SoylentNews

JesusAmieiro [barracoma.com] writes:

Nearly a half-billion Internet of Things devices are vulnerable to cyberattacks at businesses worldwide because of a 10-year-old security flaw, according to a new report from a security software vendor.

The web exploit in question is called DND rebinding, an attack first disclosed at the RSA Conference in 2008 that allows an attacker to bypass a network firewall and use a victim's web browser to access other devices on the network. The attacker can gain access to the web browser through a malicious link enclosed within an email, banner ad or another source. This can leave devices susceptible to data exfiltration, compromise and hijacking, the latter of which could lead to a botnet attack similar to the Mirai malware that took down major websites in 2016.

Original Submission