Internet of Things

Pierluigi Paganini January 18, 2021
President Biden’s Peloton exercise equipment under scrutiny

President Joe Biden can’t bring his Peloton exercise equipment to the White House due to security reasons. According to a Popular Mechanics report, President Joe Biden is going to move to the White House and likely he will have to give up his Peloton exercise equipment for security reasons. Peloton exercise equipment’s popularity surged during […]

Pierluigi Paganini January 11, 2021
Source code for malware that targets Qiui Cellmate device was leaked online

The source code for the ChastityLock ransomware that was used in attacks aimed at the users of the Qiui Cellmate adult toy is now publicly available. Recently a family of ransomware was observed targeting the users of the Bluetooth-controlled Qiui Cellmate chastity device.  Qiui Cellmate made the headlines in October when the researchers at Pen Test Partners […]

Pierluigi Paganini January 02, 2021
FBI warns swatting attacks on owners of smart devices

The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called “swatting” attacks. Swatting attacks consist of hoax calls made to emergency services, typically reporting […]

Pierluigi Paganini January 01, 2021
Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, it could be exploited […]

Pierluigi Paganini December 15, 2020
Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Experts reported flaws in Medtronic ’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. MyCareLink Smart […]

Pierluigi Paganini December 08, 2020
QNAP fixed eight flaws that could allow NAS devices takeover

Network-attached storage (NAS) vendor QNAP addressed vulnerabilities that could enable attackers to take over unpatched NAS devices. The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities that could be exploited by attackers to over unpatched NAS devices. The list of vulnerabilities addressed by QNAP is available here, it includes XSS and command injection issues. […]

Pierluigi Paganini December 02, 2020
Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @BadPackets 5 days ago and it is still active as of now, December 1, 2020. The botnet carries two […]

Pierluigi Paganini October 27, 2020
Over 100 irrigation systems left exposed online without protection

Researchers found more than 100 smart irrigation systems running ICC PRO that were left exposed online without a password last month. Security experts from the Israeli security firm Security Joes discovered more than 100 irrigation systems running ICC PRO that were left exposed online without protection. ICC PRO is a top-shelf smart irrigation system designed by Motorola. […]

Pierluigi Paganini October 22, 2020
Taiwanese vendor QNAP issues advisory on Zerologon flaw

Taiwanese vendor QNAP published an advisory to warn customers that certain versions of its NAS OS (QTS) are affected by the Zerologon vulnerability. The Taiwanese vendor QNAP has published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices, also known as of QTS, are affected by […]

Pierluigi Paganini October 22, 2020
ENISA Threat Landscape Report 2020

According to the ENISA Threat Landscape Report 2020, cyberattacks are becoming more sophisticated, targeted, and in many cases undetected. I’m proud to present the ENISA Threat Landscape Report 2020, the annual report published by the ENISA that provides insights on the evolution of cyber threats for the period January 2019-April 2020. The 8th annual ENISA Threat Landscape […]