Hacking, Information Security, IoT and Manufacturing

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? Pierluigi Paganini.

Manufacturing

Manufacturing IoT Malware Cryptocurrency

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e.

IoT

IoT Hacking Firmware Advertising

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. “Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent.”reads

Manufacturing

Manufacturing IoT Authentication Financial Services

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Security Affairs

MARCH 23, 2021

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. ” . Pierluigi Paganini.

Wireless

Wireless Manufacturing Ransomware Mobile

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. Kunz and his colleagues were able to brute-force the IoT radio in just 10 minutes and achieve root access with full privileges. .

IoT

IoT Hacking Firmware Advertising

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

This flaw potentially affects millions of IOT devices manufactured by no less than 17 vendors, including some ISPs. . The ongoing attacks were spotted by researchers from Juniper Threat Labs , experts believe that were conducted by a threat actor that targeted IoT devices in a campaign since February. Pierluigi Paganini.

IoT

IoT Firmware Authentication Wireless

MITRE released EMB3D Threat Model for embedded devices

Security Affairs

MAY 14, 2024

Automotive, healthcare, and manufacturing), including critical infrastructure. This collaborative approach ensures that EMB3D remains up-to-date and comprehensive, serving as a valuable resource for enhancing the security of embedded devices. The threat model provides a knowledge base of cyber threats to embedded devices.

Manufacturing

Manufacturing Healthcare IoT Cyber threats

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. SecurityAffairs – hacking, routers).

Manufacturing

Manufacturing IoT Firmware VPN

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

Apart from the electronic toothbrush mess, the Internet of Things (IoT) are privileged targets for many threat actors. Some cases underscore the urgency of securing our smart homes. IoT devices, such as smart fridges, smart meters, or thermostats, are often designed with connectivity in mind, but lack of security.

DDOS

DDOS IoT Media Internet

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Security Affairs

AUGUST 8, 2023

The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. designs, manufactures, sells, and services medical devices and software products for treating cancer and other medical conditions worldwide. Varian Medical Systems, Inc.

Ransomware

Ransomware Manufacturing Healthcare IoT

Who is behind the Mozi Botnet kill switch?

Security Affairs

NOVEMBER 2, 2023

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extended the list of targets.

IoT

IoT Manufacturing Malware Hacking

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. IoT #malware branches seen in ????????

IoT

IoT Passwords Advertising Malware

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. SecurityAffairs – hacking, IP cameras).

IoT

IoT Internet Internet Hacking

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

Siemens Metaverse, a virtual space built to mirror real machines, factories, and other highly complex systems, has exposed sensitive data, including the company’s office plans and internet of things (IoT) devices. The most worrying discovery was that of exposed office management platform ComfyApp user credentials.

Manufacturing

Manufacturing IoT Technology Authentication

Toyota Italy accidentally leaked sensitive data

Security Affairs

MARCH 28, 2023

Threat actors could abuse this information to gain access to Toyota clients’ phone numbers and email addresses and abuse them to launch phishing attacks. Cybernews has reached out to the car manufacturer, and, at the time of writing, the dataset has been secured. env) hosted on the official Toyota Italy website.

Marketing

Marketing Manufacturing Phishing IoT

Security Affairs newsletter Round 326

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN

VPN Ransomware Manufacturing IoT

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

million vehicles can allow hackers to remotely hack them. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 million vehicles. .

Manufacturing

Manufacturing Passwords Mobile Authentication

Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)

Security Affairs

JANUARY 26, 2023

A large number of these attacks attempted to deliver malware to vulnerable IoT devices. Palo Alto Networks also observed a new distributed IoT denial-of-service (DDoS) botnet developed in Golang, tracked as RedGoBot. It has been estimated that the flaw CVE-2021-35394 affects almost 190 models of devices from 66 different manufacturers.

DDOS

DDOS IoT Manufacturing Malware

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

NOVEMBER 3, 2021

Related Stories Spotlight: When Ransomware Comes Calling Episode 226: The Cyber Consequences Of Our Throw Away Culture Spotlight: Automation Beckons as DevOps, IoT Drive PKI Explosion. In recent years, even “old economy” industrial and manufacturing firms like Ford, GM and John Deere got into the act. Click the icon below to listen.

Software

Software Manufacturing IoT Cyber Attacks

Top cybersecurity Predictions for 2020

Security Affairs

DECEMBER 27, 2019

Once again, the lack of a global framework of norms of state behavior in cyberspace and the absence of sanctions for rogue nation-state actors will continue to encourage state-sponsored hacking. 3) IoT devices under attack. SecurityAffairs – cybersecurity predictions, hacking). the Mirai bot). the Mirai bot).

Cybersecurity

Cybersecurity IoT Ransomware Advertising

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Earlier in August, Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE.

IoT

IoT DNS Manufacturing Passwords

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs.

Manufacturing

Manufacturing Media Firewall Education

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

Security Affairs newsletter Round 250

Security Affairs

FEBRUARY 9, 2020

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks. Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs. Japanese defense contractors Pasco and Kobe Steel disclose security breaches. Facebooks official Twitter and Instagram accounts hacked by OurMine.

