Information Security, IoT and Manufacturing

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? Pierluigi Paganini.

Manufacturing

Manufacturing IoT Malware Cryptocurrency

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

Experts discovered an undocumented hidden feature in the ESP32 microchip manufactured by Espressif, which is used in over 1 billion devices. At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif.

Manufacturing

Manufacturing IoT Firmware Mobile

New PumaBot targets Linux IoT surveillance devices

Security Affairs

MAY 28, 2025

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. ” states the report.

Surveillance

Surveillance IoT Malware Manufacturing

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. .

Firmware

Firmware Manufacturing IoT Healthcare

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Security Affairs

MARCH 23, 2021

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. ” . Pierluigi Paganini.

Wireless

Wireless Manufacturing Ransomware Mobile

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

How to hack IoT & RF Devices with BürtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e. The post Hacking IoT & RF Devices with BürtleinaBoard appeared first on Security Affairs.

IoT

IoT Hacking Firmware Advertising

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. “Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent.”reads

Manufacturing

Manufacturing IoT Authentication Financial Services

WEF Outlines Path to Cyber Resilience for Manufacturing Sector

SecureWorld News

MAY 29, 2024

The manufacturing sector faces an increasingly daunting cyber threat landscape that puts production operations, intellectual property, and entire supply chains at risk. Manufacturers must make cyber resilience a fully institutionalized part of their organizational identity." trillion annually. "

Manufacturing

Manufacturing CISO Cyber threats Artificial Intelligence

ISO/IEC 27400 IoT security and privacy standard published

Notice Bored

JUNE 13, 2022

To celebrate the publication of ISO/IEC 27400:2022 today, we have slashed the price for our IoT security policy templates to just $10 each through SecAware.com. IoT policy is the first of the basic security controls shown on the 'risk-control spectrum' diagram above, and is Control-01 in the new standard.

IoT

IoT Manufacturing Risk Information Security

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

This flaw potentially affects millions of IOT devices manufactured by no less than 17 vendors, including some ISPs. . The ongoing attacks were spotted by researchers from Juniper Threat Labs , experts believe that were conducted by a threat actor that targeted IoT devices in a campaign since February. Pierluigi Paganini.

IoT

IoT Firmware Authentication Wireless

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. More recently, Sultan Qasim Khan, a principal security adviser with a UK-based security firm, tricked a Tesla into thinking the driver was inside by rerouting communication between the automaker’s mobile app and the car.

Malware

Malware Manufacturing IoT Software

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” .” reads the analysis published by Akamai. ” concludes the report.

Manufacturing

Manufacturing Malware Firmware IoT

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. IoT #malware branches seen in ????????

IoT

IoT Passwords Advertising Malware

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. Pierluigi Paganini.

Manufacturing

Manufacturing IoT Firmware VPN

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. Kunz and his colleagues were able to brute-force the IoT radio in just 10 minutes and achieve root access with full privileges. .

IoT

IoT Hacking Firmware Advertising

A people counter that didn’t add up and the dangers of the COVID IoT boom

SC Magazine

FEBRUARY 4, 2021

” The lesson for chief information security officers extends beyond a single IoT device that might have a vulnerability — lots of devices do. The lesson is that COVID-19 created an immediate demand for social distancing and safety products, where security concerns and testing might fall to the wayside. Recent U.S.

IoT

IoT Media Marketing Retail

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Security Affairs

MARCH 12, 2025

Named after the ancient Roman weapon, Ballista targets TP-Link Archer routers and has affected manufacturing, healthcare, services, and tech sectors in the U.S., “IoT devices have been constantly targeted by threat actors for multiple reasons” concludes the report. Australia, China, and Mexico.

IoT

IoT Malware Encryption DDOS

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

Apart from the electronic toothbrush mess, the Internet of Things (IoT) are privileged targets for many threat actors. Some cases underscore the urgency of securing our smart homes. IoT devices, such as smart fridges, smart meters, or thermostats, are often designed with connectivity in mind, but lack of security.

DDOS

DDOS IoT Media Internet

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019.

IoT

IoT DNS Manufacturing Firmware

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

The news is not surprising, unfortunately in many cases IoT devices, including IP cameras, are deployed without proper security measures. In 2017, thousands of IP cameras have been hijacked by the Persirai IoT botnet that targeted more than 1,000 IP camera models. ” continues the article.

IoT

IoT Internet Internet Hacking

Who is behind the Mozi Botnet kill switch?

Security Affairs

NOVEMBER 2, 2023

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extended the list of targets.

IoT

IoT Manufacturing Malware Hacking

MITRE released EMB3D Threat Model for embedded devices

Security Affairs

MAY 14, 2024

Automotive, healthcare, and manufacturing), including critical infrastructure. MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. The threat model provides a knowledge base of cyber threats to embedded devices.

Manufacturing

Manufacturing Healthcare IoT Cyber threats

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

JANUARY 22, 2024

23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex. Thanks to the analysis and help of Sternum IoT, ChargePoint was able to correct weaknesses in CPH50, reduce the attack surface and thus improve the security of the product.

IoT

IoT InfoSec Firmware Manufacturing

14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries

Security Affairs

OCTOBER 2, 2024

Of the 14 security flaws nine are rated high, and three are rated medium in severity. The flaws impact residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical.

Wireless

Wireless Manufacturing IoT Hacking

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

The state of IoT is poor enough as it is, security wise. But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. Focus on cyber security awareness and training. Disable hyperlinks in received emails.

