NSW Health Data Breach – Accellion FTA Vulnerability
The Australian government entity New South Wales Health has recently confirmed that it has been hit by the cyberattack involving the file transfer system owned by Accellion. NSW Health used the Accellion file transfer system to share and store files. According to the state entity, identity information and some health-related personal information was included into the cyberattack. The software involved into the cybersecurity attack is no longer in use. Read more about the Accellion breach in our earlier published newsletter: https://blog.binare.io/2021/03/23/security-vulnerabilities-newsletter-top-news-rundown-weeks-10-11-2021/
The Accellion data breach keeps causing businesses all over the world to suffer from a well-planned cyber attack. The Accellion Breach is an explicit proof that companies should check the security of the devices they use in order to avoid being involved into such profit-extracting incidents. And Binaré is here to help! Binaré offers an effective solution to check your software for a wide range of vulnerabilities and security issues. Check your software for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://www.zdnet.com/article/nsw-health-confirms-data-breached-due-to-accellion-vulnerability/
Moobot Exploits Tenda Router Bugs
A malware domain, called Cyberium, has been discovered to be a hosting site for an active Mirai variant, identified as Moobot. Except that, researchers noticed a widespread scanning in their telemetry for a vulnerability in Tenda routers. The targeted vulnerability is a remote code execurion tracked as CVE-2020-10987. Cybersecurity researchers found out that the malware was scanning not only for Tenda flaws but also for other bugs in Axis SSI, Realtek SDK Miniigd (CVE-2014-8361), and Huawei home routers (CVE-2017-17215). Read more about the Mirai attacks in our earlier published newsletter:https://blog.binare.io/2021/04/08/security-vulnerabilities-newsletter-top-news-rundown-weeks-12-13-2021/
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://threatpost.com/moobot-tenda-router-bugs/166902/
Vulnerable Connected Security & Home Cameras
Cybersecurity and Infrastructure Security Agency (CISA) has discovered a critical software vulnerability in millions of connected security and home cameras that can allow remote attackers to access video feeds. The bug is tracked as CVE-2021-32934 and has a CVSS score of 9.1 which indicates high severity. The vulnerability has been introduced through a supply-chain component from ThroughTek which is used by OEMs of security cameras and IoT device makers such as robotic and battery devices. This cybersecurity attack has put under threat sensitive business data, production/competitive secrets as well as employee information. Read more about another security cameras data breach in our earlier published newsletter:https://blog.binare.io/2021/03/23/security-vulnerabilities-newsletter-top-news-rundown-weeks-10-11-2021/
This incident has proved one more time how easy it is to break into widespread video systems pointing out their insecurity. It is a bright example of how important it is to secure those devices that are supposed to provide secure social environment. Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://threatpost.com/millions-connected-cameras-eavesdropping/166950/
Vulnerabilities Identified In STEM Audio Table
A serious security vulnerability has been identified in the STEM Audio Table conference-room speaker. The vulnerability allows unauthenticated remote code execution (RCE) as root and gives a way for eavesdropping on conversations, denial of service, lateral movement throughout enterprise networks and more. According to GRIMM researchers, there are multiple other security problems in the STEM Audio Table conference-room speaker that would allow a hacker to interact with the device, for example, security vulnerability that would allow command injection and the ability to execute arbitrary code as root on the device.
The desktop conferencing IoT gadget is another device Binaré’s platform can check for a wide range of vulnerabilities and security issues. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://threatpost.com/stem-audio-table-business-bugs/166798/
Vulnerabilities Discovered In WAGO Industrial Controllers
Russian cybersecurity firm Positive Technologies has discovered several flaws in industrial controllers made by WAGO and can be used to disrupt technological processes paving a way to industrial accidents. In particular, the security flaws have been found in the WAGO PFC200 programmable logic controller (PLC). One of the vulnerabilities is tracked as CVE-2021-21001 and rated as critical severity. The vulnerability allows an authenticated attacker with network access to the targeted device to access its file system with elevated privileges. Another security vulnerability, identified as CVE-2021-21000 and rated medium severity, allows an unauthenticated attacker with network access to the device to leverage this flaw to cause a DoS condition.
Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards security of your IoT business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://www.securityweek.com/wago-controller-flaws-can-allow-hackers-disrupt-industrial-processes?&web_view=true
Critical Bugs Identified In Realtek Wi-Fi Module
The Realtek RTL8170C Wi-Fi module has been identified with a new set of critical vulnerabilities that a malicious third-party would exploit to gain elevated privileges on a device and hijack wireless communications. According to Vdoo cybersecurity experts, an exploitation of those flaws would result into a full control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module.
Binaré recommends embedded device manufacturers as well as businesses that use embedded devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Check your IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html?&web_view=true
Security Vulnerabilities Discovered In Peloton Bike
The widespread Peloton Bike+ and Peloton Tread exercise equipment have been identified with a security flaw that would expose gym users to a wide range of cyberattacks: from credential theft to surreptitious video recordings. According to McAfee cybersecurity researchers, the flaw would allow a hacker to gain remote root access to the Peloton’s interactive “tablet”. From there, an attacker can install the malware, access user’s private data and control the Bike+ or Tread camera and microphone over the internet. Time to patch your bike ! 🙂
Binaré is concerned about the security of an IoT device you are using. Come to our web page and check your IoT device for security vulnerabilities with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here:
https://threatpost.com/peloton-bike-bug-hackers-control/166960/
Free icons courtesy of flaticon.com by authors: Freepik, Smashicons, surang, Payungkead