Firmware, Manufacturing and Passwords - Cyber Security Informer

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Use a Strong and Unique Password: Discourage employees from reusing passwords that are linked to other accounts.

Wireless

Wireless Firmware Firewall Manufacturing

Five Ways to Secure Your Home Office Webcam

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware

Firmware Manufacturing Passwords Software

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

Secret Backdoors Found in German-made Auerswald VoIP System

The Hacker News

DECEMBER 21, 2021

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

Penetration Testing

Penetration Testing Firmware Telecommunications Manufacturing

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. And how do you vet those firmware updates? In IoT, [manufacturers] want that low-cost sensor.

Manufacturing

Manufacturing IoT Firmware Architecture

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Malwarebytes

AUGUST 25, 2023

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. Multiple high severity vulnerabilities exist which allow for password retrieval and device manipulation, with four issues in total. One vulnerability, with a CVSS score of 7.6

Passwords

Passwords Risk IoT Firmware

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. Millions of users are potentially impacted by these vulnerabilities.

Manufacturing

Manufacturing IoT Firmware VPN

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. After looking at 28 of the most popular manufacturers, our research team found 3.5 What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies.

Surveillance

Surveillance Manufacturing Passwords Internet

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

Being constantly connected to the internet, they are either protected by basic passwords or, in some cases, have no password protection at all. In response, manufacturers are intensifying their cybersecurity efforts, incorporating advanced CI/CD workflows to safeguard medical devices from escalating attacks.

Healthcare

Healthcare Manufacturing Internet Internet

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Passwords

Passwords Manufacturing Advertising Firmware

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. The experts recommend to randomly generate a different password for each device.

Wireless

Wireless Firmware Passwords Engineering

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low.

IoT

IoT Firewall Manufacturing Computers and Electronics

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The critical systems are widely used by oil and gas organizations worldwide.

Firmware

Firmware Authentication Passwords Manufacturing

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co., Mitigation.

Firmware

Firmware Surveillance Marketing VPN

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world.

Mobile

Mobile Firmware Manufacturing Passwords

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

Vulnerabilities Detected in These 9 Routers for SMBs

SecureWorld News

DECEMBER 8, 2021

Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. In fact, a large number of manufacturers use default passwords like 'admin,' which in many cases can be read in plain text.". Wi-Fi manufacturers and policymakers respond.

Manufacturing

Manufacturing IoT Firmware Small Business

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. IoT firmware should be self-healing.

IoT

IoT Firmware Risk Manufacturing

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network.

Hacking

Hacking Internet Internet Passwords

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0 The researchers also shared a video PoC of an attack to bypass the ASLR. Below are the recommendations provided by Microsoft: Apply patches to affected devices in your network.

Authentication

Authentication Firmware Hacking Passwords

An educational robot security research

SecureList

FEBRUARY 27, 2024

Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. This was the first security-related issue we discovered.

Education

Education Manufacturing Firmware Internet

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Security Affairs

AUGUST 2, 2021

The flaw affects the Translogic PTS system manufactured by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and thousands of hospitals worldwide. An attacker could also push an insecure firmware upgrade to fully compromise the devices. Swisslog has released Nexus Control Panel version 7.2.5.7

Healthcare

Healthcare Firmware Manufacturing Ransomware

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. The FBI notice includes the following recommendations: Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Ransomware

Ransomware Manufacturing Passwords Internet

CISA and FBI issue alert about Zeppelin ransomware

Malwarebytes

AUGUST 16, 2022

While anyone can fall victim to these threat actors, the FBI noted that this malware has been used to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.

Ransomware

Ransomware Backups Passwords Authentication

How to ensure security and trust in connected cars

CyberSecurity Insiders

MARCH 16, 2021

The cars we drive today have become truly connected objects, capable of a variety of functionalities that both users and manufacturers could have only dreamed of in past decades. However, with increased connectivity in our cars, new challenges are arising for both manufacturers and users. Technologies that enable connectivity in cars.

Manufacturing

Manufacturing IoT Technology Cybersecurity

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Ransomware

Ransomware Passwords Backups Firmware

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. EU Amendment Applies to Many Devices.

