Security Vulnerabilities Newsletter: Top News Rundown (December 2022)

Backdoor Credential Identified in ZyXEL Router

A researcher has found a backdoor credential hidden inside ZyXEL LTE indoor routers. The hard-coded backdoor credential is tracked as?CVE-2022-40602 and allows remote access to any malicious third-party. The hidden password is discovered within ZyXEL LTE3301-M209 firmware routers. “The firmware of this device, which comprises three main sections?LZMA section, the root-fs, and the www content, has a file containing the credentials written on it.”

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://cyware.com/news/backdoor-credential-found-in-zyxel-router-410e447c

#BinareInfographic: The Strong & Urgent Need to Perform Binary (IoT Firmware) Security Analysis

Discover and download more infographics?HERE

Critical Vulnerability in Hikvision Wireless Bridges Opens Door for CCTV Hacking

Chinese video surveillance company Hikvision revealed that two of its wireless bridge products, designed for elevator and other video surveillance systems, are affected by?CVE-2022-28173, a critical access control vulnerability. “The security hole can be exploited by sending specially crafted messages to affected devices, allowing the attacker to gain administrator permissions.”

Binaré’s platform will check your IoT device, e.g. CCTV, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.securityweek.com/critical-vulnerability-hikvision-wireless-bridges-allows-cctv-hacking?&web_view=true

#BinareVideo: Binare's Firmware Insights || Critical Samba Vulnerability in IoT Devices || CVE-2021-44142

Found the video insightful? Subscribe to Binare's Youtube channel?HERE

Millions of Vulnerable XIoT Devices Identified

“A vast number of common vulnerabilities and exposures?(CVEs), default passwords and other security risks have been?found in millions of?extended internet of things?(XIoT)?devices.” The claims are made by security experts of Phosphorus, who recently published a report reflecting five years of security research and device testing. “Phosphorus has claimed that 99% of XIoT device passwords analyzed as part of its research were out of compliance with best practices, and 68% of XIoT devices had high-risk or critical vulnerabilities (CVSS scores of 8-10). Further, the company said that 80% of security teams could not correctly identify most of their XIoT devices.”

Binaré’s platform will check your IoT device, e.g. extended IoT device, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident:?https://www.infosecurity-magazine.com/news/security-risks-found-in-millions/?&web_view=true

#BinareCaseStudy: Binare’s Firmware Analysis & Monitoring Platform Brings Significant Value?For?Telecom Companies

Realized the urgent need to protect Telecom IoT devices against cyberattacks? Find out how Binare can help Telecom companies to secure their IoT devices by downloading the full case study?HERE

New Zerobot Botnet Exploiting IoT Vulnerabilities

“The threat landscape was introduced to a new botnet, dubbed Zerobot, that has been spreading via IoT vulnerabilities.” Zerobot?targets multiple security bugs in IoT devices to gain access and then download a script for further dissemination.?“The exploits include flaws in Zyxel firewalls, TOTOLINK routers,?F5 BIG-IP,?Spring Framework,?D-Link DNS-320 NAS, Hikvision cameras, and FLIR AX8 thermal imaging cameras, among others.”

Binaré?offers a security-testing platform?to prevent various businesses from cyberattacks. Binaré is concerned about security of the?IoT device your business is using. Come to our web page and?assess the security risk your IoT device possesses?with our FREE Demo! The link for the web page:?https://binare.io/.

More information about the incident:?https://cyware.com/news/new-zerobot-botnet-abuses-iot-vulnerabilities-57aca371

#BinareBlog: Binare.io Featured in the December’s Edition of ECSO Cybersecurity Awareness Calendar 2022!

More articles for reading available in?Binare's blog & news section

Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws

“Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.” The security holes can be tracked as CVE-2022-29831, CVE-2022-29832 and CVE-2022-29833. They could allow a malicious third-party to get information from GX Works3 project files to compromise connected safety CPU modules.

Binaré’s platform will check your IoT device, e.g. PLC, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident:?https://www.securityweek.com/mitsubishi-electric-plcs-exposed-attacks-engineering-software-flaws?&web_view=true

Free icons courtesy of flaticon.com by authors: manshagraphics, dreamicons, konkapp, Freepik, VectorPortal.