2019 and Firmware - Cyber Security Informer

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

Let's drill into all that and then go deeper into custom firmware and soldering too. homeautomation pic.twitter.com/tP9pg7lzu1 — Pedro Lamas (@pedrolamas) July 7, 2019 There are plenty of Zigbee devices out there, but I wanted to call out Aqara in particular as they've just been so damn reliable. Why is this so hard?!

Firmware

Firmware IoT Wireless Manufacturing

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Tech consultancy IDC tells us that global spending on security hardware, software and services is on course to top $103 billion in 2019, up 9.4

Firmware

Firmware Hacking Software Surveillance

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

Measuring the Security of IoT Devices

Schneier on Security

OCTOBER 3, 2019

Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. They look at the actual firmware. It represents a wide range of either found in the home, enterprise or government deployments.

IoT

IoT Firmware Data collection Architecture

Attack Against PC Thunderbolt Port

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data.

Firmware

Firmware Manufacturing Encryption Hacking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked as PSV-2019-0076 , affects Netgear Nighthawk X4S Smart Wi-Fi Router (R7800) family.

Firmware

Firmware Wireless Advertising Authentication

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

“In reality, enumeration of these prefixes has shown that the number of online devices was ~1,517,260 in March 2019. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. By enumerating all of the other vendor prefixes, that pushes the number toward 2 million.”

IoT

IoT Firewall Manufacturing Computers and Electronics

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019. Pyle said he started acquiring old EAS equipment off of eBay in 2019, and that he quickly identified a number of serious security vulnerabilities in a device that is broadly used by states and localities to encode and decode EAS alert signals.

Firmware

Firmware Manufacturing Passwords Software

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware

Firmware VPN Accountability Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Weitere Informationen von unseren Kollegen bei @CERTFI : [link] — CERT-Bund (@certbund) October 31, 2019. Webshell functionality for remote access. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Ransomware

Ransomware Firmware Wireless Encryption

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware. Their ransom demands range from tens to hundreds of thousands of dollars, often leveraging encrypted email services like ProtonMail, Tutanota, and Skiff for communication.

Ransomware

Ransomware IoT Encryption Social Engineering

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

According to the Chinese security firm Qihoo 360’s Netlab team, operators of several botnets , including Chalubo , FBot , and Moobot , targeting LILIN DVRs at least since August 30, 2019. The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware Advertising DNS

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC). The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

Firmware

Firmware Advertising Authentication Hacking

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

These issues usually occur due to some improper synchronization between user code and the SDK firmware distributed by the SoC vendor, Security Bypass : Vulnerabilities that could be exploited by attackers in radio range to bypass the latest secure pairing mode of BLE. 2.60 (CVE-2019-16336) and NXP KW41Z 3.40 SDK (CVE-2019-17519).

IoT

IoT Firmware Advertising Hacking

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

” Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Below the timeline of the vulnerability: Dec 2, 2019: Email sent to Fortinet PSIRT with vulnerability details. Dec 3, 2019: Automated reply from PSIRT that email was received. Jan 3, 2019: Public Release.

Authentication

Authentication Advertising Firmware Firewall

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. reads the advisory. 830) and Germany (789).

VPN

VPN Passwords Banking Advertising

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 181024 CVE-2019-19824 TOTOLINK Realtek SDK based routers, this affects A3002RU through 2.0.0, Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

The flaws were discovered by Hugues Anguelkov during his internship at Quarkslab are tracked as CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503. Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips.

Hacking

Hacking Firmware Advertising Wireless

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

The Hacker News

JULY 15, 2021

x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being

VPN

VPN Ransomware Firmware Mobile

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

Some of the flaws were reported in February 9, 2019, other issues date back to March 2020, but all of them have been publicly disclosed on July 22. The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09

Firmware

Firmware Advertising Authentication Hacking

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even after users attempt to uninstall it. In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Advertising

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Security Affairs

NOVEMBER 7, 2019

Bug hunters have earned a total of $195,000 for finding flaws in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest. Pwn2Own Tokyo 2019 contest offers over $750,000 in rewards for working exploits targeting one of the devices in a list of 17 systems. SecurityAffairs – Pwn2Own Tokyo 2019, hacking).