Wireless

Wireless IoT Manufacturing Mobile

Router security in 2021

SecureList

JUNE 8, 2022

They make the router much easier to hack, which gives the opportunity to get round password protection features (such as CAPTCHA or a limited number of login attempts), run third-party code, bypass authentication, send remote commands to the router or even disable it. search results for “default password” in June 2021.

DDOS

DDOS Passwords IoT Firmware

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

NAS servers are a privileged target for hackers because they normally store large amounts of data.The ransomware was targeting poorly protected or vulnerable NAS servers manufactured by QNAP, threat actors exploited known vulnerabilities or carried out brute-force attacks.

Ransomware

Ransomware Encryption Firmware Passwords

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

MARCH 3, 2023

The exact method for doing this may vary depending on your router manufacturer. The typical username and password for Wi-Fi routers is “admin” for both, but you may need to search online or contact your ISP if that doesn’t work. If this option is not available, you may need to upgrade the router firmware.

Wireless

Wireless Encryption Passwords IoT

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. .”

Malware

Malware Firmware Advertising Manufacturing

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Security experts from security firm SEC Consult have identified over 100 companies that buy and re-brand video surveillance equipment (surveillance cameras, digital video recorders (DVRs), and network video recorders (NVRs)) manufactured by the Chinese firm Hangzhou Xiongmai Technology Co., Xiongmai hereinafter) that are open to hack.

Surveillance

Surveillance Hacking Firmware Manufacturing

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Unfortunately, users tend to leave these passwords unchanged.

IoT

IoT DDOS Passwords Malware

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Boulevard

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The critical systems are widely used by oil and gas organizations worldwide.

Firmware

Firmware Authentication Passwords Manufacturing

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Encryption Passwords Malware

For remote workforces, don’t overlook printer security

SC Magazine

MARCH 23, 2021

Despite the increasing move to digitalization, many industries and teams still rely on printing as a vital part of their business processes, including the legal, healthcare, manufacturing, and logistics sectors. Manual configuration of devices can lead to problems with inconsistent settings and firmware levels. The security question.

Firmware

Firmware Digital transformation Passwords Software

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Strong, complex passwords are essential to prevent unauthorized access.

Encryption

Encryption Firmware Surveillance Technology

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. The Flaws in Manufacturing Process. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

Once the ransomware has infected a device, it moves all the files on the NAS into password-protected 7z archives and demands the payment of a $550 ransom. Up to date apps and firmware seem not to help either.” Then it also deletes snapshots to prevent restoring of data from the backups and drops a ransom note (named !!!

Ransomware

Ransomware Encryption Backups Firmware

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

GhostDNS scans for the IP addresses used by routers that use weak or no password then accesses them and changes the DNS settings to a rogue DNS server operated by the attackers. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages.

DNS

DNS Malware Firmware Phishing

5 Ways to Ensure Home Router Security with a Remote Workforce

Five Ways to Secure Your Home Office Webcam

Trending Sources

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Secret Backdoors Found in German-made Auerswald VoIP System

March to 5G could pile on heavier security burden for IoT device manufacturers

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

3.5m IP cameras exposed, with US in the lead

The High-Stakes Game of Ensuring IoMT Device Security

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

P2P Weakness Exposes Millions of IoT Devices

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Patch now! Insecure Hikvision security cameras can be taken over remotely

Samsung offers Mobile Security protection as below

Botnet operators target multiple zero-day flaws in LILIN DVRs

Vulnerabilities Detected in These 9 Routers for SMBs

IoT Unravelled Part 3: Security

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

An educational robot security research

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

FBI warns of ransomware threat to food and agriculture

CISA and FBI issue alert about Zeppelin ransomware

How to ensure security and trust in connected cars

Avoslocker ransomware gang targets US critical infrastructure

FBI warns of ransomware attacks targeting the food and agriculture sector

Ranzy Locker ransomware hit tens of US companies in 2021

EU to Force IoT, Wireless Device Makers to Improve Security

Router security in 2021

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

How to Configure a Router to Use WPA2 in 7 Easy Steps

QSnatch malware infected over 62,000 QNAP NAS Devices

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Overview of IoT threats in 2023

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

FBI published a flash alert on Mamba Ransomware attacks

For remote workforces, don’t overlook printer security

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Stay Connected