Hacking, Information Security, Internet and IoT

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e.

IoT

IoT Hacking Firmware Advertising

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. The flaw could be easily exploited by a remote attacker to take over an IoT device, the only info needed for the attack is the Kalay unique identifier (UID) of the targeted user. .

IoT

IoT Hacking Social Engineering Firmware

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The team of experts presented their technique at the Annual Computer Security Applications Conference ( ACSAC ) that took place in December. SecurityAffairs – hacking, IoT devices). Pierluigi Paganini.

IoT

IoT Malware Internet Internet

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. ” reads the report published by Cado Security.

IoT

IoT Architecture Malware Hacking

Microsoft warns of BadAlloc flaws in OT, IoT devices

Security Affairs

APRIL 30, 2021

Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc , affecting IoT and OT devices. Pierluigi Paganini.

IoT

IoT VPN Firewall Risk

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Security Affairs

FEBRUARY 1, 2023

Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. and QuTS hero h5.0.1

Internet

Internet Internet Firmware IoT

New Mirai botnet targets tens of flaws in popular IoT devices

Security Affairs

JUNE 22, 2023

Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices. “The widespread adoption of IoT devices has become a ubiquitous trend. However, the persistent security concerns surrounding these devices cannot be ignored.

IoT

IoT Malware Encryption DDOS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

how are they connected to the Internet (hint: they aren't, they are… [link] — Robᵉʳᵗ Graham ? ErrataRob) February 7, 2024 Several experts explained that electric toothbrushes have no direct connections to the internet, they relies on Bluetooth to connect to mobile apps. what was the brand of toothbrushes?

DDOS

DDOS IoT Media Internet

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. ” IoT risk must be taken seriously. ” continues Microsoft.

IoT

IoT Hacking Advertising Government

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. Kunz and his colleagues were able to brute-force the IoT radio in just 10 minutes and achieve root access with full privileges. .

IoT

IoT Hacking Firmware Advertising

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The availability online of a new collection of Telnet credentials for more than 500,000 servers, routers, and IoT devices made the headlines. According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service. SecurityAffairs – Telnet credentials, hacking).

IoT

IoT DDOS InfoSec Internet

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. SecurityAffairs – hacking, Mozi botnet). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022.

IoT

IoT DDOS Encryption Malware

7 Top Tips for Accelerating your IoT Projects in 2021

CyberSecurity Insiders

MARCH 25, 2021

billion IoT devices active across the world – a figure that is expected to grow to 75 billion by 2025. This tripling will be a phenomenal feat to achieve in the next four years and relies upon IoT projects that are currently planned or under development to mature quickly. 1 Consider using generic IoT service modules.

IoT

IoT Authentication Passwords Data collection

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

This flaw potentially affects millions of IOT devices manufactured by no less than 17 vendors, including some ISPs. . The ongoing attacks were spotted by researchers from Juniper Threat Labs , experts believe that were conducted by a threat actor that targeted IoT devices in a campaign since February. Pierluigi Paganini.

IoT

IoT Firmware Authentication Wireless

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. To nominate, please visit:?

DNS

DNS IoT Hacking Cybersecurity

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices.

IoT

IoT Cybercrime Internet Internet

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking

Hacking Penetration Testing Data breaches Authentication

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. SecurityAffairs – hacking, BotenaGo).

IoT

IoT Firmware Malware Wireless

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

. “ “This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.” Pierluigi Paganini.

Hacking

Hacking Firmware IoT Internet

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? SecurityAffairs – Windows 7, hacking).

Manufacturing

Manufacturing IoT Malware Cryptocurrency

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

Attackers could leverage a compromised identifier to use mobile Internet at the legitimate user’s expense and carry out fraud and impersonation, Attackers can also hijack user session data containing relevant identifiers (e.g., phone number) of a real subscriber and impersonate him to access the Internet. Pierluigi Paganini.

Mobile

Mobile Internet Internet Wireless

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

“This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.”. SecurityAffairs – hacking, Hikvision).

