2013, Authentication and Firmware - Cyber Security Informer

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Thrangrycat flaw could allow compromising millions of Cisco devices

Security Affairs

MAY 14, 2019

. “ A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.” ” reads the advisory published by Cisco.

Firmware

Firmware Authentication Software Advertising

Backdoor in the Backplane. Doing IPMI security better

Pen Test Partners

MARCH 30, 2025

IPMI vulnerabilities include authentication bypasses, credential leaks, and buffer overflows, particularly in Supermicro systems. Mitigations include using complex passwords, isolating IPMI on restricted networks, and regularly updating firmware despite infrequent patches. It monitors hardware data (e.g., This is a rating 10.0

Passwords

Passwords Firmware Authentication Media

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. SSL-VPN 200/2000/400 (EOL 2013/2014) disconnect immediately and reset passwords. SMA 210/410/500v (Actively Supported) update firmware to 9.0.0.10-28sv

Ransomware

Ransomware Firmware VPN Passwords

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. Even if the vulnerability has been patched, many Dahua devices are still running ancient firmware.

IoT

IoT Engineering Passwords Firmware

Privacy Roundup: Week 1 of Year 2025

Security Boulevard

JANUARY 4, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). For EOL devices, depending on model and/or submodel, users may be able to flash firmware (such as OpenWRT) to extend the life of the device.

Data breaches

Data breaches Firmware Healthcare Malware

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2013-3307. CVE-2013-5223. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

Malware

Malware IoT Firmware Authentication

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Pen Test Partners

SEPTEMBER 9, 2024

Privacy and Passwords: Two-step verification is done by default, but multi-factor authentication (MFA) is recommended. Ring started in 2013, offering video doorbells that let you see and talk to visitors from your phone. While 2SV is a valuable security measure, it is less robust than multi-factor authentication (MFA).

Firmware

Firmware Encryption Passwords Authentication

How to protect your business from supply chain attacks

Malwarebytes

FEBRUARY 1, 2023

When American store Target found a Trojan designed to steal card details on its POS (point-of-sale) systems in 2013, no one expected that the route into its secure environment was its heating, ventilation, and air conditioning (HVAC) supplier, Fazio Mechanical Services. Make multi-factor authentication (MFA) a norm.

Software

Software Risk Backups Technology

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors.

IoT

IoT Hacking Internet Internet

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

” So should analyzing a device’s firmware for security flaws be considered illegal? It's, it was became law in 2013, Massachusetts legislature modified it a little bit before they actually put it onto the books. As Stuart Brand said back in 1984 “information wants to be free.”

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

” So should analyzing a device’s firmware for security flaws be considered illegal? It's, it was became law in 2013, Massachusetts legislature modified it a little bit before they actually put it onto the books. As Stuart Brand said back in 1984 “information wants to be free.”

InfoSec

InfoSec Manufacturing Technology Software

NIST Cybersecurity Framework: IoT and PKI Security

Thales Cloud Protection & Licensing

NOVEMBER 7, 2017

For those who are unfamiliar, the NIST Cybersecurity Framework was created in 2013 as an attempt to standardize practices and give guidance on common, high-level security and privacy risks. In the next 2 years, almost half (43%) of IoT devices will use digital certificates for authentication.

IoT

IoT Cybersecurity Manufacturing Digital transformation

Cyber Security Informer

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Thrangrycat flaw could allow compromising millions of Cisco devices

Trending Sources

Backdoor in the Backplane. Doing IPMI security better

SonicWall warns users of “imminent ransomware campaign”

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Privacy Roundup: Week 1 of Year 2025

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

How to protect your business from supply chain attacks

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

NIST Cybersecurity Framework: IoT and PKI Security

Stay Connected