Internet of Things

Pierluigi Paganini December 29, 2018
Guardzilla Security Video System Footage exposed online

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. The flaw was discovered by the researchers Nick McClendon, Andrew Mirghassemi, Charles Dardaman, INIT_6 and Chris, from 0DayAllDay, the issue was reported […]

Pierluigi Paganini December 24, 2018
Hacking the Twinkly IoT Christmas lights

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. Security researchers from MWR InfoSecurity have discovered some flaws in the Twinkly IoT lights that could be exploited to display custom lighting effects and to remotely turn off their Christmas brilliance. […]

Pierluigi Paganini December 24, 2018
Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not. Ankit Anubhav, a principal researcher at NewSky Security, discovered a vulnerability in some models of Huawei routers that could be exploited by attackers to determine whether the devices have […]

Pierluigi Paganini December 23, 2018
Security Affairs newsletter Round 193 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Twitter fixed bug could have exposed Direct Messages […]

Pierluigi Paganini December 21, 2018
5 IoT Security Predictions for 2019

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019 Insights from VDOO’s leadership 2018 was the year of the Internet of Things (IoT) – massive attacks and various botnets, a leap in regulation and standards, and increased adoption […]

Pierluigi Paganini December 16, 2018
Security Affairs newsletter Round 192 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! STOLEN PENCIL campaign, hackers target academic institutions. WordPress […]

Pierluigi Paganini December 04, 2018
M2M protocols can be abused to attack IoT and IIoT systems

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to a study conducted by experts from Trend Micro and the Polytechnic University of Milan. attackers abuse M2M protocols to target IoT and IIoT devices. The experts analyzed the M2M protocols, the […]

Pierluigi Paganini December 01, 2018
ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Over 270,000 connected devices run vulnerable implementations of UPnP, threat actors are attempting to recruit them in a multi-purpose botnet. In April, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP), experts tracked the botnet as UPnProxy.  Now the company provided an update to its initial analysis revealing […]

Pierluigi Paganini November 22, 2018
Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Security experts from Netscout Asert discovered more than ten Mirai bot variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers. These Mirai variants are the first one that doesn’t target Internet of Things devices, the bot was specifically developed to target Linux servers. The Hadoop YARN is vulnerability is a command injection […]

Pierluigi Paganini November 18, 2018
Security Affairs newsletter Round 189 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! ·      CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in […]