Security Vulnerabilities Newsletter: Top News Rundown (Weeks 6/9-2024)

Security Firm Now Says Toothbrush DDOS Attack Didn’t Happen, But Source Publication Says Company Presented It As Real

“The security company at the nexus of the original report that three million toothbrushes were used in a DDOS attack has now retracted the story and claimed it was a result of a mistranslation — but according to the news outlet that published the initial report,?that statement isn’t true.?The reports of this story are?not?based on a mistranslation by the media. The publication claims Fortinet presented the story as having actually happened and approved the text of the article, which had been submitted to Fortinet prior to publication.”

Binaré?offers a security-testing platform?to prevent various businesses from cyberattacks. Binaré is concerned about security of the?IoT device your business is using. Come to our web page and?assess the security risk your IoT device possesses?with our FREE Demo! The link for the web page:?https://binare.io/.

More information about the incident:? https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages

#BinareInfographic: The Strong & Urgent Need to Perform Binary (IoT Firmware) Security Analysis

Discover and download more infographics HERE

Critical Cisco Bug Exposes Expressway Gateways To CSRF Attacks

“Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.

Attackers can exploit CSRF vulnerabilities to trick authenticated users into clicking malicious links or visiting attacker-controlled webpages to perform unwanted actions such as adding new user accounts, executing arbitrary code, gaining admin privileges, and more.

Unauthenticated attackers can exploit the two critical CSRF vulnerabilities patched today (CVE-2024-20252 and CVE-2024-20254) to target unpatched Expressway gateways remotely.”

Binaré’s platform will check your IoT device, e.g. gateway, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.bleepingcomputer.com/news/security/critical-cisco-bug-exposes-expressway-gateways-to-csrf-attacks/

#BinareCaseStudy: Binare’s Firmware Analysis & Monitoring Platform Brings Significant Value?For Healthcare Organizations

Realized the urgent need to protect Medical IoT devices against cyberattacks? Find out how Binare can help healthcare organizations to secure their IoT devices by downloading the full case study HERE

Wi-Fi Jamming To Knock Out Cameras Suspected In Nine Minnesota Burglaries

“A serial burglar in Edina, Minnesota is suspected of?using a Wi-Fi jammer?to knock out?connected security cameras?before stealing and making off with the victim’s prized possessions. Minnesota doesn’t generally have a reputation as a hotbed for technology, so readers shouldn’t be surprised to hear that reports of Wi-Fi jammers used to assist burglaries in the U.S. go back several years. PSA: even?criminals use technology, and more are now catching on — so homeowners should think about mitigations.”

Binaré’s platform will check your IoT device, e.g. camera, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.tomshardware.com/networking/wi-fi-jamming-to-knock-out-cameras-suspected-in-nine-minnesota-burglaries-smart-security-systems-vulnerable-as-tech-becomes-cheaper-and-easier-to-acquire?

#BinareVideo:?Binare's Firmware Insights || Critical vulnerability in Apache Log4j library || CVE-2021-44228

Found the video insightful? Subscribe to Binare's Youtube channel HERE

Russian Military Botnet Discovered On 1000+ Compromised Routers

“GRU-funded hacking team Fancy Bear has been caught installing Moobot malware on “well over a thousand” unsecured home and business routers using the default admin password as the infection vector, says FBI Director Christopher Wray [h/t?The Register].?

Moobot was used to create a functional botnet of compromised routers that the GRU and?Fancy Bear?were using for undisclosed reasons, but the scale of the?security?breach isn’t promising. The FBI acted to isolate and remove the malware from all infected units. The issue stems from a lack of cybersecurity basics (change the admin password unless you want someone else to change it for you) taught to the public. So, it’s not quite like a hardware vulnerability that can’t be fixed without revision.”

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident:? https://www.tomshardware.com/tech-industry/cyber-security/russian-military-botnet-discovered-on-1000-compromised-routers-fbi-deactivated-moobot-by-taking-control-of-impacted-routers

#BinareBlog: Automated IoT Penetration Testing: What & Why

More articles for reading available in Binare's blog & news section

VoltSchemer Attacks Use Wireless Chargers To Inject Voice Commands, Fry Phones

“A team of academic researchers show?that a new set of attacks called ‘VoltSchemer’ can inject voice commands to manipulate?a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.

VoltSchemer can also be used to cause physical damage to the mobile device and to heat items close to the charger to a temperature above 536F (280C).

A technical paper signed by researchers at the University of Florida and CertiK describes VoltSchemer as an attack that leverages electromagnetic interference to manipulate the charger’s behavior.”

Binaré’s platform will check your IoT device, e.g. wireless charger, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at?https://binare.io/!

More information about the incident: https://www.bleepingcomputer.com/news/security/voltschemer-attacks-use-wireless-chargers-to-inject-voice-commands-fry-phones/

Free icons courtesy of flaticon.com by authors: Freepik, dreamicons.