2016 and Firmware - Cyber Security Informer

Backdoor Built into Android Firmware

Schneier on Security

JUNE 21, 2019

Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. That meant the malware could directly tamper with every installed app. This is a supply chain attack.

Firmware

Firmware Manufacturing Malware Mobile

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall

Firewall Firmware VPN IoT

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Infrastructure.

Firmware

Firmware DNS Malware Technology

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second. .

IoT

IoT DDOS Internet Internet

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Spooky fact : The infamous Mirai botnet attack in 2016 turned more than 600,000 IoT devices into cyber zombies, leading to one of the most significant DDoS attacks in history. Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns.

IoT

IoT Phishing DDOS Backups

CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards

Bleeping Computer

JULY 26, 2022

Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. [.].

Malware

Malware Firmware

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware

Firmware Surveillance Marketing VPN

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework. 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

Millions of home routers on Mirai Botnet Radar

CyberSecurity Insiders

AUGUST 13, 2021

What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan. Mirai is a kind of malware that turns connected devices into remotely controlled devices called Bots.

Firmware

Firmware Malware DDOS Manufacturing

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware

Firmware Malware Hacking Manufacturing

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

Home routers are being hijacked using vulnerability disclosed just 2 days ago

Malwarebytes

AUGUST 9, 2021

Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 The vulnerability is listed as CVE-2021-20090.

Firmware

Firmware DDOS Internet Internet

Windows update may present users with a BitLocker recovery screen

Malwarebytes

JULY 25, 2024

Affected systems are running Windows 10 and 11 or one of the server versions (Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.). And the affected systems are very likely to have Device Encryption enabled.

Encryption

Encryption Firmware Accountability Risk

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

The “Showcase.apk” package, developed by Smith Micro, is part of the firmware image on millions of Android Pixel phones, potentially enhancing sales in Verizon stores. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices.

Hacking

Hacking Firmware Mobile Penetration Testing

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. SRA 4200/1200 (EOL 2016) disconnect immediately and reset passwords. SMA 210/410/500v (Actively Supported) update firmware to 9.0.0.10-28sv

Ransomware

Ransomware Firmware VPN Passwords

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Malwarebytes

AUGUST 23, 2022

According to the researcher that reported it last year, the vulnerability has existed at least since 2016. The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. Hikvision says you should download the latest firmware for your device from the global firmware portal.

Firmware

Firmware Internet Internet VPN

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware

Ransomware DNS Firmware Encryption

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware Internet Internet

INFRA:HALT flaws impact OT devices from hundreds of vendors

Security Affairs

AUGUST 4, 2021

NicheStack (aka InterNiche stack) is a proprietary TCP/IP stack developed originally by InterNiche Technologies and acquired by HCC Embedded in 2016. HCC Embedded has released firmware patches to address the INFRA:HALT issues. ” states the report. Experts found more than 2,500 device instances from 21 vendors.

DNS

DNS Manufacturing Firmware Technology

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

Apple and Samsung fined millions for “planned obsolescence” of old smartphones

Security Affairs

OCTOBER 27, 2018

In particular, Samsung was challenged for the update issued on May 2016 for Galaxy Note 4, while for Apple the AGCM questioned the update issued on September 2016 for the several devices supported at the time (i.e. ” ” AGCM said in a statement.

Mobile

Mobile Advertising Firmware Software

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

The files contained technical specs, product guides, and manuals for CPUs dating back to 2016.” . “Per our analysis, the leaked files contained Intel intellectual property respective to the internal design of various chipsets. ” reported ZDNet.

Firmware

Firmware Advertising Hacking Engineering

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale. In 2018, UK regulators got the regulatory ball rolling taking steps that would eventually result in mandated minimum requirements for IoT data storage, communications and firmware update capabilities.

IoT

IoT Government Internet Internet

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security Affairs

SEPTEMBER 27, 2018

The group was involved also in the string of attacks that targeted 2016 Presidential election. This solution comes pre-installed in the firmware of a large number of laptops manufactured by various OEMs, waiting to be activated by their owners.” The only way to remove the malware is reflashing the UEFI firmware.

Firmware

Firmware Malware Advertising Government

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

Based on its assessment, it reckons that at least two million Britons are at risk from routers that haven’t been updated since 2016. Firmware updates aren’t only important for performance, they’re also needed to fix security issues when they arise. Lack of updates. A wake up call to ISPs.

Risk

Risk Passwords Internet Internet

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

SecureWorld News

JANUARY 9, 2025

Also of concern is the firmware and ROM found on many components that go into the manufacture of systems, nearly of all which are manufactured today in mainland China. The trouble is that thanks to globalization and decades of dumping by China, most U.S.

Cybersecurity

Cybersecurity Manufacturing Surveillance Ransomware

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. CVE-2016-1555. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2016-6277. CVE-2016-11021. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m.

