IoT | SC Media IoT

IoT

Mushtik botnet now shopping for Tomato routers

A new variant of the Mushtik botnet has been found attacking routers using the open-source Tomato router firmware with about 4.600 routers currently exposed on the internet. Musthtik has been operating since March 2018 using a worm-like propagating ability to infect and harvest Linux servers and IoT devices. The good news is the new variant…

Cable Haunt RCE vulnerability exposes millions of modems to exploitation

Researchers have disclosed the discovery of a critical remote code execution vulnerability in millions of Broadcom cable modems, including about 200 million in Europe alone. Named Cable Haunt, the flaw consists of a combination of “lack of proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer” component of…

Attackers distill essence of Mirai IoT botnet into LiquorBot malware

Researchers recently uncovered another descendant of the Mirai Internet of Things botnet, this one featuring Monero cryptocurrency mining capabilities. Dubbed LiquorBot, the botnet malware is written in Go programming language and seems to use the same command-and-control infrastructure as Mirai. Sometimes, attack campaigns have even paired both LiquorBot and Mirai together in malicious dropper scripts,…

$1 billion deal sends Armis to Insight Partners

Armis was acquired by the venture capital firm Insight Partners in a $1.1 billion cash deal. The five-year-old Armis, which specializes in enterprise-level IoT security, will operate as an independent entity under the direction of its two co-founders Yevgeny Dibrov, CEO, and Nadir Izrael, CTO and the current executive team. The acquisition also involved the…

Google reportedly suspends integrations with Xiaomi smart camera due to software bug

Google this month reportedly suspended its integrations with Xiaomi-manufactured Internet of Things devices, after one user’s Xiaomi smart camera began showing images from strangers’ homes while the content was being streamed to a Google Nest Hub. As of Jan. 6, Google has restored all of its Assistant devices’ integrations with Xiaomi products, except for the…

Finland agency launches smart device infosec certification program

The National Cyber Security Centre Finland (NCSC-FI) within Finnish regulatory agency Traficom today kicked off a smart device certification program designed to inform consumers if certain products meet basic information security standards. Devices that meet certification criteria, which are based on consumer Internet of Things standards from the European Telecommunications Standards Institute (ETSI), will receive…

Design flaw leaves Bluetooth devices vulnerable

An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking. Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers,…

Gafgyt variant exploits 3 devices to target game servers with DDoS attacks

Researchers have uncovered a new variant of Gafgyt malware (aka BASHLITE) that infects home and small-office routers and networking equipment in order to recruit them into a botnet that bombards gaming servers with distributed denial of service attacks. One of its attacks involves a payload is specifically designed to attack servers running Valve Corporation’s Source…

Report: Hotel chain modifies bed-facing robots to prevent unwanted spying

A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit. In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the…

Malicious voice apps can turn Alexa and Google Home devices into spies, say researchers

Cybercriminals could potentially develop malicious voice apps that turn Amazon Alexa devices and Google Home smart speakers into spy equipment that eavesdrops on users and even phishes for passwords, according to a new report. The report, from Germany-based Security Research Labs (SRLabs), warns that security lapses in the way Google Home and Alexa devices (such…

Next post in IoT