CYBER 101

  • Alerts
  • Blog
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Subscribe to our newsletter

FOLLOW US

No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Jobs
  • Vendors
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Alerts

Security Risks Found in Millions of XIoT Devices

Reading Time: 2 mins read
in Alerts

 

A vast number of common vulnerabilities and exposures (CVEs), default passwords and other security risks have been found in millions of extended internet of things (XIoT) devices.

The claims come from security experts at Phosphorus, who recently published a report encapsulating five years of security research and device testing.

The research suggests some worrying findings based on the analysis of millions of XIoT devices deployed in corporate network environments across leading verticals.

Phosphorus has claimed that 99% of XIoT device passwords analyzed as part of its research were out of compliance with best practices, and 68% of XIoT devices had high-risk or critical vulnerabilities (CVSS scores of 8-10). Further, the company said that 80% of security teams could not correctly identify most of their XIoT devices.

The new findings illustrate the threat actor’s continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like BLUELIGHT and Dolphin, the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.

Another key tool in its arsenal is RokRat, a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.

 

READ FULL ARTICLE

Tags: AlertsAlerts 2022December 2022extended internet of thingsInternet of thingsPhosphorusSecurity AdvisoryUpdatesVulnerabilitiesXIoT devices
ADVERTISEMENT

Related Posts

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping

February 6, 2023
FormBook Malware Spreads via Malvertising Using MalVirt Loader

FormBook Malware Spreads via Malvertising Using MalVirt Loader

February 6, 2023
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

February 6, 2023
Dell security advisory (AV23-071)

Dell security advisory (AV23-071)

February 6, 2023

More Articles

Book

Automate the Boring Stuff with Python

October 26, 2020
Podcast

CYBER SECURITY SAUNA: Episode 049| Ransomware 2.0, with Mikko Hypponen

March 25, 2021

Dog Whistling

November 17, 2021
Alerts

Fortinet Security Advisory

November 3, 2021
Alerts

F5 security advisory (AV22-248)

May 4, 2022
Incidents

ICO Relaxes Breach Reporting for Comms Providers

February 6, 2023

Hyperledger Avalon

February 23, 2021

Machine Learning and Security

March 21, 2021
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.