DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Get Help
CyberMaterial
Home Alerts

Security Risks Found in Millions of XIoT Devices

Reading Time: 2 mins read
in Alerts

 

A vast number of common vulnerabilities and exposures (CVEs), default passwords and other security risks have been found in millions of extended internet of things (XIoT) devices.

The claims come from security experts at Phosphorus, who recently published a report encapsulating five years of security research and device testing.

The research suggests some worrying findings based on the analysis of millions of XIoT devices deployed in corporate network environments across leading verticals.

Phosphorus has claimed that 99% of XIoT device passwords analyzed as part of its research were out of compliance with best practices, and 68% of XIoT devices had high-risk or critical vulnerabilities (CVSS scores of 8-10). Further, the company said that 80% of security teams could not correctly identify most of their XIoT devices.

The new findings illustrate the threat actor’s continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like BLUELIGHT and Dolphin, the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.

Another key tool in its arsenal is RokRat, a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.

 

READ FULL ARTICLE

Tags: AlertsAlerts 2022December 2022extended internet of thingsInternet of thingsPhosphorusSecurity AdvisoryUpdatesVulnerabilitiesXIoT devices
ADVERTISEMENT

Related Posts

Cisco Fixes Privilege Escalation Flaw

Cisco Fixes Privilege Escalation Flaw

June 8, 2023
Massive Adware Android Campaign

Massive Adware Android Campaign

June 8, 2023
Ukrainian Cyberespionage Exposes Breach

Ukrainian Cyberespionage Exposes Breach

June 8, 2023
CISA Updates Catalog, Urges Remediation

CISA Updates Catalog, Urges Remediation

June 8, 2023

More Articles

Cyber101

Network (or security) Event – Definition

April 29, 2022
Tool

IBM MaaS360 – SaaS Tool

April 23, 2023
Incidents

Phishing Campaign Targets DoorDash

August 26, 2022
Tool

NetStorage

March 29, 2022
Course

Ransomware: Identify, Protect, Detect, Recover

October 8, 2022
Alerts

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

October 10, 2020

My kids are online…again!!!: Parental controls and cyber security measures for kids who have internet access

December 15, 2021
CyberDecoded

Cyber Decoded: Travelers

September 6, 2022
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.