Jan 10, 2025Ravie LakshmananCybersecurity / Android Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds … [Read more...] about Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Devices
Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam … [Read more...] about Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Dec 14, 2024Ravie LakshmananBotnet / Ad Fraud Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and … [Read more...] about Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Nov 21, 2024Ravie LakshmananVulnerability / Cyber Attack As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the … [Read more...] about Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black … [Read more...] about Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
Necro Trojan infects 11 million Android devices
Here at Kaspersky Daily we’re forever urging readers of our blog to be real careful when downloading content to their devices. After all, even Google Play isn’t immune to malware — let alone unofficial sources with mods and hacked versions. For as long as the digital world keeps turning, Trojans will continue to worm their way onto devices that don’t have reliable … [Read more...] about Necro Trojan infects 11 million Android devices
New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at … [Read more...] about New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide
New T-Head CPU Bugs Expose Devices to Unrestricted Attacks
Aug 13, 2024Ravie LakshmananVulnerability / Hardware Security A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed … [Read more...] about New T-Head CPU Bugs Expose Devices to Unrestricted Attacks
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat … [Read more...] about Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
A Threat-Modeling Framework for Embedded Devices
May 13, 2024Newsroom The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to … [Read more...] about A Threat-Modeling Framework for Embedded Devices