Hacking

Hacking Firmware Internet Internet

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

Kenneth Currin Schuchman (21) from Vancouver, Washington pleaded guilty to creating and operating multiple DDoS IoT botnet , including Satori. Kenneth Currin Schuchman (21) from Vancouver, Washington, aka Nexus Zeta, pleaded guilty to creating and operating multiple DDoS IoT botnets. Pierluigi Paganini.

IoT

IoT DDOS Internet Internet

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Non-encrypted data, insecure protocols and poor user authentication mechanisms are among the security issues that leave seismological networks open to breaches, the authors note.

IoT

IoT InfoSec Data collection Encryption

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. SecurityAffairs – Silex malware, hacking).

IoT

IoT Malware Advertising Firmware

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. ” reported The New Paper.”

IoT

IoT Internet Internet Hacking

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. IoT #malware branches seen in ???????? .

IoT

IoT Passwords Advertising Malware

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Security Boulevard

JANUARY 21, 2024

Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media

Media Accountability Hacking Scams

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “This one seems to target enterprise systems.”

IoT

IoT Cryptocurrency Malware System Administration

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

“Check Point’s researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities.” SecurityAffairs – Smart Light Bulbs, hacking). ” reads the report published by CheckPoint.”Our

Hacking

Hacking IoT Wireless Firmware

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure.

Malware

Malware Firmware IoT Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

Podcast Episode 110: Why Patching Struts isn’t Enough and Hacking Electricity Demand with IoT?

The Security Ledger

AUGUST 27, 2018

In this week’s episode (#110): the second major flaw in Apache Struts 2 in as many years and has put the information security community on alert. But is this vulnerability as serious as the last, which resulted in the hack of the firm Equifax? But what would happen if someone figured out to how to hack electricity demand?

IoT

IoT Hacking Information Security Internet

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

. “The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to provide ongoing protection against cyber attacks.” is the first country in the world to ban default credentia from IoT devices. ” The U.K.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Security Affairs

AUGUST 8, 2023

The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. The LockBit ransomware group threatens to leak medical data of cancer patients stolen from Varian Medical Systems. Varian Medical Systems, Inc.

Ransomware

Ransomware Manufacturing Healthcare IoT

Gucci IOT Bot Discovered Targeting European Region

Security Affairs

OCTOBER 1, 2019

Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT botnet is named after an Italian luxury brand of fashion and leather goods. The IOT threat detection engine picked the infection IP has shown below hosting number of bins for different architectures. Inference. Pierluigi Paganini.

IoT

IoT Advertising Engineering Architecture

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT

IoT DDOS Malware Firmware

Hacking IoT & RF Devices with BürtleinaBoard

Updated Kmsdx botnet targets IoT devices

Webinars

Trending Sources

Kalay cloud platform flaw exposes millions of IoT devices to hack

Webinars

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Researchers used electromagnetic signals to classify malware infecting IoT devices

New P2PInfect bot targets routers and IoT devices

Microsoft warns of BadAlloc flaws in OT, IoT devices

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

New Mirai botnet targets tens of flaws in popular IoT devices

New Ttint IoT botnet exploits two zero-days in Tenda routers

Unraveling the truth behind the DDoS attack from electric toothbrushes

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Mozi Botnet is responsible for most of the IoT Traffic

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

7 Top Tips for Accelerating your IoT Projects in 2021

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

A DNS flaw impacts a library used by millions of IoT devices

TheMoon bot infected 40,000 devices in January and February

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

BotenaGo botnet targets millions of IoT devices using 33 exploits

Hikvision cameras could be remotely hacked due to critical flaw

IoT devices at major Manufacturers infected with crypto-miner

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Over 80,000 Hikvision cameras can be easily hacked

Creator of multiple IoT botnets, including Satori, pleaded guilty

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Silex malware bricks thousands of IoT devices in a few hours

Realtek SDK flaws exploited to deliver Mirai bot variant

Hackers claim to have compromised 50,000 home cameras and posted footage online

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Who and What is Behind the Malware Proxy Service SocksEscort?

Podcast Episode 110: Why Patching Struts isn’t Enough and Hacking Electricity Demand with IoT?

NCSC: New UK law bans default passwords on smart devices

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Gucci IOT Bot Discovered Targeting European Region

A new Zerobot variant spreads by exploiting Apache flaws

Stay Connected