IoT Security Threats Highlight The Need For Zero Trust Principles
“The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year, according to Zscaler. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure.”
Binaré offers a security-testing platform to prevent various businesses from cyberattacks. Binaré is concerned about security of the IoT device your business is using. Come to our web page and assess the security risk your IoT device possesses with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident:
https://www.helpnetsecurity.com/2023/10/27/iot-malware-attacks/?web_view=true
New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
“Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster.
The vulnerabilities are as follows –
- CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller
- CVE-2023-5043 (CVSS score: 7.6) – Ingress-nginx annotation injection causes arbitrary command execution
- CVE-2023-5044 (CVSS score: 7.6) – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation”
Binaré’s platform will check your IoT device, e.g. controller, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html?&web_view=true
Hackers Update Cisco IOS XE Backdoor to Hide Infected Devices
“The number of Cisco IOS XE devices detected with a malicious backdoor implant has plummeted from over 50,000 impacted devices to only a few hundred after the attackers updated the backdoor to hide infected systems from scans.
This week, Cisco warned that hackers exploited two zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to hack over 50,000 Cisco IOS XE devices to create privileged user accounts and install a malicious LUA backdoor implant.”
Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident:
https://www.bleepingcomputer.com/news/security/hackers-update-cisco-ios-xe-backdoor-to-hide-infected-devices/
Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
“Several UR-series industrial cellular routers from Milesight (Ursalink) are affected by CVE-2023-43261, a serious vulnerability exposing system log files, such as ‘httpd.log’.
The exposed logs contain passwords for administrators and other users, which can be leveraged by remote, unauthenticated attackers to gain unauthorized access to the targeted device. The passwords are not stored in plain text in the log files, but they can be easily cracked.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.securityweek.com/milesight-industrial-router-vulnerability-possibly-exploited-in-attacks/?web_view=true
D-Link WiFi Range Extender Vulnerable to Command Injection Attacks
“The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection.
The product is currently listed as available on D-Link’s site and has thousands of reviews on Amazon, so it’s a popular choice among consumers.”
Binaré’s platform will check your IoT device, e.g. extender, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.bleepingcomputer.com/news/security/d-link-wifi-range-extender-vulnerable-to-command-injection-attacks/?&web_view=true
High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security
“Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html?&web_view=true
Malware-Infected Devices Sold Through Major Retailers
“Human Security has exposed a significant monetization method employed by a sophisticated cyber-criminal operation. This operation involved the sale of backdoored off-brand mobile and CTV (Connected TV) Android devices through major retailers, which had originated from repackaging factories in China.
The scheme, known as BADBOX, deploys the Triada malware as a “backdoor” on various devices such as CTV boxes, smartphones and tablets during the supply chain process in China.”
Binaré recommends smart device manufacturers as well as businesses that use smart devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Assess the security risk your IoT device possesses for FREE with our Demo here: https://binare.io/.
More information about the incident:
https://www.infosecurity-magazine.com/news/malware-infected-devices-retailers/?&web_view=true
FDA cyber mandates for medical devices goes into effect
“New regulations that went into effect on Sunday aim to make it more difficult to hack into medical devices by requiring vendors to beef up the security features of things like pacemakers and insulin pumps before they make it onto the market.
The regulations from the Food and Drug Administration mandate that vendors of medical devices create processes to find and mitigate vulnerabilities, create a software bill of materials and have a plan in place to address vulnerabilities for products after they have been sold.”
Binaré’s platform will check your medical IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://cyberscoop.com/fda-cybersecurity-medical-devices/?&web_view=true
Free icons courtesy of flaticon.com by authors: Corner Pixel, Freepik, Smashicons, Kiranshastry.