CSO Magazine

AUGUST 11, 2022

In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory.

Firmware 138

Firmware Manufacturing 138

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Firmware 144

Firmware Wireless Advertising Authentication 144

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes.

Hacking 136

Hacking Firmware Encryption Manufacturing 136

Security Affairs

DECEMBER 26, 2024

The new Mirai malware variant also targetsthe TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers. “One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” in newer ones. ” concludes the report.

Manufacturing 88

Manufacturing Malware Firmware IoT 88

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 CVE-2018-10088 XiongMai uc-httpd 1.0.0 A2pvI042j1.d26m

IoT 140

IoT Firmware Malware Wireless 140

Security Affairs

AUGUST 6, 2018

HP has released firmware updates that address two critical remote code execution vulnerabilities in some models of inkjet printers. HP has released firmware updates to address two critical RCE flaws affecting some Inkjet printers. Go to the Upgrading Printer Firmware page and follow the instructions provided to install the firmware.

Firmware 69

Firmware Advertising Software Hacking 69

SecureWorld News

FEBRUARY 20, 2025

Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware. Key findings from the advisory The advisory highlights the rapid and efficient attack lifecycle of Ghost ransomware, with some incidents seeing full encryption within a single day.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Security Affairs

OCTOBER 3, 2018

The vulnerabilities are traked as CVE-2018-9074 , CVE-2018-9075 , CVE-2018-9076 , CVE-2018-9077 , CVE-2018-9078 , CVE-2018-9079 , CVE-2018-9080 , CVE-2018-9081 and CVE-2018-9082. 20 and publicly disclosed the vulnerabilities on September 30. Pierluigi Paganini.

Hacking 107

Hacking Firmware Advertising Backups 107

Security Affairs

JULY 24, 2018

Security researchers have found a high severity flaw (CVE-2018-5383) affecting some Bluetooth implementations that allow attackers to manipulate traffic. According to the Bluetooth SIG, there is no evidence that the CVE-2018-5383 flaw has been exploited attacks in the wild. Securi ty Affairs – CVE-2018-5383, hacking).

Wireless 65

Wireless Firmware Advertising Encryption 65

Krebs on Security

AUGUST 12, 2022

That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software. ” In January 2018, Hawaii sent out an alert to cell phones, televisions and radios, warning everyone in the state that a missile was headed their way.

Firmware 241

Firmware Manufacturing Passwords Software 241

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware 97

Firmware VPN Risk Cybersecurity 97

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN 130

VPN Ransomware Antivirus Firmware 130

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. CVE-2018-1160 is an out-of-bounds write issue that resides in dsi_opensess.c.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. that dates back to 2009.

Firmware 102

Firmware Manufacturing Hacking Software 102

Schneier on Security

JANUARY 5, 2018

The second is that some of the patches require updating the computer's firmware. In November, Intel released a firmware update to fix a vulnerability in its Management Engine (ME): another flaw in its microprocessors. 2018 will be the year of microprocessor vulnerabilities, and it's going to be a wild ride.

Firmware 201

Firmware Software Engineering Phishing 201

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. ” reads the alert.

Malware 142

Malware Firmware Advertising Manufacturing 142

Security Affairs

JANUARY 15, 2021

Cisco announced it will no longer release firmware updates to fix 74 vulnerabilities affecting its RV routers, which reached end-of-life (EOL). Cisco will no longer release firmware updates to address 74 vulnerabilities affecting some of its RV routers that reached end-of-life (EOL). ” reads the advisory.

Small Business 123

Small Business Firmware Hacking Software 123

Security Affairs

DECEMBER 29, 2018

. “During the 0DAYALLDAY Research Event a vulnerability was discovered ( CVE-2018-5560 ) in the Guardzilla Security Video System Model #: GZ521W. The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.”

Firmware 109

Firmware Surveillance IoT Passwords 109

Security Affairs

FEBRUARY 23, 2022

Cyclops Blink is believed to be a replacement for the VPNFilter botnet, which was first exposed in 2018 and at the time was composed of more than 500,000 compromised routers and network-attached storage (NAS) devices. The malware leverages the firmware update process to achieve persistence.

Malware 112

Malware Firmware Architecture Firewall 112

CyberSecurity Insiders

SEPTEMBER 10, 2021

Presenting their find at the IEEE International Conference on Distributed Computing Systems in 2018, a team of researchers refined their invention even further that led to the innovation of a firmware that blocks ransomware from encrypting data on a computer network.

Ransomware 92

Ransomware Firmware Antivirus Encryption 92

Security Affairs

DECEMBER 11, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. The first documented attack against a Sophos facility is the one that targeted Cyberoam in 2018.

Firewall 75

Firewall Hacking Malware Passwords 75

Security Affairs

NOVEMBER 1, 2018

The BLEEDINGBIT vulnerabilities affect several Texas Instruments chips, the CVE-2018-16986 flaw affects CC2640 and CC2650 chips running BLE-STACK 2.2.1 “The security vulnerability for CVE-2018-16986 is present in these TI chips when scanning is used (e.g. to address the CVE-2018-16986 flaw. or earlier.

