CyberSecurityBoard
Sponsor Register Login

Critical Realtek Vulnerability Impacting IoT Devices Worldwide

As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging a Realtek Jungle SDK vulnerability, with 97 of them occurring at the beginning of August 2022. Cybercriminals increased their efforts to exploit the remote code execution vulnerability, which affects almost 190 models of devices from 66 different manufacturers. This bug can create supply-chain issues, making it difficult for users to identify the products that attackers are exploiting. It is an arbitrary command injection and buffer overflow bug that could be leveraged to execute arbitrary code and gain the highest level of privileges, eventually hijacking the infected device appliance. Most of the attacks observed were attempts to deliver malware and compromise vulnerable IoT devices, indicating that threat actors aim to launch large-scale attacks against internet-connected devices worldwide. Around 50% of the attacks were launched from the USA, followed by Vietnam and Russia. Unit 42 identified three kinds of payloads that were distributed through in-the-wild exploitation of this bug. Attackers can exploit this bug to deliver known botnets such as Mozi, Mirai, Gafgyt, and the new Golang-based DDoS botnet called RedGoBot. Vulnerable IoT devices include IP cameras, routers, residential gateways, and Wi-Fi repeaters from at least 66 vendors, including Belkin, D-Link, ASUS, Huawei, LG, ZTE, Logitech, Zyxel, and NETGEAR. Additionally, millions of IoT devices are open to video snooping and ransomware installation due to ThroughTek Flaw and Access:7 Supply Chain Flaws.

This Cyber News was published on www.hackread.com. Publication date: Mon, 30 Jan 2023 22:54:03 +0000


Cyber News related to Critical Realtek Vulnerability Impacting IoT Devices Worldwide

IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
10 months ago Securityzap.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
11 months ago Securityzap.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
11 months ago Feeds.dzone.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
11 months ago Securityzap.com
Hacking: Exploring the Realtek SDK Flaw (CVE-2021-35394) and its Botnet Implications - Realtek SDK is vulnerable to CVE-2021-35394, a security vulnerability which can be used to launch cyber attacks. The vulnerability was discovered by security experts, who state that it can lead to malicious actors gaining access to devices, executing ...
1 year ago Securityaffairs.com
How To Improve Security Capacities of The Internet of Things? - The security of the Internet of Things is one of the main challenges of today. Many IoT assets could get an easy target to cyber attacks and it's highly recommended to somehow cope with these requirements. The best practice is something that would ...
10 months ago Cyberdefensemagazine.com
Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID - PRESS RELEASE. EAST BRUNSWICK, N.J., Feb. 14, 2024 /PRNewswire/ - Somos, Inc., an industry expert in identity management, fraudprevention and data services who is recognized as a leading provider of solutions that foster trust in voice and messaging, ...
10 months ago Darkreading.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
The key to connected care excellence - Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the ...
11 months ago Blog.checkpoint.com
Insights from Billington Cybersecurity Summit 2023: The Enhanced Threat Surface of 5G/6G & IOT - From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual Cybersecurity Summit in Washington, D.C. Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. government and ...
10 months ago Cyberdefensemagazine.com
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
1 year ago Packetstormsecurity.com
Critical Realtek Vulnerability Impacting IoT Devices Worldwide - As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging a Realtek Jungle SDK vulnerability, with 97 of them occurring at the beginning of August 2022. Cybercriminals increased their efforts to exploit the remote ...
1 year ago Hackread.com
Botnets Exploit Realtek SDK Bug in Millions of Attacks - Ensure Your Security - A new report has highlighted how botnets are exploiting a critical bug in the Realtek SDK, allowing attackers to access and manipulate millions of devices with alarming ease. According to Radware’s research, device owners may be vulnerable to ...
1 year ago Bleepingcomputer.com
Coming Soon to a Network Near You: More Shadow IoT - News of former Microsoft head of product Panos Panay's exit caused a small stir in the tech industry when it was learned he would join Amazon to lead that company's product division. Precisely what Amazon and Panay have in mind for that ecosystem has ...
11 months ago Securityweek.com
Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
11 months ago Securityboulevard.com
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
CVE-2021-35395 - Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another ...
1 year ago
Securing Educational Robots: IoT Security in Robotics Education - As robotics continues to be integrated into educational settings, the use of educational robots powered by the Internet of Things presents exciting opportunities for enhancing learning experiences. With technological advancements come the critical ...
11 months ago Securityzap.com
Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks - PRESS RELEASE. NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ -Claroty, the cyber-physical systems protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical ...
9 months ago Darkreading.com
The Intersection of IoT and Financial Security: Expert Tips for Protection - Sophisticated Internet of Things technologies transformed the cybersecurity systems in financial services. Take credit cards as an example-commercial banks significantly cut the risk of skimming by replacing magstripe cards with chip-and-PIN cards. ...
11 months ago Securityboulevard.com
Black Hat Europe 2023: Should we regulate AI? - The accelerated pace in the advancement of technology is challenging for any of us to keep up with, especially for public sector policymakers who traditionally follow rather than lead. Last week, the Black Hat Europe conference held in London, ...
1 year ago Welivesecurity.com
Why BYOD Is the Favored Ransomware Backdoor - These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from ...
11 months ago Esecurityplanet.com
Building a Collaborative Approach to Secure the Connected World - In today's rapidly evolving digital landscape, public key infrastructure has emerged as an essential component of digital trust, underpinning security across myriad interconnected domains, from users and devices to the Internet of Things and ...
1 year ago Securityboulevard.com
Nozomi Networks Delivers Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments - PRESS RELEASE. SAN FRANCISCO, January 24, 2024 - Nozomi Networks Inc., the leader in OT and IoT security, today introduced Guardian Air™, the industry's only wireless spectrum sensor purpose-built for OT and IoT environments worldwide. With 80 ...
10 months ago Darkreading.com
Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv - The Security Service of Ukraine has asked owners and operators of webcams in the country to stop broadcasts from their devices over concerns about Russia's intelligence services using the feeds to conduct military reconnaissance against strategic ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)