Ransomware

Ransomware Manufacturing Passwords Internet

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Security Affairs

DECEMBER 14, 2024

Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware. Claroty’s Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by the Iran-linked threat actors to target devices in infrastructure located in Israel and U.S. ” concludes the report.

IoT

IoT Malware DNS Antivirus

The Rise of Data Sovereignty and a Privacy Era

SecureWorld News

JUNE 24, 2024

The TRIAD Model During my career as a CISO, I relied on my TRIAD Model to envision, enact, and mobilize Information Security & Privacy strategic planning and roadmap execution activities with foundational pillars as illustrated below. RELATED: Cybersecurity Labeling of IoT Devices: Will It Happen in 2023? ]

IoT

IoT InfoSec Artificial Intelligence Risk

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

.” Experts confirmed that more issues are still under disclosure and that the list of impacted SoC vendors is longer, and the number of IoT products designed on top of vulnerable SoCs still need independent patches from their respective vendors. “ SweynTooth highlights concrete flaws in the BLE stack certification process.

IoT

IoT Firmware Advertising Hacking

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

SEPTEMBER 17, 2019

In this phase of the project that started in 2013 ( SOHOpelessly Broken 1.0 ) , the researchers assessed the security of 13 SOHO router and NAS devices and found a total of 125 new vulnerabilities. . This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices.”

Manufacturing

Manufacturing IoT Advertising Authentication

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698. “When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. .” ” reads the advisory.

Wireless

Wireless Firmware Manufacturing Hacking

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Unfortunately, often manufacturers sell older OS versions as newer ones. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware

Malware Firmware Antivirus Manufacturing

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Earlier in August, Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE.

IoT

IoT DNS Manufacturing Passwords

Security Affairs newsletter Round 250

Security Affairs

FEBRUARY 9, 2020

Japanese defense contractors Pasco and Kobe Steel disclose security breaches. IoT devices at major Manufacturers infected with crypto-miner. RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software. Facebooks official Twitter and Instagram accounts hacked by OurMine.

Banking

Banking Advertising Ransomware DDOS

Top cybersecurity Predictions for 2020

Security Affairs

DECEMBER 27, 2019

In 2020, the number of attacks associated with Advanced Persistent Threat actors that haven’t been previously identified by the security researchers will increase. 3) IoT devices under attack. We will see a rapid increase in the number of IoT botnets, even if most of them will be based on the best-known bot (i.e.,

Cybersecurity

Cybersecurity IoT Ransomware Advertising

From a tech explosion to accidental cyberattacks, researchers offer a glimpse into 2030

SC Magazine

MAY 17, 2021

But what might they offer the front-facing information security officer – someone with a ten-year plan, wondering what to prepare for down the line? The project envisions security changes brought from massively increased work from home, pervasive (and more invasive) wearable health monitors, even recreational neural implants.

Manufacturing

Manufacturing IoT Technology Artificial Intelligence

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Below is our esteemed panel of SC Awards judges, contributing from health care, engineering, finance, education, manufacturing, nonprofit and consulting, among others. Prior to Mastercard, Abdullah was the chief information security officer at Xerox, where she established and led a corporate-wide information risk management program.

Computers and Electronics

Computers and Electronics Technology Information Security Education

Security Affairs newsletter Round 326

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN

VPN Ransomware Manufacturing IoT

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Security Affairs

FEBRUARY 26, 2020

A high-severity hardware vulnerability, dubbed Kr00k , in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. Cybersecurity researchers from ESET have discovered a new high-severity hardware vulnerability, dubbed Kr00k , that affects Wi-Fi chips manufactured by Broadcom and Cypress.

Encryption

Encryption Wireless Manufacturing Advertising

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Security Affairs

AUGUST 8, 2023

designs, manufactures, sells, and services medical devices and software products for treating cancer and other medical conditions worldwide. The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. Varian Medical Systems, Inc.

Ransomware

Ransomware Manufacturing IoT Healthcare

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Passwords

Passwords Manufacturing Advertising Firmware

IoT devices at major Manufacturers infected with crypto-miner

Undocumented hidden feature found in Espressif ESP32 microchip

Trending Sources

New PumaBot targets Linux IoT surveillance devices

PTZOptics cameras zero-days actively exploited in the wild

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Hacking IoT & RF Devices with BürtleinaBoard

Access:7 flaws impact +150 device models from over 100 manufacturers

WEF Outlines Path to Cyber Resilience for Manufacturing Sector

ISO/IEC 27400 IoT security and privacy standard published

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Updated Kmsdx botnet targets IoT devices

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

A people counter that didn’t add up and the dangers of the COVID IoT boom

NCSC: New UK law bans default passwords on smart devices

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Realtek SDK flaws exploited to deliver Mirai bot variant

Unraveling the truth behind the DDoS attack from electric toothbrushes

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Hackers claim to have compromised 50,000 home cameras and posted footage online

Who is behind the Mozi Botnet kill switch?

MITRE released EMB3D Threat Model for embedded devices

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries

FBI warns of ransomware threat to food and agriculture

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

The Rise of Data Sovereignty and a Privacy Era

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

D-Link addressed three critical RCE in wireless router models

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs newsletter Round 250

Top cybersecurity Predictions for 2020

From a tech explosion to accidental cyberattacks, researchers offer a glimpse into 2030

Meet the 2021 SC Awards judges

Security Affairs newsletter Round 326

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Stay Connected