Super Admin Elevation Bug Puts 900,000 MikroTik Devices At Risk
“A critical severity ‘Super Admin’ privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected.The flaw, CVE-2023-30799, allows remote attackers with an existing admin account to elevate their privileges to “super-admin” via the device’s Winbox or HTTP interface.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.bleepingcomputer.com/news/security/super-admin-elevation-bug-puts-900-000-mikrotik-devices-at-risk/?&web_view=true
Over 20,000 Citrix Appliances Vulnerable to New Exploit
“A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims. Tracked as CVE-2023-3519 and patched last week, the critical-severity bug can be exploited to execute arbitrary code remotely, without authentication, on vulnerable appliances that are configured as a gateway or AAA virtual server.”
Binaré’s platform will check your IoT device, e.g. gateway, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.securityweek.com/over-20000-citrix-appliances-vulnerable-to-new-exploit/?web_view=true
Medical Device Maker Flags 8 Flaws in Drug Infusion Products
“Federal regulators and medical device maker Becton, Dickinson and Co. are warning about eight vulnerabilities that could allow an attacker to compromise BD’s medication infusion product suite, potentially putting data and device integrity at risk if exploited. The device manufacturer in a bulletin Thursday said it had discovered the eight vulnerabilities in its BD Alaris Guardrails Suite MX, which affect versions 12.1.3 and earlier, through routine internal security testing and had reported them to federal regulators.”
Binaré’s platform will check your IoT device, e.g. drug infusion product, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.govinfosecurity.com/medical-device-maker-flags-8-flaws-in-drug-infusion-products-a-22562?&web_view=true
New AVrecon Malware Infects 70,000 Linux Routers Across 20 Countries
“A new malware, dubbed AVrecon, has been found conducting stealthy attacks against vulnerable Small Office/Home Office (SOHO) routers in an attempt to build an army of botnets. The attacks have been active for more than two years, with the malware infiltrating around 70,000 devices from across 20 countries. The development comes a few weeks after the CISA issued an advisory to warn federal agencies about the risks associated with misconfigured networking equipment.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://cyware.com/news/new-avrecon-malware-infects-70000-linux-routers-across-20-countries-2254d2c2
Hardcoded Accounts Allow Full Takeover of Technicolor Routers
“Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns.A broadband router for small offices and home offices, the Technicolor TG670 router allows administrators to authenticate over HTTP, SSH, or Telnet.With the remote management functionality enabled, users gain complete administrative control over the router, which is not uncommon for SOHO routers.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.securityweek.com/hardcoded-accounts-allow-full-takeover-of-technicolor-routers/?web_view=true
Free icons courtesy of flaticon.com by authors: Freepik, Smashicons, Talha Dogar, Vector Stall.