Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

October 9, 2024 at 11:43AM Multiple security vulnerabilities in the Manufacturing Message Specification (MMS) protocol pose risks for industrial environments, potentially enabling device crashes and remote code execution. Key libraries affected were patched in 2022, but gaps in security for modern technology versus outdated protocols persist. Additional vulnerabilities in other systems were also reported. ### … Read more

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

October 7, 2024 at 06:45AM The Gorilla (aka GorillaBot) botnet, a new variant of Mirai, has been identified by cybersecurity researchers. It has carried out over 300,000 attack commands with a high attack density, targeting over 100 countries and using various DDoS attack methods. It also exploits a security flaw in Apache Hadoop YARN RPC … Read more

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

September 23, 2024 at 06:49AM A critical vulnerability (CVE-2024-7490) in Microchip Advanced Software Framework (ASF) could lead to remote code execution, impacting ASF 3.52.0.2574 and earlier versions. No fixes or mitigations are available, except replacing the tinydhcp service. Additionally, SonicWall detailed a severe zero-click vulnerability (CVE-2024-20017) in MediaTek Wi-Fi chipsets, with a patch released in … Read more

Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military

September 18, 2024 at 01:09PM Lumen Technologies researchers have identified a large-scale botnet, Raptor Train, controlled by a Chinese state-sponsored espionage group known as Flax Typhoon. The botnet targets US and Taiwanese organizations in critical sectors using IoT devices and has a robust command and control infrastructure. The botnet has been used for extensive scanning … Read more

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

September 12, 2024 at 10:24AM A new malware named Vo1d has infected nearly 1.3 million Android-based TV boxes in 197 countries. It acts as a backdoor, secretly installing third-party software when commanded by attackers. The infection’s source is unknown, but it’s suspected to involve compromised instances or unofficial firmware versions. Budget device manufacturers may be … Read more

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

August 29, 2024 at 07:48AM Malicious actors have weaponized a long-standing flaw in AVTECH IP cameras, exploiting a zero-day vulnerability to form a botnet. The vulnerability, CVE-2024-7029, allows remote code execution. The attack campaign has been ongoing since March 2024, leveraging known vulnerabilities to spread a Mirai botnet variant. Additionally, a “mysterious” botnet named 7777 … Read more

HPE Aruba Networking Strengthens Cyber Defenses With AI-Powered Network Detection and Response

August 9, 2024 at 01:57PM Hewlett Packard Enterprise (HPE) has expanded its AI-powered networking portfolio, introducing behavioral analytics-based network detection and response capabilities and enhancing its cloud-based universal ZTNA approach. The new NDR solution leverages AI models to monitor and detect unusual activity in IoT devices, addressing security blind spots and providing comprehensive network security … Read more

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

August 9, 2024 at 10:21AM Cybersecurity researchers discovered vulnerabilities in Sonos smart speakers that could be exploited by attackers to eavesdrop on users, impacting all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12. These findings were presented at Black Hat USA 2024 and reveal two security defects, CVE-2023-50809 and CVE-2023-50810, compromising … Read more

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption

August 8, 2024 at 09:18AM Bitdefender researchers found critical vulnerabilities in widely used Solarman and Deye solar power systems, potentially enabling attackers to cause disruption and blackouts. The flaws allowed attackers to take control of accounts, manipulate inverters, and access sensitive data. Bitdefender reported the findings and patches were deployed in the summer. Robust cybersecurity … Read more

Verizon Business 2024 Mobile Security Index Reveals Escalating Risks in Mobile and IoT Security

August 8, 2024 at 05:46AM Verizon Business has released the 2024 Mobile Security Index (MSI) report, emphasizing the increasing threats to mobile and IoT device security. The report highlights the growing reliance on such devices and the associated security concerns, urging the adoption of robust frameworks and AI-driven cybersecurity solutions. The findings aim to inform … Read more