IoT | SC Media

IoT

Ripple20 bugs in scores of IoT devices reveal third-party code dangers

Hundreds of millions of Internet of Things (IoT) products use a TCP/IP software library containing severe vulnerabilities that can be exploited for remote code execution and complete device takeover, say researchers who also warn that the bug has been extremely difficult to track across the IoT supply chain due to liberal adoption of the third-party…

CallStranger bug in billions of devices can enable data exfiltration, DoS attacks

Billions of Internet of Things and Local Area Network devices that rely on the Universal Plug and Play (UPnP) protocol for discovery of and interaction with other devices are vulnerable to “CallStranger,” a bug that can be exploited to exfiltrate data, launch a denial of service attack or scan ports. The Windows 10 operating system,…

IoT proliferation and widespread 5G: A perfect botnet storm

By now, we’ve heard the many promises of the 5G era. Organizations across industries are poised to take advantage of the enhancements 5G will bring to boost their products and services in ways that were difficult or expensive to achieve using 4G networks. The Internet of Things (IoT) is a big part of this shift,…

Mirai variant Mukashi searching out Zixel NAS devices

The new Mirai variant Mukashi is targeting Zyxel network attached storage (NAS) devices using brute force attacks based on the default admin credentials and then exploiting CVE-2020-9054. Palo Alto Networks Unit 42 said almost all Zyxel NAS products running firmware versions up to 5.21 are susceptible. CVE-2020-9054 is a pre-authentication command injection vulnerability, which may…

Can your network operator stop your smart washer from airing your dirty laundry?

Migration to 5G and the better connectivity it promises has also brought with it an equally burgeoning cybersecurity threat landscape. This, coupled with the proliferation of IoT devices that are fraught with inherent security flaws, means even bigger security woes for consumers. It is, therefore, no wonder that Americans are more worried about cybercrime than…

patch flaw vulnerability

ZyXEL NAS devices receive critical firmware patch

The Software Engineering Institute CERT Coordination Center advised that several ZyXEL network-attached storage devices contain a pre-authentication command injection vulnerability. CVE-2020-9054, if exploited, could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. The problem is it uses the weblogin.cgi CGI executable for authentication and that program fails to properly sanitize…

Philips WiFi light bulb vulnerable to attack

The light given off by some WiFi light bulbs may expose more than just a dark room as Check Point researchers have found a vulnerability in Philips Hue smart bulbs and bridge enabling them to remotely infiltrate the device. The specific vulnerability is CVE-2020-6007 a Heap-based Buffer Overflow that occurs when handling a long ZCL…

Mushtik botnet now shopping for Tomato routers

A new variant of the Mushtik botnet has been found attacking routers using the open-source Tomato router firmware with about 4.600 routers currently exposed on the internet. Musthtik has been operating since March 2018 using a worm-like propagating ability to infect and harvest Linux servers and IoT devices. The good news is the new variant…

Cable Haunt RCE vulnerability exposes millions of modems to exploitation

Researchers have disclosed the discovery of a critical remote code execution vulnerability in millions of Broadcom cable modems, including about 200 million in Europe alone. Named Cable Haunt, the flaw consists of a combination of “lack of proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer” component of…

Next post in Vulnerabilities