Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors.
WAFs of Several Major Vendors Bypassed With Generic Attack Method
Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total
On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned a total of more than $280,000 for smart speaker, smartphone, printer, router, and NAS exploits.
A significant chunk of the total amount was earned for smart speaker hacks, specifically vulnerabilities targeting Sonos One smart speakers.
Self-Propagating ‘Zerobot’ Botnet Targeting Spring4Shell, IoT Vulnerabilities
A newly observed botnet capable of self-replicating and self-propagation is targeting multiple Internet of Things (IoT) vulnerabilities for initial access, cybersecurity solutions provider Fortinet warns.
Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits
On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.
US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection
The US Government Accountability Office (GAO) has urged several federal agencies to conduct cybersecurity-related assessments in an effort to improve the protection of certain critical infrastructure sectors.
Several Car Brands Exposed to Hacking by Flaw in Sirius XM Connected Vehicle Service
Cybersecurity researchers discovered that several car brands were exposed to remote hacker attacks due to a vulnerability in a connected vehicle service provided by Sirius XM.
OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products
Forescout Technologies has disclosed the details of three new vulnerabilities identified by its researchers in operational technology (OT) products from Festo and Codesys.
Microsoft Warns of Boa Web Server Risks After Hackers Target It in Power Grid Attacks
Microsoft is warning organizations about the risks associated with the discontinued Boa web server after vulnerabilities affecting the software were apparently exploited by threat actors in an operation aimed at the energy sector.
Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers
A team of researchers from the University of Michigan, University of Pennsylvania and NASA have identified a potentially serious vulnerability in networking technology used in spacecraft, aircraft, and industrial control systems.
Risk Mitigation Strategies to Close the XIoT Security Gap
Understanding the vulnerability landscape of the XIoT to properly assess and mitigate risk is critically important to protect livelihoods and lives