Vulnerabilities Identified In AMD’s ZEN Processor Family
Researchers from German TU Dresden have found out that AMD Zen+, Zen 2 CPUs are vulnerable to to a data-bothering Meltdown-like attack, if tortured enough. Computer scientists Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips (the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX) and found that they were able to adversely manipulate the operation of the CPU cores. Meltdown flaws were discovered earlier in 2018: they break the barrier between user applications and the operating system, allowing malware running on a vulnerable computer to slowly figure out the contents of protected kernel memory and any secrets therein, such as keys and passwords.
Binaré advises OEMs to use Binaré’s automated IoT vulnerability management and firmware analysis platform to check their products for a wide range of vulnerabilities and security issues before selling them to IoT device manufacturers. Assess the security risk your firmware/IoT device possesses for FREE with our Demo here: https://binare.io/.
More information about the incident: https://www.theregister.com/2021/08/30/amd_meltdown_zen/?&web_view=true
T-Mobile Hack: Exposed Router, Specialized Tools and Brute Force Attacks
T-Mobile’s CEO, Mike Sievert, finally shared some information about how the attack was carried out. According to him, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to the testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data. John Binns, who has taken credit for the attack, claimed that he managed to infiltrate T-Mobile’s systems after identifying a vulnerable, internet-exposed router in July. John Binns added that the router provided an entry point to T-Mobile servers in a data center near East Wenatchee, Washington, from where he obtained credentials that gave him access to more than 100 servers.
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident: https://www.securityweek.com/t-mobile-hack-involved-exposed-router-specialized-tools-and-brute-force-attacks?&web_view=true
Critical Vulnerability Identified In Annke Video Recorder
The critical vulnerability – a remote code execution – in a network video recorder (NVR) manufactured by Annke could lead to a total compromise of the IoT device. Tracked as CVE-2021-32941, the flaw was identified in the playback functionality of NVR model N48PBB, which captures and records live streams from up to eight IP security cameras and provides centralized, remote management of video surveillance systems. Security camera operators with susceptible installations have been warned to update their firmware as soon as possible to avoid the malicious attackers could potentially seize control of security cameras. Annke security cameras , NVRs, and related accessories have been used by five million businesses or homeowners worldwide.
Binaré’s platform will check your IoT device, e.g. network video recorder, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident: https://portswigger.net/daily-swig/annke-network-video-recorder-vulnerability-could-see-attackers-seize-control-of-security-cameras?&web_view=true
Mirai Botnet Variant Targets Flaws In Realtek Devices
Mirai-variant botnet actors have been found exploiting numerous security vulnerabilities in software that are used by 65 network equipment vendors. The attackers are abusing command injection flaws that were spotted in Realtek chipsets. SAM Seamless Network researchers have discovered serious security flaws in Software Development Kits (SDK) of devices:
- The critical security vulnerability tracked as CVE-2021-35395 affects smart lightning gateways, IP cameras, travel routers, Wi-Fi repeaters, and smart toys.
- The flaw affects the management web interface of the devices giving attacks remotely access to scan and run an arbitrary code on vulnerable devices.
- The most common network devices using buggy Realtek SDK are found to be Edimax N150, Netis E1+ extender, N300 Wi-Fi routers, and Repotec RP-WR5444 router.
- Other security flaws CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, and CVE-2021-35395 are rated more than 8.1 on the CVSS scale.
Binaré offers the security-testing platform to prevent international businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and assess the security risk your IoT device possesses with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident: https://cyware.com/news/mirai-botnet-variant-targeting-vulnerabilities-in-realtek-devices-776f557e
New Vulnerabilities Discovered In Fortress S03 Wi-Fi Home Security System
New flaws have been identified in Fortress S03 Wi-Fi Home Security System that could be potentially exploited by a malicious third-party to get unauthorized access with an aim to change system behavior, including disabling the devices without the victim’s knowledge. The security vulnerabilities are tracked as CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), and were discovered and disclosed by cybersecurity company Rapid7. The Fortress S03 Wi-Fi Home Security System is used by thousands of clients and continued customers.
Binaré recommends smart device manufacturers as well as businesses that use smart devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Assess the security risk your IoT device possesses for FREE with our Demo here: https://binare.io/.
More information about the incident: https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html
New Zero-Click iPhone Exploit Used To Deploy NSO Spyware
Citizen Lab digital threat researchers discovered a new zero-click iMessage exploit used to deploy NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. In sum, nine Bahraini activists had their iPhones hacked in a campaign partially orchestrated by a Pegasus operator connected with high confidence to the government of Bahrain by Citizen Lab. The spyware was deployed on their devices after being compromised using two zero-click iMessage exploits. New iPhone zero-click exploit has been in use since February 2021.
Binaré highlights that the bigger is the business, the more complicated and costly are the consequences of the cyber attack. Binaré advises big business players to integrate cybersecurity as part of their business, for example, by using Binaré’s automated IoT vulnerability management and firmware analysis platform. Check your firmware/IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident: https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/
Free icons courtesy of flaticon.com by authors: Freepik, xnimrodx, ultimatearm, Eucalyp