Internet of Things

Pierluigi Paganini February 06, 2020
Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Check Point experts discovered a high-severity flaw in Philips Hue Smart Light Bulbs that can be exploited to gain entry into a targeted WiFi network. Security experts from Check Point discovered a high-severity flaw (CVE-2020-6007) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. Lightbulbs could be remotely […]

Pierluigi Paganini January 21, 2020
The Mystery of Fbot

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. This is not the first time Fbot analysis has been published, and also Fbot binaries have been actively infecting […]

Pierluigi Paganini January 19, 2020
Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

The availability online of a new collection of Telnet credentials for more than 500,000 servers, routers, and IoT devices made the headlines. A hacker has published online a massive list of Telnet credentials for more than 515,000 servers and smart devices, including home routers. This is the biggest leak of Telnet passwords even reported. According […]

Pierluigi Paganini January 09, 2020
Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

An operation coordinated by Interpol, dubbed Goldfish Alpha, dismantled an illegal cryptocurrency network operating in Southeast Asia Interpol announced that it has coordinated a successful international operation aimed at removing cryptocurrency miners that infected routers located in Southeast Asia. The operation sees the contribution of Trend Micro, law enforcement and CERTs from ASEAN countries, including […]

Pierluigi Paganini January 07, 2020
Google blocks Xiaomi integrations on Nest hub over privacy concerns

Google has recently disabled all Xiaomi smart home integrations on Nest Hub after being informed that some users could access other people’s camera feeds.  On January 1st, 2020, a Reddit user (‘/u/Dio-V’) posted a discussion revealing that Nest Hub was able to access feeds from other Xiaomi cameras. As proof of the issue, the user […]

Pierluigi Paganini December 29, 2019
Security experts disclosed Wyze data leak

IoT vendor Wyze announced that one of its servers exposed the details of roughly 2.4 million customers. IoT vendor Wyze announced that details of roughly 2.4 million customers were accidentally exposed online. The company produces inexpensive smart home products and wireless cameras.  The leak was reported to Wyze on December 26th at around 10:00 AM […]

Pierluigi Paganini December 25, 2019
New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

A new Mozi P2P botnet is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. Security experts from 360 Netlab spotted a new Mozi P2P botnet that is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. According to the researchers, […]

Pierluigi Paganini December 18, 2019
Trend Micro observed notable malware activity associated with the Momentum Botnet

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Experts revealed details on the tools and techniques used by the botnet to compromise Linux devices […]

Pierluigi Paganini December 17, 2019
TP-Link Archer routers allow remote takeover without passwords

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. TP-Link addressed a critical zero-day vulnerability (CVE-2017-7405) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was […]

Pierluigi Paganini December 15, 2019
Security Affairs newsletter Round 244

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs SEC Xtractor – Experts released an open-source hardware analysis tool US authorities charged Dridex gang members for stealing over $100 Million A bug in the decryptor for the Ryuk ransomware could cause data loss China 3-5-2 directive orders […]