Security Vulnerabilities Identified in Mercedes-Benz System
Cybersecurity researchers from the Tencent Security Keen Lab have identified numerous security vulnerabilities in the recently launched Mercedes-Benz infotainment system in cars. Exploiting these vulnerabilties would trigger hacking attacks. The attack surfaces include but not limited to JavaScript engine, Bluetooth stack, WiFi chip, USD functions, and third-party apps in the head unit – the infotainment ECU. Hackers could exploit the vulnerabilities for:
- Remote code execution
- Local privilege escalation
- Heap overlow exploit
- Denial-of-service
- Bypass anti-theft mechanism
- Take control of the target system
The cybersecurity researchers state that exploiting these flaws could trigger real-time attacks not only on vehicles overall but also on separate head units. The researchers took control of a vehicle by injecting TCP packets through the CAN bus.
Binaré believes that security of automotive industry deserves special attention as it is tightly connected to the lives of human-beings. Binaré is concerned about the security of your hardware. Come to our web page and check your hardware with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here: https://latesthackingnews.com/2021/05/20/vulnerabilities-in-mercedes-benz-system-could-allow-hacking-of-the-vehicle/
Kernel-Privilege Vulnerabilities Identified in Dell PCs
The researchers have found the privilege-escalation bug that remained hidden in all Dell PCs, tablets and notebooks shipped since 2009. Five high-severity security flaws in Dell’s firmware update driver could allow hackers to bypass security products, execute code and pivot to other parts of the network for lateral movement. The flaws carry a CVSS vulnerability-severity rating of 8.8 out of 10. The researchers have identified 3 reasons behind 5 security flaws: memory corruption, lack of input validation and code-logic flaw.
Binaré recommends hardware vendors as well as businesses that use this hardware to check it for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Check your IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://threatpost.com/dell-kernel-privilege-bugs/165843/
Apple Computers Hacked By Cybercriminals
Apple Mac users have been alerted to update their macOS software since hackers have been exploiting a very critical vulnerability that affects the the tech giant’s computers. The malware takes an advantage of a logic error in macOS’ code and can skip all the checks done by Apple’s security mechanisms. However, there is one obstacle on the way of the malicious hackers – they have to convince a user to download the app first. But once this is done, the malware starts to infect the macOS software.
Binaré highlights that the bigger is the business, the more complicated and costly are the consequences of the cyber attack. Binaré advises big business players to integrate cybersecurity as part of their business, for example, by using Binaré’s automated IoT vulnerability management and firmware analysis platform. Check your firmware/IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here: https://www.forbes.com/sites/thomasbrewster/2021/04/26/update-your-mac-now-the-worst-hack-in-years-hits-apple-computers/?sh=cf9fafa5da08
Vulnerable Smart Plugs And How To Protect Devices Connected To Them
Smart home devices are designed to make our lives easier. However, more and more frequently security flaws in smart plugs are revealed and they potentially allow hackers to take a control of smart home devices. A recent security analysis of two smart home plugs discovered vulnerabilities that could be exploited to gain an access to the network they were connected to by stealing the WiFi login and password. Therefore, it is critically important that modern devices connected to the internet and using an encrypted channel to send data (using HTTPS) are using stronger passwords.
Binaré is concerned about the security of an IoT device you are using. Come to our web page and check your IoT device for security vulnerabilities with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here:
https://tech.hindustantimes.com/home-appliances/news/how-to-stop-your-smart-plug-from-giving-hackers-access-to-devices-on-your-wi-fi-network-71621775987120.html
New High-Severity Flaw Identified In Pulse Connect VPN
Ivanti, a company that provides Pulse Secure VPN appliances, has recently reported about a high severity vulnerability that can allow a hacker to execute arbitrary code with elevated privileges. The identified vulnerability is tracked as CVE-2021-22908 and has received a CVSS score of 8.5 out of 10. The flaw affects Pulse Connect Secure versions 9.0Rx and 9.1Rx. According to the CERT Coordination Center, the actual reason behind vulnerability is the gateway’s ability to connect to Windows file shares through a number of CGI endpoints.
Binaré provides you not only with the platform but also with professional services that will help your business to avoid cyberattacks. Get an improved cybersecurity posture with Binaré’s expert and advisory services! Sign up here https://try.binare.io/get_in_touch and we will reach out to you as soon as possible.
More information about the incident can be found here: https://thehackernews.com/2021/05/new-high-severity-vulnerability.html
QNAP Devices Attacked By Cybercriminals
QNAP, the Taiwanese NAS appliance maker, suffer from multiple cyberattacks. In particular, QNAP’s network-attached storage devices have been an attractive target for cybercriminals. The most recent flaws exploited by attackers include command injection vulnerability, tracked as CVE-2020-36198, that enables remote attackers to run arbitrary commands and CVE-2020-2509 and CVE-2020-36195 that allow unauthenticated attackers to take control of NAS devices.
Binaré advises all networking hardware manufacturers to check firmware for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Check your IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://cyware.com/news/qnap-devices-bombarded-by-cyberattacks-7af9e3bc
Eufy Camera Flaw Exposes Private Feeds to Strangers
Eufy, a company that produces smart home devices, was warned of an internal server vulnerability that allowed random users to access its home security cameras for one day. The strangers not only viewed private Eufy feeds but also accessed account data such as name and home location. Though security problems with cloud-based home-security cameras are not uncommon, the customers are in panic and the company’s reputation is under threat.
This incident is a bright example of how important it is to secure those devices that are supposed to provide secure social environment. Building a good reputation for a company can take years but destroying it with a cyberattack will take a couple of days. Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://threatpost.com/eufy-cam-private-feeds/166288/
Free icons courtesy of flaticon.com by authors: Freepik, Pixel Perfect, xnimrodx, Good Ware
One Response