Backdoor Credential Identified in ZyXEL Router
A researcher has found a backdoor credential hidden inside ZyXEL LTE indoor routers. The hard-coded backdoor credential is tracked as CVE-2022-40602 and allows remote access to any malicious third-party. The hidden password is discovered within ZyXEL LTE3301-M209 firmware routers. “The firmware of this device, which comprises three main sections LZMA section, the root-fs, and the www content, has a file containing the credentials written on it.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://cyware.com/news/backdoor-credential-found-in-zyxel-router-410e447c
Critical Vulnerability in Hikvision Wireless Bridges Opens Door for CCTV Hacking
Chinese video surveillance company Hikvision revealed that two of its wireless bridge products, designed for elevator and other video surveillance systems, are affected by CVE-2022-28173, a critical access control vulnerability. “The security hole can be exploited by sending specially crafted messages to affected devices, allowing the attacker to gain administrator permissions.”
Binaré’s platform will check your IoT device, e.g. CCTV, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.securityweek.com/critical-vulnerability-hikvision-wireless-bridges-allows-cctv-hacking?&web_view=true
3.5m IP Cameras Vulnerable, with US in the Lead
The number of IP cameras in the world is increasing exponentially. Recently the Cybernews research team found 3.5 million IP cameras, which marks a surge in usage of IP cameras since the last research. “It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.” Most of the public-facing cameras Cybernews research team discovered are manufactured by the Chinese company Hikvision (over 3.37 million of its cameras worldwide).
Binaré’s platform will check your IoT device, e.g. IP camera, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityaffairs.co/139625/hacking/3-5m-ip-cameras-exposed-with-us-in-the-lead.html
Millions of Vulnerable XIoT Devices Identified
“A vast number of common vulnerabilities and exposures (CVEs), default passwords and other security risks have been found in millions of extended internet of things (XIoT) devices.” The claims are made by security experts of Phosphorus, who recently published a report reflecting five years of security research and device testing. “Phosphorus has claimed that 99% of XIoT device passwords analyzed as part of its research were out of compliance with best practices, and 68% of XIoT devices had high-risk or critical vulnerabilities (CVSS scores of 8-10). Further, the company said that 80% of security teams could not correctly identify most of their XIoT devices.”
Binaré’s platform will check your IoT device, e.g. extended IoT device, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.infosecurity-magazine.com/news/security-risks-found-in-millions/?&web_view=true
New Zerobot Botnet Exploiting IoT Vulnerabilities
“The threat landscape was introduced to a new botnet, dubbed Zerobot, that has been spreading via IoT vulnerabilities.” Zerobot targets multiple security bugs in IoT devices to gain access and then download a script for further dissemination. “The exploits include flaws in Zyxel firewalls, TOTOLINK routers, F5 BIG-IP, Spring Framework, D-Link DNS-320 NAS, Hikvision cameras, and FLIR AX8 thermal imaging cameras, among others.”
Binaré offers a security-testing platform to prevent various businesses from cyberattacks. Binaré is concerned about security of the IoT device your business is using. Come to our web page and assess the security risk your IoT device possesses with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident:
https://cyware.com/news/new-zerobot-botnet-abuses-iot-vulnerabilities-57aca371
Hackers Use BYOF Technique With PRoot to Hijack Linux Devices
Cybercriminals are exploiting an open-source tool called PRoot to target Linux devices. “PRoot, a user-specific implementation of some specific set of commands, is statically compiled and doesn’t require any dependencies. It easily delivers malicious code by packing it with necessary packages and executables into a filesystem.”
Binaré recommends smart device manufacturers as well as businesses that use smart devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Assess the security risk your IoT device possesses for FREE with our Demo here: https://binare.io/.
More information about the incident:
https://cyware.com/news/hackers-use-byof-technique-with-proot-to-hijack-linux-devices-dd91cd4f
NETGEAR Router Vulnerability Gave Access to Restricted Services
“A new report from Tenable, a Columbia, Maryland-based cybersecurity firm, outlined an emerging threat related to NETGEAR and TP-Link routers.” According to cybersecurity experts at Tenable, network misconfiguration was identified in NETGEAR Nighthawk router versions released before 1.0.9.90.
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.hackread.com/netgear-router-vulnerability/?web_view=true
Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws
“Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.” The security holes can be tracked as CVE-2022-29831, CVE-2022-29832 and CVE-2022-29833. They could allow a malicious third-party to get information from GX Works3 project files to compromise connected safety CPU modules.
Binaré’s platform will check your IoT device, e.g. PLC, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.securityweek.com/mitsubishi-electric-plcs-exposed-attacks-engineering-software-flaws?&web_view=true
Free icons courtesy of flaticon.com by authors: manshagraphics, dreamicons, konkapp, Freepik, VectorPortal.