Security News

Ripple20 puts millions of IoT devices as risk

Avast Security News Team, 19 June 2020

Plus, more newsbytes including a trio of data breaches and new take on an old trojan

Security researchers found this week that a core software component in hundreds of millions of IoT devices has 19 hackable vulnerabilities in its code. The buggy code, its actual function to enable the device to connect with any network or the internet, is added early in the manufacturing supply chain, resulting in a ripple effect that amplifies the flaws as more components are added to the device. As the discovery occurred in 2020, researchers have named the collection of flaws “Ripple20.” Attackers who exploit the bugs correctly can seize full control of the targeted device. 

According to Wired, the flawed software was developed by a small Ohio company called Treck, but it can be found in products released by HP, Intel, Caterpillar, and Schneider Electric, among others. This puts various equipment used in the medical, manufacturing, and data processing industries at risk, as well as municipal power utilities. An alert from the U.S. agency CISA rates about a third of the 19 bugs as severe vulnerabilities. Treck responded in a statement that upon learning of the flaws, it fixed all the issues and made new code releases and patches available to all its customers. 

“Sadly, even though the original software maker has fixed the vulnerabilities, it depends on the different device manufacturers to make the update available to its customers,” commented Avast Security Evangelist Luis Corrons. “And then users have to update their devices, as long as there is an update option in the device! The good news is that solutions for our IoT devices already exist, as a colleague of mine wrote about recently.”

Tait Towers Manufacturing data breach

The U.S.-based multinational company Tait Towers Manufacturing issued a Notice of Data Security Incident last week in which it reported that a data breach compromised sensitive information of Tait personnel. Providing equipment, rigging, and lighting for concerts and other live events, the enterprise stated in the notice that an unauthorized user infiltrated company servers in February and siphoned employee information until the breach was detected on April 6. The information at risk includes names, addresses, emails, birth dates, Social Security numbers, and financial account numbers. Tait said it has already addressed the security issues involved in this incident and it is implementing additional safeguards.

This week’s quote

"They preyed on our concern, confusion, and desire for resolution," said the Microsoft Threat Intelligence Team discussing the COVID-19 related scams that they saw peak and plateau as the crisis continued on.

Claire’s data breach

Jewelry and accessory store Claire’s, which temporarily closed thousands of locations around the world due to the COVID-19 crisis, had its website compromised by attackers who injected malware that steals customer payment info. In a statement to Bleeping Computer, the company said that it alerted authorities and removed the malicious code from its website. “We are working diligently to determine the transactions that were involved so that we can notify those individuals,” the company wrote. According to researchers, the card-skimming malware was active on the site between April 30 and June 13.

Foodora data breach

Berlin-based multinational meal delivery brand Foodora has confirmed a data breach that exposed the account details of 727,000 customers across 14 countries, according to Infosecurity. The victims appear to be users in Australia, Austria, Canada, France, Germany, Hong Kong, Italy, Liechtenstein, the Netherlands, Norway, Singapore, Spain, and the United Arab Emirates. Financial data was fortunately not compromised, but customer names, addresses, phone numbers, and hashed passwords were exposed. Foodora parent company Delivery Hero stated that the breached information dates back to 2016 and that it is taking steps to investigate what caused it. 

This week’s stat

79

The number of Netgear router models vulnerable to a security flaw that allows hackers to take over devices remotely. Read more at ZDNet.

Qbot targets online banking customers

Cybercriminals have updated a 12-year-old banking trojan called Qbot with new features, and it is currently being used in a campaign targeting 36 financial institutions in the U.S. The trojan has worm capabilities and the ability to steal a user’s banking credentials and financial data. It also functions as a keylogger, backdoor creator, and additional malware dropper. Among the banks targeted are JP Morgan, Citibank, Bank of America, Capital One, and Wells Fargo. The new version of the trojan includes sophisticated anti-detection mechanisms, such as assembling itself from two encrypted halves. Read more at Bleeping Computer

This week’s ‘must-read’ on The Avast Blog

With constant data breaches being announced, users might be wondering what this means for their data and where it goes. Learn more about the dark web and how to take control of your data


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.