IoT | SC Media

IoT

Flaws in Imperial, Dabman web radios could lead to full compromise

Researchers have disclosed a pair of vulnerabilities in multiple Imperial and Dabman-branded web radios that could allow malicious actors to remotely compromise the IoT devices. Telestar Digital GmbH, the company that manufacturers the web radios, has patched both problems, according to a security advisory yesterday from Vulnerability Lab, whose researchers made the discovery. Several reports…

RCE bug found in platform that powers Wikipedia, other "Wiki" sites

Wikipedia knocked offline by DDoS attack

Wikipedia was hit late last week with a sustained DDoS attack knocking it offline in many parts of the world. Wikipedia’s parent organization Wikimedia posted a statement on Sept. 7 saying it was under attack and working to return to normal operations, but posted on Twitter on Sept. 6 that it was suffering intermittent outages.…

Russian hacking group STRONTIUM attacking corporate IoT devices, Microsoft says

A state-backed Russian hacking group, dubbed STRONTIUM, has been attacking corporate IoT devices, according to a blog post recounting the finds of researchers at Microsoft Threat Intelligence Center. In April, the researchers “discovered infrastructure of a known adversary communicating to several external devices as well as “attempts by the actor to compromise popular IoT devices (a…

Lucky break: Cracked windshield helps hacker find bug in Tesla

Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…

Dire straights: Glamoriser smart hair straighteners susceptible to hacking, warn researchers

Here’s some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile…

homesecurityiotdevice_1259556

New eCh0raix ransomware now hitting QNAP NAS drives

Anomali has unveiled a new ransomware variant that is targeting network attached storage (NAS) devices made by QNAP Systems. The ransomware, dubbed eCh0raix after a line in the code, was first spotted in June when a discussion regarding it appeared in Bleeping Computer’s forums. At this point it is not widespread and for reasons and…

D-Link agrees to overhaul security in FTC settlement

D-Link agreed to make several security enhancements that overhaul the firm’s security platform to settle a Federal Trade Commission (FTC) litigation case concerning allegations that the company misrepresented the security of its products.  The case stems from a 2017 complaint against D-Link for the company’s routers and IoT cameras leaving sensitive consumer information, including live…

homesecurityiotdevice_1259556

Silex bricks 2,000 plus IoT devices, 14 year-old author has bigger plans for botnet

A new malware dubbed Silex has bricked at least 2,000 IoT devices in an ongoing campaign that is expected to intensify in the coming days. In the early hours of June 25, Akamai researcher Larry Cashdollar first spotted the malware targeting Unix-based systems with default credentials and trashing the device’s storage, dropping its firewall rules, removing…

Next post in Malware