A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
We analyzed smart pet feeders by Dogness, and discovered serious vulnerabilities such as hard-coded credentials and insecure update process.
Internet of things
ASUS addressed critical flaws in some router models
ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. The impacted models are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, […]
The post ASUS addressed critical flaws in some router models appeared first on Security Affairs.
Hear no evil: Ultrasound attacks on voice assistants
How your voice assistant could do the bidding of a hacker – without you ever hearing a thing
The post Hear no evil: Ultrasound attacks on voice assistants appeared first on WeLiveSecurity
IT threat evolution in Q1 2023. Non-mobile statistics
PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.
New Go-written GobRAT RAT targets Linux Routers in Japan
A new Golang remote access trojan (RAT), tracked as GobRAT, is targeting Linux routers in Japan, the JPCERT Coordination Center warns. JPCERT/CC is warning of cyberattacks against Linux routers in Japan that have been infected with a new Golang remote access trojan (RAT) called GobRAT. Threat actors are targeting Linux routers with publicly exposed WEBUI to execute […]
The post New Go-written GobRAT RAT targets Linux Routers in Japan appeared first on Security Affairs.
China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant
China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been linked to the China-linked cyberespionage group Mustang Panda (aka Camaro Dragon, RedDelta or “Bronze President). MustangPanda […]
The post China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant appeared first on Security Affairs.
Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016)
Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs…
Fortinet warns of a spike in attacks against TBK DVR devices
FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK […]
The post Fortinet warns of a spike in attacks against TBK DVR devices appeared first on Security Affairs.
Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products
Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products. An attacker with network access to the device can exploit the issue to obtain admin permission. The […]
The post Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products appeared first on Security Affairs.
Nexx bugs allow to open garage doors, and take control of alarms and plugs
A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. In late 2022, the researcher Sam Sabetan discovered a series of critical vulnerabilities in several smart devices manufactured by Nexx, including Smart Garage Door Openers, Alarms, and Plugs. A […]
The post Nexx bugs allow to open garage doors, and take control of alarms and plugs appeared first on Security Affairs.