100M IoT Devices Affected By Zero-Day Flaw

A high-severity vulnerability in a widely used internet-of-things (IoT) infrastructure code made more than 100 million devices across 10,000 enterprises vulnerable to cyberattacks. The flaw was given a CVSS score of 7.1 indicating its high-severity. The cause behind the bug is improper restriction of operations within the bounds of a memory buffer (CWE-119). This disclosure comes amongst a peak in the number of attacks on IoT devices, involving remote controls, Bluetooth devices, home security systems and more.

Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://threatpost.com/100m-iot-devices-zero-day-bug/174963/

Cisco Talos identified an information disclosure vulnerability in the D-LINK DIR-3040 smart WiFi mesh router that could be potentially exploitable. The vulnerability could allow a third-party to eventually turn off the device or remove other connected devices from the mesh network. The flaw is tracked as CVE-2021-21913 and would allow an attacker to trigger with a specially crafted network request and, in turn, to view sensitive information in the MQTT service, including the root password of the primary device.  

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://blog.talosintelligence.com/2021/09/vuln-spotlight-d-link-.html?&web_view=true

High-Severity RCE Vulnerability Disclosed In Several Netgear Router Models

Netgear, a networking equipment company, has patched a high-severity remote code execution flaw affecting multiple routers that could be exploited by remote attackers to take control of an affected system. The vulnerability is tracked as CVE-2021-40847 and has a CVSS score of 8.1 which indicates its high-severity. According to a security expert Adam Nichols, the security flaw resides within a third-party component included in the firmware that offers parental control features in Netgear devices.

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://thehackernews.com/2021/09/high-severity-rce-flaw-disclosed-in.html

SonicWall Asks Users To Patch Critical Flaw ASAP

SonicWall, a company that specializes in securing networks, has issued a security notice about its SMA 100 series of appliances. The security flaw could potentially allow a remote unauthenticated third-party delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device. The flaw is tracked as CVE-2021-20034 and is caused by an improper limitation of a file path to a restricted directory. The vulnerability has a score of 9.1 out of 10 on the CVSS scale of severity which means it is of high-severity.

Binaré offers the security-testing platform to prevent international businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and assess the security risk your IoT device possesses with our FREE Demo! The link for the web page: https://binare.io/.

More information about the incident: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/?web_view=true

Unpatched Critical Flaw Affects Apple MacOS Computers

Cybersecurity experts published details of an unpatched zero-day vulnerability in macOS Finder that could be abused by remote third-parties to trick users into running arbitrary commands on the machines. According to SSD Secure Disclosure, a security issue in macOS Finder allows files whose extension is inetloc to execute arbitrary commands. The vulnerability is caused by the manner macOS processes INETLOC files — shortcuts to open internet locations such as RSS feeds, Telnet connections, or other online resources and local files — resulting in a scenario that allows commands embedded in those files to be executed without any warning.

Binaré is concerned about the security of an IoT device you are using. Come to our web page and check your IoT device for security vulnerabilities with our FREE Demo! The link for the web page: https://binare.io.

More information about the incident: https://thehackernews.com/2021/09/unpatched-high-severity-vulnerability.html?&web_view=true

Zero-Click RCE Vulnerability Identified In Hikvision Security Cameras – Open Door To Network Compromise

A zero-click flaw in a popular IoT security camera could allow an unauthenticated third-party to get full access to the device and perhaps internal networks. The bug is tracked as  CVE-2021-36260 and has a CVSS score of 9.8: the exploitation of the bug would enable the actor to get more access than even the owner of the device. Discovered zero click unauthenticated remote code execution (RCE) vulnerability affects a high number of Hikvision cameras.

Binaré’s platform will check your IoT device, e.g. security camera, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident: https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise?&web_view=true

Free icons courtesy of flaticon.com by authors: monkik, Vitaly Gorbachov, Freepik, Pixel perfect

Leave a Reply