Offensive SequenceFeb 19
🚨 CRITICAL: CVE-2026-2686 in SECCN Dingcheng G10 (v3.1.0.181203) enables unauthenticated remote OS command injection via the 'User' param in /cgi-bin/session_login.cgi. Exploit code is public. Restrict access & monitor! https://radar.offseq.com/threat/cve-2026-2686-os-command-injection-in-seccn-dingch-6d02b310 #OffSeq #CVE20262686 #IoTSec
Offensive SequenceOct 22
⚠️ CVE-2025-41108 (CRITICAL): Ghost Robotics Vision 60 v0.27.2 lets attackers hijack robots by spoofing control commands over MAVLink (no auth/encryption). Segment networks & monitor traffic while awaiting patch. https://radar.offseq.com/threat/cve-2025-41108-cwe-287-improper-authentication-in--fef464fa #OffSeq #CVE202541108 #Robotics #IoTSec
Eliot LearJan 11, 2025
In the #iotsec front, here's a new package to play with, involving #mud (manufacturer usage descriptions) and RFC 8520. mudcerts (https://github.com/iot-onboarding/mudcerts) is a Go package that can generate a demo CA, signer cert, and #IEEE 802.1AR cert, as well as verify it.
GitHub - iot-onboarding/mudcerts: Go routines that can be used to generate and verify MUD certificates

Go routines that can be used to generate and verify MUD certificates - iot-onboarding/mudcerts

GitHub
IJCISIM JournalDec 2, 2024

👋#call4reading

✍️Modeling #IoT based Forest #FireDetection System with #IoTsec #by Meziane Hind, Ouerdi Noura and Ajith Abraham

🔗https://cspub-ijcisim.org/index.php/ijcisim/article/view/535

Modeling IoT based Forest Fire Detection System with IoTsec | International Journal of Computer Information Systems and Industrial Management Applications

O(SINT) PositiveAug 14, 2024

Hypponen's Law ( @mikko ) confirmed (again):

"At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear."

Citation:
https://www.wired.com/story/shimano-wireless-bicycle-shifter-jamming-replay-attacks/z

#iot #infosec #cybersecurity #IoTSec

O(SINT) PositiveAug 14, 2024

Dutch ethical hacker Wietse Boonstra discovered a critical vulnerability in solar panel systems that could have allowed disruption of 4 million systems across 150 countries. The vulnerability affected systems made by Enphase, an American company. Boonstra found a flaw that allowed him to become an administrator of multiple accounts without permission.

Sources:

1. Dutch Institute for Vulnerability Disclosure (DIVD) report: https://www.divd.nl/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor/

2. Original reporting from Follow the Money (FTM), a Dutch investigative outlet: https://archive.is/BVR80

3. Euractiv summary article (English): https://www.euractiv.com/section/energy-environment/news/hacker-shines-spotlight-on-vulnerability-of-solar-panels-installed-in-europe/

#infosec #cybersecurity #renewableenergy #ethicalhacking #iotsec

DIVD responsibly discloses six new zero-day vulnerabilities to vendor

Jim MahonyDec 3, 2022

Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.

#infosec #IoTSec #vulnerability #hacking

https://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

CISA warns of several critical vulnerabilities in Mitsubishi Electric GX Works3 engineering software, which is widely used in the ICS environment.

The Hacker News
FLOX AdvocateDec 31, 2019

@ted also, here's some people silently triggering voice commands with lasers

"Breaking Into a Smart Home With A Laser - Smarter Every Day 229"

https://www.youtube.com/watch?v=ozIKwGt38LQ

#SmarterEveryDay #IoT #IoTSec

Breaking Into a Smart Home With A Laser - Smarter Every Day 229

YouTube
Eric PommereauJan 2, 2019
RT @matthieugarin
#CastHack : #Hacking en cours de Chromecasts, Google Homes et SmartTVs ! Cf #LiveHack https://casthack.thehackergiraffe.com/  -> Impressionnante cette démo live (et illégale !). Déjà +1300 éqpmts piratés et le compteur tourne vite !
Mêmes attaquants que #Printerhacker #PewDiePie #IoTsec.
Eric PommereauDec 12, 2018
RT @matthieugarin
Création d'un Framework de certification sécurité à l'échelle européenne : une étape de franchie #CybersecurityAct http://europa.eu/rapid/press-release_IP-18-6759_en.htm  -> accord entre Commission et Parlement, il ne reste plus qu'à voter ! Permettra de certifier produits, process et services #IoTsec #goodnews
European Commission - PRESS RELEASES - Press release - EU negotiators agree on strengthening Europe's cybersecurity