Banking

Banking Advertising Ransomware DDOS

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

SEPTEMBER 17, 2019

In this phase of the project that started in 2013 ( SOHOpelessly Broken 1.0 ) , the researchers assessed the security of 13 SOHO router and NAS devices and found a total of 125 new vulnerabilities. . This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices.”

Manufacturing

Manufacturing IoT Advertising Authentication

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

Now experts found 12 vulnerabilities in the BLE software development kits (SDKs) of seven SoC vendors (Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor) that could be exploited to hack into various smart devices, including devices and environmental tracking or sensing systems.

IoT

IoT Firmware Advertising Hacking

QNAP urges users to take action to protect devices against Brute-Force attacks

Security Affairs

MARCH 28, 2021

Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. “With increasing reports of brute-force attacks, QNAP urges its users to take immediate action to enhance the security of their devices.”

Manufacturing

Manufacturing Passwords Accountability Hacking

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

The FBI is working with private sector partners who manufacture smart devices to advise customers about the scheme and how to avoid being victimized. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Swatting). Pierluigi Paganini.

Passwords

Passwords Surveillance Manufacturing Accountability

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Security Affairs

FEBRUARY 26, 2020

A high-severity hardware vulnerability, dubbed Kr00k , in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. Cybersecurity researchers from ESET have discovered a new high-severity hardware vulnerability, dubbed Kr00k , that affects Wi-Fi chips manufactured by Broadcom and Cypress.

Encryption

Encryption Wireless Manufacturing Advertising

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

. “we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” SecurityAffairs – hacking, BrakTooth). Pierluigi Paganini.

Firmware

Firmware Manufacturing IoT Technology

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Passwords

Passwords Manufacturing Advertising Firmware

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. Department of Homeland Security described IoT security as a matter of homeland security. IoT devices expose users to two main weaknesses. The first is the very well-known lack of device security.

IoT

IoT Cybersecurity VPN Internet

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

NAS servers are a privileged target for hackers because they normally store large amounts of data.The ransomware was targeting poorly protected or vulnerable NAS servers manufactured by QNAP, threat actors exploited known vulnerabilities or carried out brute-force attacks. SecurityAffairs – hacking, QNAP NAS ). Pierluigi Paganini.

Internet

Internet Internet Ransomware Encryption

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Security Affairs

NOVEMBER 19, 2019

“After disclosing these findings to Google, they shared the report with other Android manufacturers, and Samsung confirmed the vulnerabilities existed in their smartphones as well. ” reads the report published by Checkmarx. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Surveillance

Surveillance Manufacturing Advertising IoT

Tridium Niagara framework affected by 2 flaws in BlackBerry QNX OS

Security Affairs

OCTOBER 1, 2019

The Niagara framework is widely adopted, especially in the commercial facilities, government facilities, critical manufacturing and IT sectors. The security flaws impact Niagara AX 3.8u4, 4.4u3 and 4.7u1. SecurityAffairs – Tridium, IoT). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Advertising Manufacturing Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch data-stealing malware. SecurityAffairs – hacking, QSnatch). Pierluigi Paganini.

Malware

Malware Firmware Advertising Manufacturing

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices. SecurityAffairs – hacking, QSnatch). The post QNAP urges users to update Malware Remover after QSnatch joint alert appeared first on Security Affairs. Pierluigi Paganini.

Malware

Malware Advertising Passwords Manufacturing

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

Like any other criminal hack. So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. It’s about challenging our expectations about the people who hack for a living.

Hacking

Hacking Energy and Utilities Manufacturing Firmware

IoT devices at major Manufacturers infected with crypto-miner

NCSC: New UK law bans default passwords on smart devices

Trending Sources

Hacking IoT & RF Devices with BürtleinaBoard

Updated Kmsdx botnet targets IoT devices

Access:7 flaws impact +150 device models from over 100 manufacturers

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

MITRE released EMB3D Threat Model for embedded devices

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Unraveling the truth behind the DDoS attack from electric toothbrushes

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Who is behind the Mozi Botnet kill switch?

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

An RCE in Annke video surveillance product allows hacking the device

Realtek SDK flaws exploited to deliver Mirai bot variant

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Hackers claim to have compromised 50,000 home cameras and posted footage online

Siemens Metaverse exposes sensitive corporate data

Toyota Italy accidentally leaked sensitive data

Security Affairs newsletter Round 326

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

Top cybersecurity Predictions for 2020

Mozi infections will slightly decrease but it will stay alive for some time to come

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Interview With a Crypto Scam Investment Spammer

Security Affairs newsletter Round 250

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

QNAP urges users to take action to protect devices against Brute-Force attacks

FBI warns swatting attacks on owners of smart devices

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Over 600k GPS trackers left exposed online with a default password of ‘123456’

IoT and Cybersecurity: What’s the Future?

How to secure QNAP NAS devices? The vendor’s instructions

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Tridium Niagara framework affected by 2 flaws in BlackBerry QNX OS

QSnatch malware infected over 62,000 QNAP NAS Devices

QNAP urges users to update Malware Remover after QSnatch joint alert

The Hacker Mind Podcast: Hacking Industrial Control Systems

Stay Connected