Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware 103

Firmware Architecture Internet Internet 103

Security Affairs

AUGUST 17, 2021

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. The flaw could be easily exploited by a remote attacker to take over an IoT device, the only info needed for the attack is the Kalay unique identifier (UID) of the targeted user. .

IoT 115

IoT Hacking Social Engineering Firmware 115

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast.

Firmware 52

Firmware Hacking Internet Internet 52

Security Affairs

JANUARY 15, 2024

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. “Home users should closely monitor IoT devices and isolate them as completely as possible from the local network.

Firmware 114

Firmware IoT Hacking Information Security 114

Security Affairs

APRIL 15, 2024

Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. YouTube Video 1 , YouTube Video 2 ). All servers have been deleted.

Malware 124

Malware Firmware IoT Hacking 124

Security Affairs

DECEMBER 17, 2023

The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. The vulnerability affects VioStor NVR Versions 5.0.0

Firmware 114

Firmware Wireless DDOS IoT 114

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Pierluigi Paganini.

IoT 84

IoT Hacking Firmware Advertising 84

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. The only way to recover infected devices is to manually reinstall the device’s firmware. pic.twitter.com/Ue661ku0fy — Larry W. Cashdollar (@_larry0) June 25, 2019.

IoT 96

IoT Malware Advertising Firmware 96

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. . “Some of the security issues were detected more than once. Pierluigi Paganini.

Manufacturing 141

Manufacturing IoT Firmware VPN 141

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws.

IoT 124

IoT Firmware Internet Internet 124

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 113

Hacking Firmware IoT Internet 113

Security Affairs

MARCH 9, 2022

Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated. SecurityAffairs – hacking, IoT). Pierluigi Paganini.

Firmware 92

Firmware IoT Authentication Backups 92

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 119

Firmware Wireless Passwords Internet 119

Security Affairs

NOVEMBER 24, 2022

Microsoft experts believe that threat actors behind a malicious campaign aimed at Indian critical infrastructure earlier this year have exploited security flaws in a now-discontinued web server called Boa. The experts pointed out that Boa has been discontinued since 2005. ”reads the report published by Recorded Future.

IoT 93

IoT Firmware Software Risk 93

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 135

Firmware Authentication Hacking Software 135

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. ” reads the advisory published by the security firm. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Hacking 95

Hacking Firmware Authentication DNS 95

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

The Security Ledger

MARCH 13, 2019

Forget about Congress's latest attempt to regulate IoT security. The post Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Forget about Congress’s latest attempt to regulate IoT security. Federal Government to meet strict information security standards. Here’s why.

IoT 40

IoT Cybersecurity Internet Internet 40

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. . ” reads the security advisory published by Nozomi Networks Labs. The mainboard of the Annke N48PBB.

Surveillance 99

Surveillance Hacking Firmware Manufacturing 99

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT 116

IoT DDOS Malware Firmware 116

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the report.

DDOS 96

DDOS Firmware VPN Firewall 96

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 82

Firmware VPN Wireless Passwords 82

Security Affairs

MARCH 3, 2023

library could potentially lead to information disclosure or privilege escalation. that could potentially lead to information disclosure or privilege escalation. In some cases, the attacker can also overwrite protected data in the TPM firmware. Two vulnerabilities affecting the Trusted Platform Module ( TPM ) 2.0

Firmware 97

Firmware IoT Authentication Hacking 97

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware 122

Firmware DDOS Malware IoT 122

Security Affairs

MARCH 31, 2022

The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022. According to the experts, there are 3 version of Wyze Cam devices on the market and the first one has been discontinued and will not receive security updates to address the flaws.

IoT 74

IoT Firmware Marketing Authentication 74

Security Affairs

JANUARY 30, 2023

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.

Firmware 97

Firmware Hacking Internet Internet 97

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Now researchers from Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. .

IoT 104

IoT DNS Manufacturing Firmware 104

Security Affairs

SEPTEMBER 2, 2021

. “we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers. Pierluigi Paganini.

Firmware 89

Firmware Manufacturing IoT Technology 89

Security Affairs

FEBRUARY 6, 2020

“Check Point’s researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities.” The company released firmware p atches for the device in January.

Hacking 119

Hacking IoT Wireless Firmware 119

Security Affairs

DECEMBER 15, 2020

Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. The flaw could be exploited by an attacker to remotely execute code taking over the device. ” states the advisory.

Firmware 101

Firmware Authentication Mobile IoT 101

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS 85

DDOS Firmware Surveillance IoT 85

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 115

Hacking Firmware Internet Internet 115

Security Affairs

AUGUST 10, 2019

. “We were able to find the presence of a Remote Code Execution (RCE) vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then failed to apply subsequent security patches to.” Avaya addressed the issue with the release of new firmware on June 25. Only the H.323

Firmware 83

Firmware IoT Advertising Software 83

Security Affairs

APRIL 25, 2021

Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.” ” states the report published by Eye security. ” states the report published by Eye security.

Firmware 112

Firmware Passwords Authentication Wireless 112

Security Affairs

APRIL 13, 2022

Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous mobile robots, collectively named JekyllBot:5 , that could be exploited by remote attackers to hack the devices. A TUG is an autonomous mobile robot designed for hospitals by Aethon.

Mobile 128

Mobile Hacking Firmware Surveillance 128

Security Affairs

FEBRUARY 1, 2023

On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. Censys concludes.

Internet 98

Internet Internet Firmware IoT 98

Malwarebytes

SEPTEMBER 3, 2021

The state of IoT is poor enough as it is, security wise. But the sector is only as secure as the technology it relies on, so our food supply requires secure IoT devices and Cloud services for food and agriculture too. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware 139

Ransomware Manufacturing Passwords Internet 139