Internet of Things

Pierluigi Paganini August 13, 2019
Flaws in 4G Routers of various vendors put millions of users at risk

Security expert discovered multiple flaws in 4G routers manufactured by several companies, some of them could allow attackers to take over the devices. G Richter, a security researcher at Pen Test Partners discovered multiple vulnerabilities 4G routers manufactured by different vendors. The issue includes information leak flaws and code execution vulnerabilities. The expert presented the […]

Pierluigi Paganini August 11, 2019
Security Affairs newsletter Round 226

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! DealPly adware abuses reputation services to remain […]

Pierluigi Paganini August 07, 2019
The number of exploits in the Echobot botnet reached 59

The operators behind the recently discovered Echobot botnet added tens of new exploits to infect a broad range of systems worldwide. In June, experts at PaloAlto Networks uncovered a new botnet, dubbed Echobot that is based on the dreaded Mirai botnet. At the time of its discovery, operators added 8 new exploits, but a few weeks later the […]

Pierluigi Paganini August 06, 2019
Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […]

Pierluigi Paganini July 30, 2019
Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security experts at Armis have discovered a dozen zero-day vulnerabilities affecting the VxWorks real-time operating systems (RTOS) for embedded devices. Researchers at Armis Labs have discovered a dozen zero-day flaws in the VxWorks real-time operating systems (RTOS) for embedded devices. The collection of vulnerabilities was dubbed URGENT/11, it includes 11 flaws, 6 of which are […]

Pierluigi Paganini July 14, 2019
For nearly a year, Brazilian users have been targeted with router attacks

Brazilian users have been targeted by a large number of router attacks aimed at modifying the configuration of their routers for malicious purposes. This year, security experts at Avast have blocked more than 4.6 million cross-site request forgery (CSRF) attempts carried out by crooks to execute commands without the users’ knowledge. The campaign uncovered by […]

Pierluigi Paganini July 12, 2019
New Miori botnet has a unique protocol for C2 communication

A new variant of the implements a unique protocol to communicate with Command and Control infrastructure A new variant of the Miori botnet uses a unique protocol to communicate with C&C infrastructure, it implements a protection mechanism to access the login panel. The Miori bot borrows the code from the dreaded Mirai malware. it first […]

Pierluigi Paganini July 11, 2019
A new NAS Ransomware targets QNAP Devices

Malware researchers at two security firms Intezer and Anomali have discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. Experts at security firms Intezer and Anomali have separately discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. NAS servers are a privileged target for hackers because they normally store […]

Pierluigi Paganini July 03, 2019
Chinese smart home solutions vendor Orvibo leaks two billion user logs

Experts found a Chinese smart home solutions vendor that has been leaking billions of logs from devices managed via its cloud platform. Experts at vpnMentor discovered a massive data leak in Orvibo’s user database. The research team, led by Noam Rotem and Ran Locar, has found an open database managed by Orvibo Smart Home vendor. […]

Pierluigi Paganini June 30, 2019
Vulnerability in Medtronic insulin pumps allow hacking devices

Medtronic and the US government have warned that some Medtronic MiniMed insulin pumps are vulnerable to cyber attacks. Medtronic and the United States government have warned of a security vulnerability affecting some Medtronic MiniMed insulin pumps that could be exploited by hackers. The Department of Homeland Security (DHS) and Medtronic, and the Food and Drug […]