Martijn Lammerts
My own digital place with a little of everything

Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices

23 July 2018

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

The post Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices appeared first on .

Continue reading...

VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities

13 July 2018

This blog tackles the recently ill-famed VPNFilter malware and if deployed devices are vulnerable to it. VPNFilter is a newly discovered, multi-stage malware (detected by Trend Micro as ELF_VPNFILT.A, ELF_VPNFILT.B, ELF_VPNFILT.C, and ELF_VPNFILT.D) that affects many models of connected devices. Based on our data from June 1 to July 12, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well, can still be detected in devices up to this day.

The post VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities appeared first on .

Continue reading...

Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

17 April 2018

Even before the term IoT was coined, we had the routers at the gateway, most of the time publicly exposed on the internet. In the context of the IoT, the router is perhaps the most important device for the whole infrastructure. All traffic goes through it and it allows for the provision of many services, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), content filtering, firewalls, and Voice over Internet Protocol (VoIP), to all connected devices, including computers, smartphones, and IP cameras. If an attacker is able to compromise the router, every device connected to it can be affected. And that’s what a hacking group in Brazil just did.

The post Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware appeared first on .

Continue reading...

Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More

16 April 2018

If there is anything to be learned from the massive attacks that have been seen on connected devices, it is that the internet of things (IoT) is riddled with vulnerabilities. We have seen this time and again with how botnets are created from system weaknesses and have harnessed poor basic security to disrupt many devices and services.

In the past year, we embarked on a closer look at the security of IoT devices around the world. We chose devices that are available in different Amazon regions and are widely used in the Japan market, and tried to find out whether remote code execution (RCE) is possible. What we ended up finding out was more than that.

The post Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More appeared first on .

Continue reading...

Mirai-like Scanning Activity Detected From China, With Targets in Brazil

11 April 2018

Our network monitoring system recently detected an enormous amount of Mirai-like scanning activity from China. From 1:00 p.m. UTC on March 31 to 12:00 a.m. UTC on April 3, our team detected an influx of activity coming from 3,423 IP addresses of scanners. Brazil appeared to be the target location of the scanning of networked devices, including routers and IP cameras.

The post Mirai-like Scanning Activity Detected From China, With Targets in Brazil appeared first on .

Continue reading...

The Reigning King of IP Camera Botnets and its Challengers

8 June 2017

Early this month we discussed a new Internet of Things (IoT) botnet called Persirai (detected by Trend Micro as ELF_PERSIRAI.A), which targets over 1000 Internet Protocol (IP) camera models. Currently, through Shodan and our own research, we see that 64% of tracked IP cameras with custom http servers are infected with Persirai. But, because these cameras are such common targets, there is some competition between malware.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

The Reigning King of IP Camera Botnets and its Challengers

Continue reading...

What’s In Shodan? Analyzing Exposed Cyber Assets in the United States

15 February 2017

Thanks to the Internet of Things (IoT), the world is now much more connected. While IoT brings about many benefits and has made life easier for us, there are some important questions we still have to ask: is IoT also making the world a little less secure? More importantly, is IoT making us vulnerable to attackers?

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

What’s In Shodan? Analyzing Exposed Cyber Assets in the United States

Continue reading...

Home Routers: Mitigating Attacks that can Turn them to Zombies

14 December 2016

With more households running smart devices that access the internet, the router is typically their only doorkeeper. And whether an end user has a laptop/desktop and router combo, or a miscellany of other devices connected to the network, the security risks are the same. Based on our research, home routers have been most susceptible to cross-site scripting (XSS) and PHP arbitrary code injection attacks, as well as being involved in carrying out DNS amplification attacks.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Home Routers: Mitigating Attacks that can Turn them to Zombies

Continue reading...