Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possibl

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as Embedded Gentoo. Because the library maintainer was unable t

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of al

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mir

Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol 

Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate. The BotenaGo botnet was first spotted in November 2021 by researchers at AT&T, the malicious code leverages thirty-three exploits to target millions of routers and IoT devices. BotenaGo was written in Golang (Go) an

h2>Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited by threat actors to execute arbitrary code and access camera feeds. The three flaws reported by the

h2>The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy published joint guidance on mitigating cyber attacks against uninterruptible power supply (UPS) devices. The US agencies warn of

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a

In 2017, the number of connected devices surpassed the world’s human population. That’s a lot of things. However, many of them were not built with security in mind. It didn’t take long for attackers to take advantage of Internet of Things (IoT) vulnerabilities.  One case in 2016 saw threat actors take down Dyn, a company that managed

The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS routers. The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGu

As more services move ever cloud-wards, so too do thoughts by attackers as to how best exploit them. With all that juicy data sitting on someone else’s servers, it’s essential that they run a tight ship. You’re offloading some of your responsibility onto a third party, and sometimes things can go horribly wrong as a result. Whether it’s the third party being

Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire announced the results of a survey in which 99% of security professionals said that they had experienced challenges se

Taiwanese vendor QNAP warns most of its NAS devices are impacted by high severity Linux vulnerability dubbed ‘Dirty Pipe.’ Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’ An attacker with local access can exploit th

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the p