing passwords for multiple accounts.

Ransomware 96

Ransomware DDOS Passwords Backups 96

Security Affairs

AUGUST 10, 2021

NAS servers are a privileged target for hackers because they normally store large amounts of data.The ransomware was targeting poorly protected or vulnerable NAS servers manufactured by QNAP, threat actors exploited known vulnerabilities or carried out brute-force attacks. SecurityAffairs – hacking, NAS). Pierluigi Paganini.

Ransomware 127

Ransomware Encryption Firmware Passwords 127

Security Affairs

JULY 28, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. .”

Malware 103

Malware Firmware Advertising Manufacturing 103

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Upgrade to the latest firmware version. Change any default usernames and passwords.

Energy and Utilities 95

Energy and Utilities Government Firewall Malware 95

Pen Test

OCTOBER 12, 2023

Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Strong, complex passwords are essential to prevent unauthorized access.

Encryption 52

Encryption Firmware Surveillance Technology 52

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Implement the shortest acceptable timeframe for password changes.

Ransomware 144

Ransomware Encryption Passwords Malware 144

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. per day, or $1350 per month.

IoT 86

IoT DDOS Passwords Malware 86

Security Boulevard

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. SecurityAffairs – hacking, ABB Totalflow). concludes the advisory. “A

Firmware 98

Firmware Authentication Passwords Manufacturing 98

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. EU Amendment Applies to Many Devices.

Wireless 100

Wireless IoT Manufacturing Mobile 100

Security Affairs

JANUARY 16, 2022

Once the ransomware has infected a device, it moves all the files on the NAS into password-protected 7z archives and demands the payment of a $550 ransom. Up to date apps and firmware seem not to help either.” SecurityAffairs – hacking, QNAP NAS). Let’s call it QLocker2 and refer to the old one as QLocker1.

Ransomware 112

Ransomware Encryption Backups Firmware 112

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. The Flaws in Manufacturing Process. Poor credentials.

IoT 133

IoT Cybersecurity Manufacturing Internet 133

eSecurity Planet

MARCH 3, 2023

The protocol protects your incoming and outgoing internet traffic and makes it difficult for cyber criminals to intercept your data or hack your device. The exact method for doing this may vary depending on your router manufacturer. If this option is not available, you may need to upgrade the router firmware.

Wireless 78

Wireless Encryption Passwords IoT 78

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada. SecurityAffairs – hacking, Zeppelin ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 85

Ransomware Encryption Firmware Backups 85

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. GhostDNS scans for the IP addresses used by routers that use weak or no password then accesses them and changes the DNS settings to a rogue DNS server operated by the attackers.

DNS 76

DNS Malware Firmware Phishing 76

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT 52

IoT Hacking Internet Internet 52

Security Affairs

JULY 25, 2018

AVTech is one of the world’s leading CCTV manufacturers, it is the largest public-listed company in the Taiwan surveillance industry. EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware. Securi ty Affairs – Death botnet, hacking).

Firmware 44

Firmware Passwords IoT Advertising 44

Security Boulevard

MAY 30, 2022

Due to the nature of these devices, the lack of security is often the result of weak design by the device manufacturer. Another alert by CISA has warned about critical vulnerabilities in Siemens software that could potentially impact millions of medical devices from multiple manufacturers. Change all default passwords.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

Security Affairs

AUGUST 13, 2018

Security researcher has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless. Sood has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless that can be exploited remotely to take control of affected devices.

Wireless 46

Wireless Firmware Manufacturing Advertising 46

Security Affairs

NOVEMBER 4, 2019

A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP. “The original infection method remains unknown, but during that phase malicious code is injected to the firmware of the target system, and the code is then run as part of normal operations within the device.

Malware 61

Malware Firmware Advertising Encryption 61

Security Affairs

NOVEMBER 1, 2018

The affected chips are also used in access points and other networking devices manufactured by Cisco and Aruba Networks. “The chips are embedded in, among other devices, certain access points that deliver Wi-Fi to enterprise networks manufactured by Cisco, Meraki and Aruba. Security Affairs – BLEEDINGBIT, hacking).

Firmware 80

Firmware Manufacturing IoT Mobile 80

eSecurity Planet

MARCH 1, 2023

For example, Wi-Fi protected access (WPA) requires users to provide a password or passphrase to gain access to the network. Ensure that your password is complex, unique, and has a mix of upper and lower case letters, numbers and symbols. Change it often, particularly as employees leave, and use a guest network if possible.

Wireless 89

Wireless Encryption Authentication IoT 89

Spinone

MARCH 17, 2018

These smart devices include cars, household appliances, building systems such as lighting and heating, televisions, medical devices, manufacturing equipment, and many other types of systems used both in a consumer and industrial setting. Additionally it is common for users to share passwords across several accounts.

Internet 40

Internet Internet Risk Computers and Electronics 40

Security Boulevard

MARCH 18, 2021

When you consider that IoT devices are controlling autonomous vehicles, drug pumps, manufacturing operations, and even the camera on your virtual assistant, you begin to realize security is important. It’s more than someone hacking into your smart light bulbs and turning on all the lights in your home.

Internet 137

Internet Internet IoT Software 137

Security Affairs

JULY 31, 2019

Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of critical flaws affecting access control systems manufactured by Prima Systems. “The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.”

Backups 57

Backups Authentication Advertising Firmware 57