HackDig : Dig high-quality web security articles

Fortinet warns of a spike in attacks against TBK DVR devices

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (
Publish At:2023-05-02 07:28 | Read:129634 | Comments:0 | Tags:Breaking News Hacking Internet of Things CVE-2018-9995 hacki

Improve supply chain security and resiliency with Microsoft  

Let’s start with the bad news. Cybersecurity breaches can be particularly devastating for supply chains, which involve multiple parties and sensitive information. As operational technology (OT) devices become increasingly connected, blurring the gap between IT and OT environments, the risk of hackers targeting sensitive supply chain data increases. Now, for
Publish At:2023-04-13 13:15 | Read:206580 | Comments:0 | Tags:Cybersecurity IoT Security management Security strategies Id

A week in security (April 3 - 9)

Last week on Malwarebytes Labs: TikTok: What’s going on and should I be worried? Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer Big changes to Twitter verification: How to spot a verified account New macOS malware steals sensitive info, including a user's entire Keychain database Pre-ransomware notifications are paying off right
Publish At:2023-04-11 22:01 | Read:189479 | Comments:0 | Tags:News TikTok Super FabriXss Twitter macOS malware ransomware

IoT garage door exploit allows for remote opening attack

A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home. A Medium post by researcher Sam Sabetan reveals the details. At the tail end of 2022, Sam discovered
Publish At:2023-04-06 22:01 | Read:213331 | Comments:0 | Tags:News IoT garage door remote open app switch alarm Nexx explo

Nexx bugs allow to open garage doors, and take control of alarms and plugs

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. In late 2022, the researcher Sam Sabetan discovered a series of critical vulnerabilities in several smart devices manufactured by Nexx, including Smart Garage Door Openers, Alarms, and Plugs. A re
Publish At:2023-04-05 19:21 | Read:128078 | Comments:0 | Tags:Breaking News Hacking Internet of Things hacking news inform

X-Force Identifies Vulnerability in IoT Platform

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion a
Publish At:2023-04-05 15:10 | Read:237139 | Comments:0 | Tags:Application Security Endpoint Network Security Services Thre

Smart home assistants at risk from "NUIT" ultrasound attack

A new form of attack named “Near Ultrasound Inaudible Trojan” (NUIT) has been unveiled by researchers from the University of Texas. NUIT is designed to attack voice assistants with malicious commands remotely via the internet. Impacted assistants include Siri, Alexa, Cortana, and Google Assistant. This attack relies on abusing the high sensitivit
Publish At:2023-03-30 22:37 | Read:255413 | Comments:0 | Tags:News ultrasound NUIT speakers microphone device IoT assistan

Leverage cloud-powered security with Microsoft Defender for IoT

Traditionally, operational technology (OT) and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age.1 The rise of manufacturing execution systems has enabled more “smart factories” to deliver improved manageability and data collection. While increas
Publish At:2023-03-20 15:32 | Read:320583 | Comments:0 | Tags:Cybersecurity IoT IoT security IoT security series Cloud sec

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inje
Publish At:2023-01-30 19:47 | Read:1245747 | Comments:0 | Tags:Breaking News Internet of Things Security Hacking informatio

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America
Publish At:2023-01-24 17:47 | Read:248798 | Comments:0 | Tags:A Little Sunshine Breadcrumbs Ne'er-Do-Well News Denis Emely

A couple of bugs can be chained to hack Netcomm routers

A couple of critical vulnerabilities have been discovered in Netcomm rourers, experts warn of their potential exploitation in the wild. The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication bypass, respectively tracked as CVE-2022-4873 and CVE-2022-4874. Both issues impact the Netcomm router mo
Publish At:2023-01-18 11:51 | Read:425106 | Comments:0 | Tags:Breaking News Internet of Things hacking news information se

How Can the White House’s New IoT Labels Improve Security?

The White House’s National Security Council (NSC) is working on an ambitious project to improve consumer Internet of Things (IoT) security through industry-standard labeling. If successful, the labeling system will replace existing frameworks across the globe. Modeled after the EPA’s Energy Star labeling program, the IoT labeling initiative shou
Publish At:2023-01-03 11:38 | Read:238720 | Comments:0 | Tags:Government Risk Management IoT iot devices zero trust Zero T

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malw
Publish At:2022-12-21 17:38 | Read:243874 | Comments:0 | Tags:Cybersecurity IoT Microsoft security intelligence Zerobot

MCCrash botnet targets private Minecraft servers, Microsoft warns

Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. The IT giant tracks this cluster of ac
Publish At:2022-12-16 04:30 | Read:315250 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Internet of Things Malware

Microsoft contributes S2C2F to OpenSSF to improve supply chain security

On August 4, 2022, Microsoft publicly shared a framework that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework (S2C2F), previously the Open Source Software-Supply Chain Security (OSS-SSC) Framework. As a massive consumer of and contributor to open source, Microsoft understands the importance
Publish At:2022-11-29 17:37 | Read:330906 | Comments:0 | Tags:Cybersecurity IoT IoT security IoT security series security


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud