IoT | SC Media

IoT

IoT proliferation and widespread 5G: A perfect botnet storm

By now, we’ve heard the many promises of the 5G era. Organizations across industries are poised to take advantage of the enhancements 5G will bring to boost their products and services in ways that were difficult or expensive to achieve using 4G networks. The Internet of Things (IoT) is a big part of this shift,…

Mirai variant Mukashi searching out Zixel NAS devices

The new Mirai variant Mukashi is targeting Zyxel network attached storage (NAS) devices using brute force attacks based on the default admin credentials and then exploiting CVE-2020-9054. Palo Alto Networks Unit 42 said almost all Zyxel NAS products running firmware versions up to 5.21 are susceptible. CVE-2020-9054 is a pre-authentication command injection vulnerability, which may…

Can your network operator stop your smart washer from airing your dirty laundry?

Migration to 5G and the better connectivity it promises has also brought with it an equally burgeoning cybersecurity threat landscape. This, coupled with the proliferation of IoT devices that are fraught with inherent security flaws, means even bigger security woes for consumers. It is, therefore, no wonder that Americans are more worried about cybercrime than…

patch flaw vulnerability

ZyXEL NAS devices receive critical firmware patch

The Software Engineering Institute CERT Coordination Center advised that several ZyXEL network-attached storage devices contain a pre-authentication command injection vulnerability. CVE-2020-9054, if exploited, could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. The problem is it uses the weblogin.cgi CGI executable for authentication and that program fails to properly sanitize…

Philips WiFi light bulb vulnerable to attack

The light given off by some WiFi light bulbs may expose more than just a dark room as Check Point researchers have found a vulnerability in Philips Hue smart bulbs and bridge enabling them to remotely infiltrate the device. The specific vulnerability is CVE-2020-6007 a Heap-based Buffer Overflow that occurs when handling a long ZCL…

Mushtik botnet now shopping for Tomato routers

A new variant of the Mushtik botnet has been found attacking routers using the open-source Tomato router firmware with about 4.600 routers currently exposed on the internet. Musthtik has been operating since March 2018 using a worm-like propagating ability to infect and harvest Linux servers and IoT devices. The good news is the new variant…

Cable Haunt RCE vulnerability exposes millions of modems to exploitation

Researchers have disclosed the discovery of a critical remote code execution vulnerability in millions of Broadcom cable modems, including about 200 million in Europe alone. Named Cable Haunt, the flaw consists of a combination of “lack of proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer” component of…

Attackers distill essence of Mirai IoT botnet into LiquorBot malware

Researchers recently uncovered another descendant of the Mirai Internet of Things botnet, this one featuring Monero cryptocurrency mining capabilities. Dubbed LiquorBot, the botnet malware is written in Go programming language and seems to use the same command-and-control infrastructure as Mirai. Sometimes, attack campaigns have even paired both LiquorBot and Mirai together in malicious dropper scripts,…

$1 billion deal sends Armis to Insight Partners

Armis was acquired by the venture capital firm Insight Partners in a $1.1 billion cash deal. The five-year-old Armis, which specializes in enterprise-level IoT security, will operate as an independent entity under the direction of its two co-founders Yevgeny Dibrov, CEO, and Nadir Izrael, CTO and the current executive team. The acquisition also involved the…

Google reportedly suspends integrations with Xiaomi smart camera due to software bug

Google this month reportedly suspended its integrations with Xiaomi-manufactured Internet of Things devices, after one user’s Xiaomi smart camera began showing images from strangers’ homes while the content was being streamed to a Google Nest Hub. As of Jan. 6, Google has restored all of its Assistant devices’ integrations with Xiaomi products, except for the…

Next post in IoT