2019, Authentication and Firmware - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked as PSV-2019-0076 , affects Netgear Nighthawk X4S Smart Wi-Fi Router (R7800) family.

Firmware

Firmware Wireless Advertising Authentication

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese , iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions.

IoT

IoT Firewall Manufacturing Computers and Electronics

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” While the user’s shell is limited to running the /opt/phoenix/ phscripts /bin/ tunnelshell script, SSH authentication still succeeds.” Dec 3, 2019: Automated reply from PSIRT that email was received.

Authentication

Authentication Advertising Firmware Firewall

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC). The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

Firmware

Firmware Advertising Authentication Hacking

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Ransomware

Ransomware Firmware Wireless Encryption

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). ZDI reported the flaws to the vendor in November 2019, January and February 2020. Authentication is not required to exploit this vulnerability.” ” reads the CISA alert.

Authentication

Authentication Firmware Hacking Mobile

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data. According to Bank Security , all the Pulse Secure VPN servers included in the list were vulnerable to the CVE-2019-11510 flaw. UPDATE: [link] — Bank Security (@Bank_Security) August 5, 2020.

VPN

VPN Passwords Banking Advertising

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” While the user’s shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds.”. Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659.

Advertising

Advertising Firmware Passwords Authentication

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The flaws include reflected Cross-Site Scripting (XSS), buffer overflows, bypassing authentication issues, and arbitrary code execution bugs. Some of the flaws were reported in February 9, 2019, other issues date back to March 2020, but all of them have been publicly disclosed on July 22.

Firmware

Firmware Advertising Authentication Hacking

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

OCTOBER 7, 2019

Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019. “The vulnerability begins with a bad authentication check. and a CVSS v20 base score of 10.0.

Authentication

Authentication Advertising Firmware Hacking

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019.”

IoT

IoT DDOS Authentication Advertising

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

OCTOBER 16, 2019

We had a chance to meet again at Black Hat 2019. Machine identities are divvied out as digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites. For a full drill down of our wide-ranging discussion please give a listen to the accompanying podcast.

Digital transformation

Digital transformation Firmware Authentication IoT

Thrangrycat flaw could allow compromising millions of Cisco devices

Security Affairs

MAY 14, 2019

The first issue dubbed Thrangrycat , and tracked as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). The second vulnerability, tracked as CVE-2019-1862 , is a remote command injection issue that affects Cisco IOS XE version 16 and that could allow remote attackers to execute code as root. .

Firmware

Firmware Authentication Software Advertising

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

IoT

IoT Firmware Marketing Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

The WPA Wireless security standard was designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and to establish secure connections that hackers cannot spy on. More worrisome, we found that the Wi-Fi firmware of Cypress chips only executes 8 iterations at minimum to prevent side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems. The same would happen in cases where authentication relies on cookies. Mitigation.

Authentication

Authentication System Administration Firmware Passwords

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

JUNE 18, 2024

Researchers at Imperva published a blog post about the ransomware, TellYouThePass, which has been in operation since 2019. According to NIST’s National Vulnerability Database (NVD), a logic error exists in the device’s code that could lead to authentication bypass. It affects both Windows and Linux.

Firmware

Firmware Authentication Ransomware Software

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. The notice mentions the following products along with recommended actions: SRA 4600/1600 (EOL 2019) disconnect immediately and reset passwords.

Ransomware

Ransomware Firmware VPN Passwords

Backdoor in the Backplane. Doing IPMI security better

Pen Test Partners

MARCH 30, 2025

IPMI vulnerabilities include authentication bypasses, credential leaks, and buffer overflows, particularly in Supermicro systems. Mitigations include using complex passwords, isolating IPMI on restricted networks, and regularly updating firmware despite infrequent patches. It monitors hardware data (e.g., This is a rating 10.0

Passwords

Passwords Firmware Authentication Media

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. “Prima Systems FlexAir, Versions 2.3.38

Backups

Backups Authentication Advertising Firmware

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0

Authentication

Authentication Firmware Hacking Passwords

Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Security Affairs

AUGUST 7, 2019

The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with root privileges. The CVE-2019-1913 code was used to identify several flaws that reside in the web management interface of the smart switches. The CVE-2019-1913 received a CVSS score of 9.8.

Small Business

Small Business Advertising Firmware Authentication

Trending CVEs for the Week of January 28th, 2019

NopSec

JANUARY 30, 2019

This week’s most talked about vulnerability is CVE-2019-1653. It was discovered and privately disclosed to Cisco by a German security firm RedTeam Pentesting, along with a remote command injection flaw – CVE-2019-1652. for CVE-2019-1653 and CVE-2019-1652, respectively. and 1.4.2.17. through 1.4.2.19.

Small Business

Small Business Firmware VPN Authentication

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

CVE-2019-11510. Three of these vulnerabilities — CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 — were also routinely exploited in 2020. CVE-2019-19781. CVE-2019-18935. Arbitrary code execution. CVE-2021-21972. VMware vSphere Client. CVE-2020-1472. Microsoft Netlogon Remote Protocol (MS-NRPC). CVE-2020-0688.

