July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more
June 24, 2024 at 10:41AM Early attacks are targeting end-of-life Zyxel NAS boxes following the disclosure of three critical vulnerabilities. The Shadowserver Foundation observed attempts of remote command execution by a botnet and advised users to check for compromise signs. It’s recommended to patch affected devices or consider upgrading for enhanced security, given the lack … Read more
June 10, 2024 at 05:33PM The cyberattack threat landscape for organizations encompasses various IT, IoT, and operational technology devices, offering opportunities for bad actors. Forescout Research highlights key findings, including IT devices accounting for most vulnerabilities, a surge in IoT vulnerabilities, and the top three riskiest verticals being technology, education, and manufacturing. A holistic approach … Read more
June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more
June 6, 2024 at 10:24AM The Muhstik botnet, known for targeting IoT devices and Linux servers, has exploited a security flaw in Apache RocketMQ to expand its scale. It leverages vulnerabilities to execute remote code, persist on hosts, and evade detection, aiming to launch DDoS attacks and engage in cryptomining activities. Organizations are urged to … Read more
June 5, 2024 at 04:00PM Karamba Security announced that BYD, a major EV manufacturer, has adopted its VCode software to create a Software Bill of Materials (SBOM) for electronic control units, enhance supply-chain security, and meet cybersecurity regulation UN R155. The tool aims to help manufacturers identify and address cybersecurity issues before production and comply … Read more
May 29, 2024 at 11:00AM Humanativa Group identified security vulnerabilities in Eclipse ThreadX, previously known as Azure RTOS. Marco Ivaldi found issues, including memory corruption and DoS risk, from research of publicly available source code. The flaws were reported to Microsoft and Eclipse Foundation and addressed in Eclipse ThreadX version 6.4.0, with additional bugs to … Read more
May 14, 2024 at 06:54AM MITRE publicly released its EMB3D threat model for embedded devices in critical infrastructure and other sectors. Developed in collaboration with industry partners, the framework aims to improve the security of these devices by mapping threats to their features and properties. It aligns with existing models and will be continuously updated … Read more
May 13, 2024 at 06:22AM Cybersecurity researchers disclosed critical security flaws in Cinterion cellular modems, potential targets for threat actors, risking access to sensitive information and code execution. The flaws, including heap overflow, privilege escalation, and exposure of sensitive information, were presented at OffensiveCon. Recommendations to mitigate threats include disabling non-essential SMS messaging and conducting … Read more
May 10, 2024 at 06:37PM Millions of IoT devices utilizing Cinterion modems are vulnerable to multiple severe vulnerabilities, according to research conducted by Kaspersky. Telit, the modem vendor, has only partially addressed the flaws. The most critical threat allows remote attackers to execute arbitrary code and poses a significant risk to various industries. Recommended mitigation … Read more