Binare x Hardwear.io Netherlands 2024

Did you know Hardwear.io Netherlands 2024 is happening 23-26 Oct, and Binare.io is proud to be among the main sponsors second year in a row?

Scale up hardware security with hardwear.io talk lineup:

Fuzzing GPRS Layer-2 for Fun and Profit By Dyon Goos & Marius Muench
HAWKEYE – Recovering Symmetric Cryptography From Hardware Circuits By Julian Speith
Is Your Memory Protected? Uncovering Hidden Vulnerabilities in Automotive MPU Mechanisms By Nimrod Stoler
Hacking EV charging stations via the charging cable By Wilco Van Beijnum & Sebastiaan Laro Tol
MIFARE Classic: Exposing the Static Encrypted Nonce Variant By Philippe Teuwen
Workshop & Village! Getting Started with Automotive Ethernet Security Testing By Enrico Pozzobon
Workshop & Village! The Donjon Hardware Attack Tool Suite – Fault Injection By Michael Mouchous

This year at Hardwear.io Netherlands 2024, a Memory Security Track is introduced. This track will focus on securing computer memory, covering the latest techniques, vulnerabilities, and solutions to protect memory resources:

Memory Security Retrospective By David Hulton
Future of Computer Architecture and Hardware Security By Onur Mutlu
Hacking NAND Memory Pinout using Logic Analyzer By Sasha Sheremetov

Check out the speakers of the event here:

Baptiste Boyer | Dyon Goos & Marius Muench | Jasper van Woudenberg | Julian Speith | Marcel Busch & Christian Lindenmeier | Nimrod Stoler | Philippe Teuwen | Sergei Volokitin | Thomas Roche | Wilco van Beijnum & Sebastiaan Laro Tol | David Hulton | Fabian Thomas & Lukas Gerlach | Fabrice Devaux | Herbert Bos | Jonas Juffinger | Michele Marazzi | Onur Mutlu | Sasha Sheremetov

Did you know that all Binare.io followers and friends get a registration discount? Just use code HWNL24BNR during your registration on the hardwear.io official event site!

Meet Binare’s CEO Andrei Costin at Cyber Security Summit Brasil 2024!

It is a pleasure to announce that Binare’s CEO, Andrei Costin, will give a keynote at the Cyber ​​Security Summit Brasil 2024 that will take place between October 28th and 29th and will take participants on a journey into the next Era of digital security!

“With a PhD from EURECOM/Telecom ParisTech, Dr.Costin has published and presented at high-level international cybersecurity events, both academic and industrial. In addition to the MiFare Classic card key recovery tool MFCUK (including Kali, proxmark), he also authored the first practical ADS-B attacks (BlackHat 2012) and established the research areas of large-scale automated firmware analysis (Usenix Security 2014). Dr. Costin is CEO/co-founder of Binare.io, a high-tech cybersecurity spin-off from the University of Jyväskylä, focused on innovation and technology transfer related to cybersecurity of (I)IoT/firmware/devices, as well as advanced cybersecurity for aviation/aerospace/space.”

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

“Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices.

The attacks target the AVM1203, a surveillance device from Taiwan-based manufacturer AVTECH, network security provider Akamai said Wednesday. Unknown attackers have been exploiting a 5-year-old vulnerability since March. The zero-day vulnerability, tracked as CVE-2024-7029, is easy to exploit and allows attackers to execute malicious code. The AVM1203 is no longer sold or supported, so no update is available to fix the critical zero-day.”

Binaré’s platform will check your IoT device, e.g. camera, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://arstechnica.com/security/2024/08/unpatchable-0-day-in-surveillance-cam-is-being-exploited-to-install-mirai/?web_view=true

CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE

“A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a near-perfect CVSS score of 9.8, this flaw poses a serious risk to users of these popular networking devices.

The vulnerability stems from a buffer overflow issue in the router’s HTTP server. By sending a specially crafted HTTP request with an overly long “User-Agent” header, attackers can trigger a buffer overflow, potentially crashing the device or, more alarmingly, executing malicious code on it.”

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://securityonline.info/cve-2024-42815-cvss-9-8-buffer-overflow-flaw-in-tp-link-routers-opens-door-to-rce/?&web_view=true

A Backdoor In Millions Of Shanghai Fudan Microelectronics RFID Cards Allows Cloning

“Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics. 

The experts announced the discovery of a hardware backdoor and successfully cracked its key allowing the instantaneous cloning of RFID smart cards.”

Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://securityaffairs.com/167321/hacking/shanghai-fudan-microelectronics-rfid-cards-backdoor.html?web_view=true

CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available

“The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities, which could allow attackers to execute arbitrary code, disclose sensitive information, or disrupt device functionality, pose a significant threat to the security of industrial and commercial networks relying on these devices. Despite the severity of the flaws, Vonets has not responded to CISA’s requests for collaboration on mitigation strategies, leaving users in a precarious position.”

Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://securityonline.info/cisa-warns-critical-vulnerabilities-in-vonets-wifi-bridge-devices-no-patch-available/?&web_view=true

New Windows SmartScreen bypass exploited as zero-day since March

“Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday.

SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of the Web (MotW) label.

While the vulnerability (tracked as CVE-2024-38213) can be exploited remotely by unauthenticated threat actors in low-complexity attacks, it requires user interaction, making successful exploitation harder to achieve.”

Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://www.bleepingcomputer.com/news/microsoft/new-windows-smartscreen-bypass-exploited-as-zero-day-since-march/?&web_view=true

Cisco warns of critical RCE zero-days in end of life IP phones

“Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones.

The vendor has not made fixes available for these devices and shared no mitigation tips, so users of those products will have to move to newer and actively supported models as soon as possible.”

Binaré’s platform will check your IoT device, e.g. IP phone, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/?&web_view=true

20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers

“Tens of thousands of small office/home office (SOHO) devices sold by Ubiquiti Inc. are vulnerable on the open Internet to a five-year-old bug, researchers are warning.

In January 2019, broadband Internet expert Jim Troutman warned that an exposed port in dozens of Ubiquiti Internet of Things (IoT) gadgets was being exploited in denial-of-service (DoS) attacks. The underlying vulnerability, CVE-2017-0938, was assigned a “high” 7.5 score on the CVSS scale.

Seven months after that, researchers from Rapid7 were still able to find nearly 500,000 vulnerable devices. And now, even though Ubiquiti has long since acknowledged and patched the issue, around 20,000 devices remain vulnerable, Check Point Research noted in a new blog post.”

Binaré’s platform will check your IoT device, e.g. camera or router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://www.darkreading.com/ics-ot-security/20k-ubiquiti-iot-cameras-and-routers-are-sitting-ducks-for-hackers?&web_view=true

Free icons courtesy of flaticon.com by authors: dreamicons, Freepik, spacepixel, Fitin_syhliantina, Iconjam.

Leave a Reply

Discover more from binaré (binare.io)

Subscribe now to keep reading and get access to the full archive.

Continue reading