HackDig : Dig high-quality web security articles

QNAP warns of a critical PHP flaw that could lead to remote code execution

Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possibl
Publish At:2022-06-23 08:10 | Read:186 | Comments:0 | Tags:Breaking News Hacking Internet of Things Security hacking ne

Unfixed vulnerability in popular library puts IoT products at risk

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as Embedded Gentoo. Because the library maintainer was unable t
Publish At:2022-05-04 12:48 | Read:761 | Comments:0 | Tags:Exploits and vulnerabilities dns poisoning IoT library mitm

A DNS flaw impacts a library used by millions of IoT devices

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of al
Publish At:2022-05-03 10:56 | Read:953 | Comments:0 | Tags:Breaking News Internet of Things Security DNS DNS hijacking

IoT and Cybersecurity: What’s the Future?

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mir
Publish At:2022-05-02 06:26 | Read:1065 | Comments:0 | Tags:Breaking News Internet of Things Security hacking news infor

Synology and QNAP warn of critical Netatalk flaws in some of their products

Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol 
Publish At:2022-05-01 10:56 | Read:839 | Comments:0 | Tags:Breaking News Hacking Internet of Things Security hacking ne

New BotenaGo variant specifically targets Lilin security camera DVR devices

Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate. The BotenaGo botnet was first spotted in November 2021 by researchers at AT&T, the malicious code leverages thirty-three exploits to target millions of routers and IoT devices. BotenaGo was written in Golang (Go) an
Publish At:2022-04-20 03:04 | Read:820 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Internet of Things Malware

Flaws in Wyze cam devices allow their complete takeover

h2>Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited by threat actors to execute arbitrary code and access camera feeds. The three flaws reported by the
Publish At:2022-04-01 03:03 | Read:1635 | Comments:0 | Tags:Breaking News Hacking Internet of Things Security hacking ne

CISA and DoE warns of attacks targeting UPS devices

h2>The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy published joint guidance on mitigating cyber attacks against uninterruptible power supply (UPS) devices. The US agencies warn of
Publish At:2022-03-30 13:05 | Read:800 | Comments:0 | Tags:Breaking News Internet of Things Security CISA DoE Hacking h

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices 

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a
Publish At:2022-03-22 18:13 | Read:1308 | Comments:0 | Tags:Cyber Crime Hacking Internet of Things Malware Cybercrime De

IoT Security and the Internet of Forgotten Things

In 2017, the number of connected devices surpassed the world’s human population. That’s a lot of things. However, many of them were not built with security in mind. It didn’t take long for attackers to take advantage of Internet of Things (IoT) vulnerabilities.  One case in 2016 saw threat actors take down Dyn, a company that managed
Publish At:2022-03-22 10:08 | Read:1246 | Comments:0 | Tags:Application Security Cloud Security Risk Management Security

Russia-linked Cyclops Blink botnet targeting ASUS routers

The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS routers. The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGu
Publish At:2022-03-18 10:21 | Read:1081 | Comments:0 | Tags:APT Breaking News Hacking Internet of Things Malware ASUS Ro

Clouding the issue: what cloud threats lie in wait in 2022?

As more services move ever cloud-wards, so too do thoughts by attackers as to how best exploit them. With all that juicy data sitting on someone else’s servers, it’s essential that they run a tight ship. You’re offloading some of your responsibility onto a third party, and sometimes things can go horribly wrong as a result. Whether it’s the third party being
Publish At:2022-03-17 12:47 | Read:1529 | Comments:0 | Tags:Cybercrime cloud cryptocurrency cryptowallet exploits hacks

How Tripwire Log Center and Tripwire Industrial Visibility Can Work Together

Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire announced the results of a survey in which 99% of security professionals said that they had experienced challenges se
Publish At:2022-03-16 02:07 | Read:669 | Comments:0 | Tags:ICS Security IIoT information technology IoT operational tec

Dirty Pipe Linux flaw impacts most QNAP NAS devices

Taiwanese vendor QNAP warns most of its NAS devices are impacted by high severity Linux vulnerability dubbed ‘Dirty Pipe.’ Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’ An attacker with local access can exploit th
Publish At:2022-03-15 10:21 | Read:896 | Comments:0 | Tags:Breaking News Hacking Internet of Things Dirty Pipe hacking

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the p
Publish At:2022-03-10 02:29 | Read:2087 | Comments:0 | Tags:Breaking News Hacking Internet of Things hacking news IoT IT

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3