Malware

Malware IoT Firmware Authentication

Router security in 2021

SecureList

JUNE 8, 2022

Discovered back in 2016, it remains the most common malware infecting IoT devices. Although we cannot say for sure what they intended to do next, this malware persists in the firmware even after a factory reset and gives attackers remote access to compromised networks. Make sure to update the firmware. Conclusion.

DDOS

DDOS Passwords IoT Firmware

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft researchers have also identified that previous reports have used the vulnerability ID “ZERO-32906” for CVE-2018-20057, “GPON” for CVE-2018-10561, and “DLINK” for CVE-2016-20017; and that CVE-2020-7209 was mislabeled as CVE-2017-17106 and CVE-2022-42013 was mislabeled as CVE-2021-42013.”

IoT

IoT DDOS Malware Firmware

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

In late 2016, the world witnessed the sheer disruptive power of Mirai , a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings. A rendering of Xiongmai’s center in Hangzhou, China. Source: xiongmaitech.com.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Targeted attacks. The campaign has two goals: gathering information and stealing cryptocurrency.

Phishing

Phishing Spyware Firmware Malware

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba was first spotted on September 2016 when experts at Morphus Labs discovered the infection of machines belonging to an energy company in Brazil with subsidiaries in the United States and India. Install updates/patch operating systems, software, and firmware as soon as they are released. • hard drive, storage device, the cloud).

Ransomware

Ransomware Encryption Passwords Malware

Security Affairs newsletter Round 180 – News of the week

Security Affairs

SEPTEMBER 16, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy.

Advertising

Advertising Firmware Surveillance Data breaches

Direct Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking

Pen Test Partners

SEPTEMBER 25, 2024

Despite increasing OS, firmware and hardware protections, enterprise systems and remote DMA-enabled networks such as cloud environments continue to be vulnerable to DMA attacks. Malware that has already compromised a system could modify firmware to gain privileges within the system via DMA. What is DMA?

Risk

Risk Hacking Firmware Passwords

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Malwarebytes

JANUARY 12, 2022

Patches that can cause problems include the following: KB5009624 for Server 2012 R2 KB5009595 for Server 2012 R2 KB5009546 for Server 2016 KB5009557 for Server 2019. The Windows Platform Binary Table is a fixed firmware ACPI (Advanced Configuration and Power Interface) table. It’s unclear if Server 2022 is similarly impacted.

Authentication

Authentication Firmware Passwords Technology

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

Mirai, a Linux Trojan that has been around since 2016, is similar to Mozi in that it exploits weak protocols and passwords to compromise devices by using brute-force attacks. Many require firmware updates rather than use such tools as yum or apt for patching, adding that users can’t deploy endpoint protection on most of them.

IoT

IoT DDOS Malware Internet

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Pen Test Partners

SEPTEMBER 9, 2024

Inside the Ring doorbell Security issues in the early days In 2016, Ring encountered a significant security flaw with its doorbell devices. Wi-Fi Key Exposure (2019) : An issue similar to the 2016 problem but required the attacker to be physically present during setup. SimpliSafe quickly fixed this with a firmware update.

Firmware

Firmware Encryption Passwords Authentication

Backdoor Built into Android Firmware

Zyxel 0day Affects its Firewall Products, Too

Trending Sources

Android devices shipped with backdoored firmware as part of the BADBOX network

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

MoonBounce: the dark side of UEFI firmware

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

IoT Unravelled Part 3: Security

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards

BotenaGo botnet targets millions of IoT devices using 33 exploits

Patch now! Insecure Hikvision security cameras can be taken over remotely

AMD is going to patch UEFI SMM callout privilege escalation flaw

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

New Triada Trojan comes preinstalled on Android devices

Millions of home routers on Mirai Botnet Radar

TrickBoot feature allows TrickBot bot to run UEFI attacks

Hikvision cameras could be remotely hacked due to critical flaw

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Home routers are being hijacked using vulnerability disclosed just 2 days ago

Windows update may present users with a BitLocker recovery screen

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

SonicWall warns users of “imminent ransomware campaign”

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Over 80,000 Hikvision cameras can be easily hacked

INFRA:HALT flaws impact OT devices from hundreds of vendors

Beastmode Mirai botnet now includes exploits for Totolink routers

Apple and Samsung fined millions for “planned obsolescence” of old smartphones

Intel investigates security breach after the leak of 20GB of internal documents

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Millions put at risk by old, out of date routers

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Router security in 2021

A new Zerobot variant spreads by exploiting Apache flaws

Naming & Shaming Web Polluters: Xiongmai

IT threat evolution Q1 2022

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs newsletter Round 180 – News of the week

Direct Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Attacks Escalating Against Linux-Based IoT Devices

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Stay Connected