Mystery miscreant remotely bricked 600,000 SOHO routers with malicious firmware update
“Unknown miscreants broke into more than 600,000 routers belonging to a single ISP late last year and deployed malware on the devices before totally disabling them, according to security researchers.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.theregister.com/2024/05/31/pumoking_eclipse_remote_router_attack/?&web_view=true
RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices
“The flaw, identified as CVE-2024-41637, affects RaspAP versions before 3.1.5 and has a severity score of 9.9. The vulnerability stems from improper access controls, enabling attackers to escalate privileges from www-data to root.”
Binaré’s platform will check your IoT device, e.g. Raspberry Pi Device, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/?&web_view=true
Traeger security bugs bad news for grillers with neighborly beef
“Nick Cerne, security consultant at Bishop Fox, discovered a few weaknesses in certain Traeger grills, ones that have the Traeger Grill D2 Wi-Fi Controller installed – an embedded device allowing a grill to be controlled using a mobile app. Successful exploits could allow a remote attacker to execute day-ruining commands such as temperature change controls or shutting down the grill altogether.”
Binaré’s platform will check your IoT device, e.g. Wi-Fi Controller, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.theregister.com/2024/07/03/traeger_security_bugs/?&web_view=tru
China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices
“A newly identified zero-day vulnerability affecting a popular line of Cisco devices was used in an April attack by state-backed hackers from China. Cisco and cybersecurity firm Sygnia published advisories on Monday about CVE-2024-20399 — a vulnerability affecting the Cisco NX-OS software used for the Nexus-series switches that connect devices on a network.”
Binaré’s platform will check your IoT device, e.g. switch, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://therecord.media/cisco-velvet-ant-hackers-china?&web_view=true
THREAT ACTORS ACTIVELY EXPLOIT D-LINK DIR-859 ROUTER FLAW CVE-2024-0769
“Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers. The vulnerability is a path traversal issue that can lead to information disclosure. Threat actors are exploiting the flaw to collect account information, including user passwords, from the vulnerable D-Link DIR-859 WiFi routers.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html?web_view=true
No Patches for Hospital Temperature Monitors’ Critical Flaws
“Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus.”
Binaré’s platform will check your IoT device, e.g. hospital temperature monitor, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.bankinfosecurity.com/no-patches-for-hospital-temperature-monitors-critical-flaws-a-25632?&web_view=true
‘Mirai-like’ botnet observed attacking EOL Zyxel NAS devices
“There are early indications of active attacks targeting end-of-life Zyxel NAS boxes just a few weeks after details of three critical vulnerabilities were made public. The Shadowserver Foundation, an internet security organization partnered with many of the world’s top security agencies and vendors, said its scanners started beeping on Friday as it continues to monitor CVE-2024-29973.”
Binaré’s platform will check your IoT device, e.g. NAS device, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.theregister.com/2024/06/24/mirailike_botnet_zyxel_nas/?&web_view=true
Critical UEFI Flaw in Phoenix Firmware Hits Major PC Brands
“A high-impact vulnerability in a common implementation of the firmware booting up desktop computers powered by Intel chips could allow attackers to obtain ongoing persistence, warn security researchers. The flaw affects devices built by major manufacturers including Lenovo, Acer, Dell and HP and potentially affects hundreds of personal computer models, said digital supply chain security company Eclypsium.”
Binaré’s platform will check your IoT device, e.g. desktop computer, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.bankinfosecurity.com/critical-uefi-flaw-in-phoenix-firmware-hits-major-pc-brands-a-25570?&web_view=true
CISA Warns of High-Severity Flaw in RAD Data Communications SecFlow-2 Switches
“The CISA warned industrial organizations about a high-severity vulnerability in an EoL industrial switch by RAD Data Communications. The agency discovered a publicly available PoC exploit targeting a path traversal vulnerability in RAD SecFlow-2.”
Binaré’s platform will check your IoT device, e.g. switch, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.cisa.gov/news-events/ics-advisories/icsa-24-170-01?&web_view=true
Free icons courtesy of flaticon.com by authors: Smashicons, Freepik, Iconic Panda, Ranah Pixel Studio.