FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (

Let’s start with the bad news. Cybersecurity breaches can be particularly devastating for supply chains, which involve multiple parties and sensitive information. As operational technology (OT) devices become increasingly connected, blurring the gap between IT and OT environments, the risk of hackers targeting sensitive supply chain data increases. Now, for

Last week on Malwarebytes Labs: TikTok: What’s going on and should I be worried? Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer Big changes to Twitter verification: How to spot a verified account New macOS malware steals sensitive info, including a user's entire Keychain database Pre-ransomware notifications are paying off right

A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home. A Medium post by researcher Sam Sabetan reveals the details. At the tail end of 2022, Sam discovered

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. In late 2022, the researcher Sam Sabetan discovered a series of critical vulnerabilities in several smart devices manufactured by Nexx, including Smart Garage Door Openers, Alarms, and Plugs. A re

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion a

A new form of attack named “Near Ultrasound Inaudible Trojan” (NUIT) has been unveiled by researchers from the University of Texas. NUIT is designed to attack voice assistants with malicious commands remotely via the internet. Impacted assistants include Siri, Alexa, Cortana, and Google Assistant. This attack relies on abusing the high sensitivit

Traditionally, operational technology (OT) and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age.1 The rise of manufacturing execution systems has enabled more “smart factories” to deliver improved manageability and data collection. While increas

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inje

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America

A couple of critical vulnerabilities have been discovered in Netcomm rourers, experts warn of their potential exploitation in the wild. The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication bypass, respectively tracked as CVE-2022-4873 and CVE-2022-4874. Both issues impact the Netcomm router mo

The White House’s National Security Council (NSC) is working on an ambitious project to improve consumer Internet of Things (IoT) security through industry-standard labeling. If successful, the labeling system will replace existing frameworks across the globe. Modeled after the EPA’s Energy Star labeling program, the IoT labeling initiative shou

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malw

Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. The IT giant tracks this cluster of ac

On August 4, 2022, Microsoft publicly shared a framework that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework (S2C2F), previously the Open Source Software-Supply Chain Security (OSS-SSC) Framework. As a massive consumer of and contributor to open source, Microsoft understands the importance