Cybersecurity

Cybersecurity Software Firmware Internet

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2019-19824. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

Malware

Malware IoT Firmware Authentication

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. CVE-2019-7256 is actively being exploited by DDoS botnet operators. 06 and older.

DDOS

DDOS Hacking Internet Internet

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

The first iLnkP2P flaw tracked as CVE-2019-11219 is an enumeration vulnerability that could be exploited by an attacker to discover devices exposed online. The second issue tracked as CVE-2019-11220 can be exploited by an attacker to intercept connections to vulnerable devices and conduct man-in-the-middle (MitM) attacks.

IoT

IoT Hacking Manufacturing Advertising

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Security Affairs

JANUARY 3, 2020

One of the flaws is a remote command execution flaw , tracked as CVE-2019-17621, that resides in the code used to manage UPnP requests. D-Link has already released firmware updates that should address the vulnerabilities for some of the impacted devices and should soon release the fixes for the remaining ones.

Advertising

Advertising Firmware VPN Authentication

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Use multifactor authentication where possible.

Government

Government Passwords Accountability Firmware

Operation Triangulation: The last (hardware) mystery

SecureList

DECEMBER 27, 2023

It was designed to support both old and new iPhones and included a Pointer Authentication Code (PAC) bypass for exploitation of recent models. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it. How could it be that that the exploit used MMIOs that were not used by the firmware?

Firmware

Firmware Engineering Spyware Retail

Privacy Roundup: Week 1 of Year 2025

Security Boulevard

JANUARY 4, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Commonly, these botnets exploit CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112 for initial access to vulnerable D-Link routers.

Data breaches

Data breaches Firmware Healthcare Malware

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Malwarebytes

JANUARY 12, 2022

Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” Patches that can cause problems include the following: KB5009624 for Server 2012 R2 KB5009595 for Server 2012 R2 KB5009546 for Server 2016 KB5009557 for Server 2019. Required for exploitation is an authentication.

Authentication

Authentication Firmware Passwords Technology

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Security Affairs

MARCH 29, 2019

It's been over 90 days since I reported it and @TPLINK never responded, so: arbitrary command execution on the TP-Link SR20 smart hub and router (and possibly other TP-Link device) — Matthew Garrett (@mjg59) March 28, 2019. It’s had multiple vulnerabilities in the past and the protocol is fairly well documented. .”

Advertising

Advertising Firmware Firewall Passwords

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, also known as Mespinoza, was first spotted in the wild in October 2019 where it was initially used against large corporate networks. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible.

Education

Education Ransomware Phishing Passwords

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The Zeppelin ransomware first appeared on the threat landscape in November 2019 when experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin.

Ransomware

Ransomware Encryption Firmware Backups

Bad News: AI and 5G Are Expected to Worsen Cybersecurity Risks

Security Affairs

NOVEMBER 10, 2019

Information Risk Management (IRM) recently published its 2019 Risky Business Report. It also concluded that the top three cybersecurity reasons that respondents use AI now are for network intrusion detection and prevention, fraud detection and secure user authentication. However, the report calls AI “a double-edged sword.”

Risk

Risk Cybersecurity Artificial Intelligence Education

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Enable multi-factor authentication (MFA). Multi-factor authentication is a great step to add in on every service that offers it. This could be a one-time login code sent via text, a code on an authenticator app, or a push notification, among others. Update your child’s device’s firmware. Respect your privacy.

Internet

Internet Internet Passwords Password Management

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Trending Sources

Intel addresses High-Severity flaws in NUC Firmware and other tools

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

P2P Weakness Exposes Millions of IoT Devices

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

QSnatch malware infected over 62,000 QNAP NAS Devices

Intel addresses high severity flaw in Processor Diagnostic Tool

Second-ever UEFI rootkit used in North Korea-themed attacks

Infecting Canon EOS DSLR camera with ransomware over the air

Netgear is releasing fixes for ten issues affecting 79 products

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

D-Link addressed 5 flaws on some router models, some of them reached EoL

D-Link router models affected by remote code execution issue that will not be fixed

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

Thrangrycat flaw could allow compromising millions of Cisco devices

Flaws in Wyze cam devices allow their complete takeover

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

A bug is about to confuse a lot of computers by turning back time 20 years

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

SonicWall warns users of “imminent ransomware campaign”

Backdoor in the Backplane. Doing IPMI security better

CISA warns of critical flaws in Prima FlexAir access control system

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Trending CVEs for the Week of January 28th, 2019

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Operation Triangulation: The last (hardware) mystery

Privacy Roundup: Week 1 of Year 2025

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

FBI warns of increase in PYSA ransomware attacks targeting education

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Bad News: AI and 5G Are Expected to Worsen Cybersecurity Risks

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Stay Connected