Firmware 105

Firmware Manufacturing IoT Advertising 105

Security Affairs

OCTOBER 3, 2020

“The program underscores HP’s commitment to delivering defense-in-depth across all aspects of printing—including supply chain, cartridge chip, cartridge packaging, firmware and printer hardware.” HP covered printers in its bug bounty program since 2018 paying rewards that range between $500 and $10,000 per flaw.

Firmware 119

Firmware Advertising Hacking Cybersecurity 119

Security Affairs

OCTOBER 6, 2018

The most severe vulnerability tracked as CVE-2018-16593 is a command-injection flaw that resides in the Sony application Photo Sharing Plus that allows users to share multimedia content from their mobile devices via Sony Smart TVs. . Click the Firmware update link for details about how to check the software version.

Advertising 111

Advertising IoT Wireless Firmware 111

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The vulnerabilities affecting the Lenovo UEFI result from the use of two UEFI firmware drivers, named SecureBackDoor and SecureBackDoorPeim respectively. ” reads the advisory published by Lenovo.

Firmware 102

Firmware Manufacturing Hacking Cybersecurity 102

Security Affairs

JUNE 23, 2020

This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. In December 2018, the TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel. ” continues the report. .

Internet 138

Internet Internet Firmware Advertising 138

Security Affairs

NOVEMBER 20, 2018

The vulnerabilities are two remote code execution (RCE) flaws(CVE-2018-3950, CVE-2018-3951), a denial-of-service issue (CVE-2018-3948), and a server information disclosure bug (CVE-2018-394). The CVE-2018-3948 DoS flaw affects the URI-parsing function of the TL-R600VPN HTTP server.

Authentication 101

Authentication Advertising Firmware Hacking 101

Security Affairs

DECEMBER 23, 2018

A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw was discovered by experts at Tenable that explained that an authenticated remote unprivileged user can change or download the running configuration or replace the appliance firmware where they shouldn’t.

Firmware 112

Firmware Authentication Software Advertising 112

Security Affairs

DECEMBER 22, 2022

the malware operators have removed CVE-2018-12613, a phpMyAdmin vulnerability that could allow threat actors to view or execute files. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches. . “Since the release of Zerobot 1.1, ” reads the analysis published by Microsoft.

IoT 126

IoT DDOS Malware Firmware 126

Security Affairs

MAY 19, 2021

The experts focused their analysis on the Mercedes-Benz User Experience (MBUX) infotainment system, which was first presented by the carmaker in 2018. Four vulnerabilities could be exploited by attackers remotely control some functions of the vehicle, fortunately, none could be used to control physical features of the cars.

Hacking 134

Hacking Firmware Engineering Software 134

Security Affairs

FEBRUARY 23, 2019

The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware 111

Ransomware DNS Firmware Encryption 111

Security Affairs

JULY 29, 2018

“Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” Samsung SmartThings Hub runs a Linux-based firmware and allows for communications with various IoT devices using various wireless standards Zigbee, Z-Wave, and Bluetooth. RCE Chain – CVE-2018-3911.

Firmware 75

Firmware IoT Advertising Wireless 75

Security Affairs

AUGUST 30, 2019

Evdokimov discovered the wiretapping equipment on April 2018 and since June 2018 he worked with ISPs to secure the SORM equipment. ” “All these data make it possible to determine exactly whose traffic this is, and which clients they are,” Evdokimov concluded.

Surveillance 105

Surveillance Firmware Advertising Mobile 105

Malwarebytes

FEBRUARY 24, 2022

But the NCSC warns that it is likely that Sandworm is capable of compiling the same or very similar malware for other architectures and firmware. When it comes to infected appliances, Cyclops Blink persists on reboot and throughout the legitimate firmware update process.

Malware 145

Malware Firewall Firmware DDOS 145

Security Affairs

JANUARY 3, 2019

The issue exposes devices information, including device model and firmware version, an attacker could exploit this info to remotely identify unpatched devices and target them. device name, installed firmware build). Experts pointed out that this data could be used to track users and fingerprint devices. ” For example: Mozilla/5.0

Firmware 105

Firmware Advertising Mobile Hacking 105

Security Affairs

DECEMBER 25, 2018

The flaw tracked as CVE-2018-20377 is known at least since 2012 when Rick Murray described it in a blog post. . “On Friday, December 21, 2018, our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi. ” reads the analysis published by the experts. admin/admin).

Passwords 110

Passwords Wireless Advertising Firmware 110

Security Affairs

OCTOBER 10, 2018

Unfortunately, the cloud ID is not sufficiently random and complex to make guessing correct cloud IDs hard because the analysis of the Xiongmai firmware revealed it is derived from the device’s MAC address. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update.

Surveillance 108

Surveillance Hacking Firmware Manufacturing 108