Vulnerabilities Identified In John Deere Systems Possess Agriculture’s Cyber Risk
An Australian researcher, Sick Codes, and the research group, Sakura Samurai, found numerous vulnerabilities in tractor manufacturer John Deere’s systems. The vulnerabilities uncovered are severe and would allow a hacker to access John Deere’s Operations Center, a comprehensive platform for monitoring and managing farm equipment. The flaws were discovered in a business process management tool called Pega. The access to John Deer’s Operations Center would have allowed Sick Codes to remotely access farmers’ tractors, using a support feature that Deere offers owners that, in the wrong hands, could be disastrous.
Binare believes that securing agricultural sector is also very important. Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident: https://www.bankinfosecurity.com/flaws-in-john-deere-systems-show-agricultures-cyber-risk-a-17240
New eCh0raix Ransomware Variant Affects QNAP and Synology Network-Attached Storage Devices
A new variant of eCh0raix ransomware has been discovered by Unit 42 researchers. A new eCh0raix ransomware variant targets Synology network-attached storage (NAS) and Quality Network Appliance Provider (QNAP) NAS devices. To achieve this, hackers are exploiting CVE-2021-28799. This new variant of ransomware is combining functionality to target both QNAP and Synology NAS devices indicating that some ransomware developers are continuing to invest in optimizing the tools used to target devices common in the small office and home office (SOHO).
Binaré offers the security-testing platform to prevent international businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and assess the security risk your IoT device possesses with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident: https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/
A Critical Random Number Generator Vulnerability Identified In Billions of IoT Devices
A critical vulnerability has been discovered in hardware random number generators used in billions of Internet of Things (IoT) devices. The random numbers are not generated properly and it makes the IoT devices insecure and puts them at risk of cyberattacks. Random number generation is a key process that supports several cryptographic applications, including key generation, nonces, and salting. The cybersecurity researchers say that one of the hard parts about this vulnerability is that it’s not a simple case of ‘you zigged where you should have zagged’ that can be patched easily and, therefore, to remediate this issue, a substantial and complex feature has to be engineered into the IoT device.
Binaré is concerned about the security of an IoT device you are using. Come to our web page and check your IoT device for security vulnerabilities with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident: https://thehackernews.com/2021/08/a-critical-random-number-generator-flaw.html
A Critical Authentication Bypass Vulnerability Affects Millions of Routers
Malicious hackers exploit a critical authentication bypass vulnerability that affects home routers with Arcadyan firmware to take them over and deploy Mirai botnet payloads. The vulnerability is tracked as CVE-2021-20090 and has a CVSS score of 9.9 indicating high-severity: a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication. The current attacks were discovered by Juniper Threat Labs researchers when they were monitoring the activity of a malicious hacker known for targeting network and IoT devices since February. The vulnerability has affected dozens of router models from different vendors: Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus. The number of exposed routers is close to 1 million!
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident: https://www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/
TCP/IP Stack Vulnerabilities Identified In Operational Technology Devices
Cybersecurity researchers at Forescout discovered 14 security vulnerabilities in TCP/IP stacks, communications protocols commonly used in connected devices in industrial infrastructure. Identified security vulnerabilities would allow a hacker to tamper with or disrupt services, as well access data on the network. Cybersecurity researchers at Forescout Research Labs and JFrog Security Research claim that the vulnerabilities could allow remote code execution, denial of service or even information leaks, if left unchecked. Though the number of vulnerable OT devices is uncertain, researchers managed to find more than 6,400 affected devices already.
Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards security of your IoT business already today: try our FREE Demo at https://binare.io/!
More information about the incident: https://www.zdnet.com/article/security-researchers-warn-of-tcpip-stack-flaws-in-operational-technology-devices/#ftag=RSSbaffb68
Security Vulnerabilities Identified That Compromise Hotel Internet of Things (IoT) Devices
In the hospitality space, IoT is also employed to give guests more control over their stay. Security consultant Kya Supa from LEXFO managed to exploit a chain of security weaknesses and gain control of rooms at a capsule hotel, a budget-friendly type of hotel offering extremely small and, therefore, cozy spaces to guests, who are stacked side-by-side. The case confirms once again that a single access point can be used to tamper with and hijack IoT devices.
Hospitality industry is also at risk of cyberattacks. Binare believes that hotels need to improve their cybersecurity posture and is ready to help with that! Assess the security risk your IoT device possesses for FREE with our Demo here: https://binare.io/.
More information about the incident: https://www.zdnet.com/article/bob-had-a-bad-night-iot-mischief-takes-neighbourly-revenge-to-the-next-level-in-a-capsule-hotel/
Hospitals Struggling To Manage Thousands Of IoT Devices
According to joint report created by Health technology company Philips and cybersecurity company CyberMDX, more than 13% of hospitals had no inventory and no way of knowing how many medical devices were deployed. Market researchers surveyed 130 IT healthcare decision-makers to find out how they were managing the thousands of medical devices that populate most hospitals these days. Almost half of all respondents find their staffing for medical device and IoT security “inadequate,” with most reporting a mean cybersecurity staff of approximately 12 or 13 people. Whilst approximately 40% of all large hospital systems hire IoT security solutions to protect their devices, 16% rely on the security provided by the medical device manufacturer.
Providing security for a healthcare sector is essential and Binare is here to help! Binaré has come up with a solution that prevents hospitals from cyber-attacks. Come to our web page and check your medical IoT device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident: https://www.zdnet.com/article/philips-study-finds-hospitals-struggling-to-manage-thousands-of-devices/
Free icons courtesy of flaticon.com by authors: ultimatearm, Freepik, Icongeek26, xnimrodx