A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.
Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of “legacy” design choices: every robot shared the same hardcoded root password, remote tunnels were left open, and Message Queuing Telemetry Transport (MQTT) messaging was so weakly protected that once you had one device, you effectively had the worldwide fleet.
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyberwarfare in space: Satellites at risk of hacker attacks
July 2, 2019
There’s an urgent need for NATO and its member countries to address the cybersecurity of space-based satellite control systems because they’re vulnerable to cyberattacks – and if left unaddressed, it could have severe consequences for global security, a new paper from a major thinktank on international affairs has warned. Almost all modern military engagements rely on space-based assets, ...
- US Cyber Command issues alert about hackers exploiting Outlook vulnerability
July 2, 2019
US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook ...
- Newly-Discovered Malware Targets Unpatched MacOS Flaw
June 25, 2019
Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS Gatekeeper security feature, which verifies downloaded applications before allowing them to run on Macs. ...
- New Echobot malware is a smorgasbord of vulnerabilities
June 17, 2019
If there’s one thing that seems to have no end in sight is malware authors putting their own spin on the old Mirai malware and creating new botnets to haunt the IoT and enterprise landscapes. Not a month goes by without a new major botnet appearing out of nowhere and launching massive attacks against people’s smart ...
- RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory
June 12, 2019
A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side ...
- Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure
June 12, 2019
Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware. Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight ...