MikroTik Claims Mēris Botnet Targets Routers Compromised Years Ago

According to Latvian network equipment maker MikroTik, the recently detailed Mēris botnet is targeting devices that were originally compromised three years ago. The security researchers say that the botnet already has more than 200,000 bots. In sum, more than 328,000 routers are potentially at risk. The vulnerable devices are mainly MikroTik routers running various versions of RouterOS. MikroTik says that the bots are in fact routers that were previously compromised in 2018 and which haven’t been properly secured since then.

Binaré offers the security-testing platform to prevent international businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and assess the security risk your IoT device possesses with our FREE Demo! The link for the web page: https://binare.io/.

More information about the incident: https://www.securityweek.com/mikrotik-confirms-m%C4%93ris-botnet-targets-routers-compromised-years-ago?&web_view=true

HP OMEN Gaming Hub Vulnerability Affects Windows Computers

Cybersecurity researchers discovered a critical flaw in the HP OMEN driver software that affects millions of gaming computers worldwide and leaves them open to an array of attacks. The vulnerabilities are tracked as CVE-2021-3437 (a CVSS score of 7.8) and could allow hackers to escalate privileges to kernel mode without requiring administrator permissions, allowing them to disable security products, overwrite system components, and even corrupt the operating system. The security issues are in a component called OMEN Command Center that comes pre-installed on HP OMEN-branded laptops and desktops and can also be downloaded from the Microsoft Store. 

Binaré is concerned about the security of an IoT device you are using. Come to our web page and check your IoT device for security vulnerabilities with our FREE Demo! The link for the web page: https://binare.io.

More information about the incident: https://thehackernews.com/2021/09/hp-omen-gaming-hub-flaw-affects.html?&web_view=true

Pre-Installed Malware Identified In Low-Budget Push-Button Mobile Phones Sold In Russian E-Stores

A Russian cybersecurity researcher ValdikSS has found a pre-installed malware in four cheap push-button mobile phones sold in Russia. The researcher discovered that several push-button telephones contain unwanted undocumented functions such as automatically sending SMS messages or going online to transmit purchase data or phone info (IMEI and SIM-cards IMSI). The researcher also noticed a built-in Trojan that sends paid SMS messages to short numbers in some models, other devices contained a backdoor that sends incoming SMS messages to the attackers’ server.

Binaré’s platform will check your IoT device, e.g. mobile phone, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://securityaffairs.co/wordpress/121887/mobile-2/push-button-mobile-phones-malware.html?web_view=true

Zero-Day Vulnerabilities In IoT Baby Monitors Identified – A Way For Attackers To Access Camera Feeds

Several zero-day flaws were discovered in a home baby monitor that could be exploited to allow third-party access to the camera feed and plant unauthorized code such as malware. The security issues are identified in the IoT devices that are manufactured by China-based vendor Victure and were found by researchers from Bitdefender. If the security vulnerabilities were exploited, an attacker could discover cameras that they do not own, instruct these cameras to broadcast their feeds to unauthorized third parties, and compromise the camera firmware.

Binaré recommends smart device manufacturers as well as businesses that use smart devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Assess the security risk your IoT device possesses for FREE with our Demo here: https://binare.io/.

More information about the incident: https://portswigger.net/daily-swig/zero-day-flaws-in-iot-baby-monitors-could-give-attackers-access-to-camera-feeds?&web_view=true

Critical Flaws Identified In Moxa Railway Devices

Railway and other types of wireless communication devices made by Taiwan-based industrial networking and automation firm Moxa are identified with almost 60 vulnerabilities. Atos-owned cybersecurity consulting firm SEC Consult announced that one of its researchers found two new vulnerabilities in Moxa devices, as well as several outdated third-party software components that contain tens of vulnerabilities. A command injection vulnerability (CVE-2021-39279) can be exploited by an authenticated attacker to compromise the device’s operating system whilst a reflected cross-site scripting (XSS) flaw (CVE-2021-39278) can be exploited using a specially crafted configuration file. The IoT devices are also affected by more than 50 other vulnerabilities discovered in the past decade in third-party components such as the GNU C Library (glibc), the DHCP client in BusyBox, the Dropbear SSH software, the Linux kernel, and OpenSSL.

Binare believes that securing railway industry is also very important. Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://www.securityweek.com/flaws-moxa-railway-devices-could-allow-hackers-cause-disruptions?&web_view=true

BrakTooth Vulnerabilities Identified In Commercial Bluetooth Devices

White-hat hackers have discovered a bunch of security issues affecting Bluetooth devices and are raising concerns about some vendors’ unwillingness to patch the vulnerabilities. According to the ASSET Research Group at the Singapore University of Technology, 16 new security weaknesses (20+ CVEs) in commercial Bluetooth Classic (BR/EDR) stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) have been identified. The affected system-on-chip (SoC) vendors include Intel, Qualcomm, Texas Instruments, Infineon (Cypress), Silicon Labs and others.

Binaré provides you not only with the platform but also with professional services that will help your business to avoid cyberattacks. Get an improved cybersecurity posture with Binaré’s expert and advisory services! Sign up here https://try.binare.io/get_in_touch and we will reach out to you as soon as possible.

More information about the incident: https://www.theregister.com/2021/09/01/braktooth_vulnerabilities_put_bluetooth_users/?&web_view=true

CyberNews researchers discovered numerous security vulnerabilities within the default firmware and the web interface app of the TP-Link AC1200 Archer C50 (v6) router. The identified flaws may put owners of a router at risk of man-in-the-middle and Denial of Service attacks. TP-Link routers are so popular that some models are routinely awarded ‘Amazon’s Choice’ badges in the ‘wifi router’ category. The security issues discovered range from default administrator passwords to unpatched vulnerabilities and pre-installed backdoors. Buying the router with such security weaknesses can have catastrophic consequences such as network infiltration, man-in-the-middle attacks, and router takeovers.

Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards security of your IoT business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://cybernews.com/security/amazon-tp-link-router-ships-with-vulnerable-firmware/?&web_view=true

Free icons courtesy of flaticon.com by authors: Freepik, Good Ware, Smashicons, Pixel perfect

Leave a Reply