UPDATE to last week’s #Team82 Akuvox blogs: The vendor has confirmed all 13 vulnerabilities in the smart intercoms and promises a firmware update by March 20. We’ve updated our blog and technical report.

Technical blog: https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms

Blog: https://claroty.com/team82/blog/akuvox-smart-intercom-vulnerabilities-leave-privacy-ajar

New research from #Team82: We share some details on 13 vulnerabilities in Akuvox E11 smart intercoms and door phones. Some of the vulnerabilities can allow an attacker to take over these devices, view and download images, open doors, and more. Note: Akuvox blocked Team82's and CISA's attempts to disclose details about these vulns that began in Jan. '22, and they remain unpatched. Read more: https://okt.to/wU1qNG

⚠️​ #Team82's Uri Katz found 4 vulnerabilities in Snap One Wattbox. Successful exploitation could lead to remote code execution on the device, password brute force, and bricking of the device. See the CISA advisory for more info: https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03

🔖​ Bookmark our Team82 Vulnerability Disclosure Dashboard to stay up-to-date with @Claroty research: https://claroty.com/team82/disclosure-dashboard

#S4x23 is next month! See #Team82 researcher, Noam Moshe, demonstrate how MQTT, WebSocket, and Web API architecture flaws can be exploited to expose large numbers of devices and endpoint routers and allow remote code execution. More info: https://s4xevents.com/agenda/

TBT: #Team82 researchers, Amir Preminger and Sharon Brizinov, demonstrate an attack against a patient monitoring system during #Nexus22. Watch how they're able to access a patient monitoring system remotely, inject code into the device's logic, and alter vital signs readings on the device. This, of course, would impact a physician's ability to accurately diagnose and treat a patient. https://okt.to/SEstFo #ClarotyHealthcare

Great research from @Claroty #Team82 Sharon Brizinov on the technical details of what is actually encrypted in the compromised #LastPass customer vault data.
https://www.linkedin.com/posts/sharonbrizinov_lastpass-was-breached-and-the-threat-actor-activity-7012069984646402048-rqPg

🎙️​ In this episode of the Aperture Podcast, #Team82 researcher, Noam Moshe, joins host, Michael Mimoso, to discuss his recent research and development of a generic bypass of leading vendors’ web application firewalls.

The attack technique exploits the vendors’ previous lack of support for JSON syntax in their SQL injection processes. WAFs were previously blind to JSON syntax prepended to a SQL injection payload and would not flag these as malicious. :ablobcatheadphones:​ Listen here: https://claroty.com/resources/podcasts/aperture-podcast-noam-moshe-on-a-generic-bypass-of-web-application-firewalls #LetsTalkAboutXIoT

🌟 Big congratulations to Director of Security Researcher, Sharon Brizinov, on being named SANS Institute Researcher of the Year!

The SANS Difference Makers Awards shine a light on the cybersecurity practitioners who are leading innovative developments in the industry, who’ve made outstanding security achievements, and who are contributing back to the InfoSec community in ways that deserve recognition. Catch the replay of the ceremony here: https://okt.to/o7zutv

#Team82 #DifferenceMakers #Cybersecurity #CyberAwards #Cyber #Security #Practitioners #Awards #SANSInstitute #HackerValley

🚨 New research available from #Team82 today focuses on a generic bypass of leading web application firewalls that targets a lack of JSON syntax support in their SQL injection inspection processes. Since our disclosure, 5 vendors have added such support, negating this threat.
https://okt.to/2nvsQ9

💡​ Connect with #Team82 on Slack! Join our #Team82Research channel to stay up to date with #XIoT vulnerabilities directly from the the industry’s best cybersecurity vulnerability and threat research team. https://join.slack.com/t/team82research/shared_invite/zt-18v6d0z6f-SDT3JsDlFyuALvkXkACelg

Get your copy of our revamped "State of #XIoT Security Report: 1H 2022". In the report, #Team82 dissects the published vulnerabilities across the Extended Internet of Things and identifies the trends you need to prioritize. https://claroty.com/resources/reports/state-of-xiot-security-1h-2022