2025-01-31 06:27:50 Pacfic
White House Unveils Cyber Trust Mark Program - 22d
The White House has launched the Cyber Trust Mark program, a labeling scheme for IoT devices. This program informs consumers that applicable household products meet certain government-vetted cybersecurity standards. The Cyber Trust Mark aims to certify devices’ security, similar to the Energy Star label for energy efficiency. The initiative, coordinated with NIST and FCC, is set to have labeled products on shelves in 2025. This could encourage manufacturers to focus more on cybersecurity, and also help consumers pick safer devices.
Four-Faith Router Flaw Enables Remote Attacks - 4h
A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.
Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.
BadBox malware preinstalled on 30000 German devices - 17d
The BADBOX malware campaign has compromised over 30,000 Android devices in Germany, including digital photo frames, media players and possibly smartphones. The malware is pre-installed on the devices, exploiting outdated Android versions. The German Federal Office for Information Security (BSI) has taken action to disrupt the communications between infected devices and command-and-control servers. This campaign highlights the risks associated with insecure supply chains and pre-installed malware on IoT devices, and emphasizes the need for rigorous security checks and device updates to prevent similar incidents.