CyberSecurity Insiders

MARCH 25, 2021

billion IoT devices active across the world – a figure that is expected to grow to 75 billion by 2025. This tripling will be a phenomenal feat to achieve in the next four years and relies upon IoT projects that are currently planned or under development to mature quickly. 1 Consider using generic IoT service modules.

IoT 100

IoT Authentication Passwords Data collection 100

Security Affairs

JANUARY 19, 2020

The availability online of a new collection of Telnet credentials for more than 500,000 servers, routers, and IoT devices made the headlines. This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. ” reported ZDNet.

IoT 82

IoT DDOS InfoSec Internet 82

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 92

Hacking Firmware Authentication DNS 92

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

SEPTEMBER 22, 2021

. “ “This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.” Pierluigi Paganini.

Hacking 106

Hacking Firmware IoT Internet 106

Security Affairs

NOVEMBER 15, 2023

In the Elasticsearch instance, researchers stumbled upon 16 indices named “hacked[_id]” that are likely Indicators of Compromise (IoC). IoCs are pieces of evidence or data that suggest a security incident or breach has occurred. The data was first indexed by IoT devices on March 8th, 2023.

Passwords 96

Passwords Identity Theft Social Engineering Spyware 96

Security Affairs

AUGUST 31, 2019

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. IoT #malware branches seen in ????????

IoT 76

IoT Passwords Advertising Malware 76

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. . SecurityAffairs – hacking, routers). Follow me on Twitter: @securityaffairs and Facebook.

Manufacturing 138

Manufacturing IoT Firmware VPN 138

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Non-encrypted data, insecure protocols and poor user authentication mechanisms are among the security issues that leave seismological networks open to breaches, the authors note.

IoT 128

IoT InfoSec Data collection Encryption 128

Security Affairs

SEPTEMBER 4, 2019

Kenneth Currin Schuchman (21) from Vancouver, Washington pleaded guilty to creating and operating multiple DDoS IoT botnet , including Satori. Kenneth Currin Schuchman (21) from Vancouver, Washington, aka Nexus Zeta, pleaded guilty to creating and operating multiple DDoS IoT botnets. Pierluigi Paganini.

IoT 80

IoT DDOS Internet Internet 80

Security Affairs

OCTOBER 21, 2021

These emails persuade employees to reveal passwords for important applications or download malicious files to their devices. Using stolen passwords is an easy way to masquerade as a genuine user and access sensitive information or infiltrate deeper into your network. IoT Devices. Conclusion.

IoT 113

IoT Phishing Passwords Scams 113

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. The configuration of the VPN solutions is important to keep organizations secure and to avoid dangerous surprises. .” SecurityAffairs – hacking, Fortigate VPN).

VPN 111

VPN Hacking IoT Advertising 111

Security Affairs

AUGUST 23, 2022

“This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.”. SecurityAffairs – hacking, Hikvision).

Hacking 112

Hacking Firmware Internet Internet 112

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The website ruexfil.com provided detailed information about the attacks against Moscollector, the hackers also published screenshots of monitoring systems, servers, and databases they claim to have compromised.

Malware 117

Malware Firmware IoT Hacking 117

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords 90

Passwords Advertising Firmware Authentication 90

Security Affairs

SEPTEMBER 2, 2019

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “This one seems to target enterprise systems.”

IoT 86

IoT Cryptocurrency Malware System Administration 86

Security Affairs

FEBRUARY 8, 2024

Market Size: The AI cyber security market was worth around $17.4 IoT Vulnerabilities: With the proliferation of Internet of Things (IoT) devices, the number of IoT-related cyber attacks is expected to increase by 25% in 2024. As a precaution, they revoked all security certificates and passwords for their web portal.

Social Engineering 115

Social Engineering Cyber Attacks Cyber Insurance IoT 115

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT 112

IoT DDOS Malware Firmware 112

Security Affairs

AUGUST 5, 2022

Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. SecurityAffairs – hacking, RapperBot). Once stored public keys stored in ~/.ssh/authorized_keys,

IoT 133

IoT Malware Passwords Authentication 133

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords 79

Passwords Manufacturing Advertising Firmware 79

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Now researchers from Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. .

IoT 102

IoT DNS Manufacturing Firmware 102

Security Affairs

NOVEMBER 16, 2023

The data store was left accessible for at least 87 days, as the internet-scanning IoT search engines indexed the data for the first time on July 8th, 2023. This highlights the importance of ensuring that access to company-wide security tools remains private and only available to authorized personnel,” researchers concluded.

IoT 103

IoT Government Cyber threats Software 103

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. ” reported The New Paper.”

IoT 124

IoT Internet Internet Hacking 124

Security Affairs

DECEMBER 9, 2022

Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. SecurityAffairs – hacking, WAF). Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors.

Firewall 133

Firewall Wireless IoT Hacking 133

Security Affairs

JUNE 20, 2023

Researchers from AhnLab Security Emergency response Center (ASEC) have uncovered an ongoing hacking campaign, aimed at poorly protected Linux SSH servers, to install the Tsunami DDoS botnet (aka Kaiten). The bot primarily targets IoT devices along with Linux servers with brute force attacks. 48 sxit sxit 124.160.40[.]94

DDOS 78

DDOS Malware Passwords Accountability 78

Security Affairs

JANUARY 11, 2021

American technology vendor Ubiquiti Networks suffered a data breach and is sending out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Ubiquiti).

Data breaches 106

Data breaches Passwords Accountability IoT 106

Security Affairs

FEBRUARY 6, 2021

Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take control of a device’s wireless communications. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

IoT 97

IoT Wireless Authentication Passwords 97

Security Affairs

DECEMBER 10, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 83

Data breaches Ransomware Hacking Financial Services 83

Security Affairs

JULY 20, 2022

million vehicles can allow hackers to remotely hack them. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 SecurityAffairs – hacking, MiCODUS). million vehicles.

Manufacturing 99

Manufacturing Passwords Mobile Authentication 99

Security Affairs

OCTOBER 27, 2022

Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. This instance left sensitive data open and was already indexed via popular IoT [internet of things] search engines. Original post at [link].

IoT 112

IoT Engineering Passwords Media 112

Security Affairs

MARCH 17, 2022

We published this tool to help customers ensure these IoT devices are not susceptible to these attacks.” TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities.

Malware 117

Malware DNS Passwords Ransomware 117

Security Affairs

MAY 14, 2023

Researchers from FortiGuard Labs first discovered the previously undetected RapperBot IoT botnet in August, and reported that it is active since mid-June 2022. ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. ” We are in the final!

IoT 91

IoT Malware Passwords Authentication 91

Security Affairs

NOVEMBER 16, 2022

Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT botnet in August, and reported that it is active since mid-June 2022. ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. SecurityAffairs – hacking, RapperBot).

DDOS 96

DDOS IoT Malware Architecture 96

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. form [sic] hackers on public networks.”

Malware 211

Malware VPN Internet Internet 211

Security Affairs

MAY 15, 2021

The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. Devices using weak passwords may be susceptible to attack.” ” The company recommends customers to perform the following actions: Use stronger passwords for your administrator accounts. .

Ransomware 90

Ransomware Passwords IoT Internet 90

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Street @jaysonstreet.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

MAY 7, 2021

Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place. Can’t come up with a strong password? What were we looking at?

Passwords 123

Passwords Authentication Identity Theft Engineering 123