Hacking

Hacking Advertising Firmware Information Security

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Fortinet urges customers to install the patch for CVE-2019-17659 , or restrict the access to FortiSIEM’s “ tunneluser ” port (19999). reads the advisory. “A reads the advisory. Users would upgrade to FortiSIEM version 5.2.7

Advertising

Advertising Firmware Passwords Authentication

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR

Threatpost

AUGUST 11, 2019

Session shows how researchers found multiple vulnerability in Canon firmware that can be used in a malware attack.

Firmware

Firmware Hacking Malware IoT

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The first vulnerability, tracked as CVE-2019-10538 is a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel.

Hacking

Hacking Firmware Advertising Mobile

Ranzy Locker Ransomware warning issued by FBI

CyberSecurity Insiders

OCTOBER 28, 2021

Note- In November 2019, FBI issued a press update notifying companies not to pay a ransom to hackers, if in case, their data is compromised by malware as it encourages crime and also doesn’t guaranty a decryption key in return as soon as the ransom is paid.

Ransomware

Ransomware Firmware Encryption Backups

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

OCTOBER 7, 2019

Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019. The flaw has received a CVSS v31 base score of 9.8 and a CVSS v20 base score of 10.0.

Authentication

Authentication Advertising Firmware Hacking

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). ZDI reported the flaws to the vendor in November 2019, January and February 2020. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products.

Authentication

Authentication Firmware Hacking Mobile

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. CVE-2019-19781 enabled the actors to execute directory traversal attacks.[ CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government

Government VPN Firmware Energy and Utilities

Safer with Google: Advancing Memory Safety

Google Security

OCTOBER 15, 2024

In Android, which runs on billions of devices and is one of our most critical platforms, we've already made strides in adopting MSLs, including Rust, in sections of our network, firmware and graphics stacks. We specifically focused on adopting memory safety in new code instead of rewriting mature and stable memory-unsafe C or C++ codebases.

Computers and Electronics

Computers and Electronics Software Risk Architecture

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. The malware leverages the firmware update process to achieve persistence. “Cyclops Blink persists on reboot and throughout the legitimate firmware update process.

Malware

Malware Firmware Architecture Firewall

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

. “The bug affecting the open source software was reported in 2009, yet its presence in the phone’s firmware remained unnoticed until now. 323 software stack is affected (as opposed to the SIP stack that can also be used with these phones), and the Avaya Security Advisory (ASA) can be found here ASA-2019-128. Only the H.323

Firmware

Firmware IoT Advertising Software

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

IoT

IoT Firmware Marketing Authentication

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. The first one could be exploited by a remote and unauthenticated attacker with admin privileges to obtain sensitive information ( CVE-2019-1653 ), while the second one can be exploited for command injection ( CVE-2019-1652 ). through 1.4.2.20.

Small Business

Small Business Firmware Advertising VPN

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Trending Sources

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

MoonBounce: the dark side of UEFI firmware

Intel addresses High-Severity flaws in NUC Firmware and other tools

Dynamic analysis of firmware components in IoT devices

Measuring the Security of IoT Devices

Attack Against PC Thunderbolt Port

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

P2P Weakness Exposes Millions of IoT Devices

Sounding the Alarm on Emergency Alert System Flaws

Hackers target zero-day flaws in enterprise Draytek network devices

QSnatch malware infected over 62,000 QNAP NAS Devices

Infecting Canon EOS DSLR camera with ransomware over the air

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

HelloKitty ransomware gang targets vulnerable SonicWall devices

Second-ever UEFI rootkit used in North Korea-themed attacks

Botnet operators target multiple zero-day flaws in LILIN DVRs

New Ttint IoT botnet exploits two zero-days in Tenda routers

Intel addresses high severity flaw in Processor Diagnostic Tool

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

AMD is going to patch UEFI SMM callout privilege escalation flaw

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

BotenaGo botnet targets millions of IoT devices using 33 exploits

Broadcom WiFi Driver bugs expose devices to hack

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

D-Link addressed 5 flaws on some router models, some of them reached EoL

xHelper, the Unkillable Android malware that re-Installs after factory reset

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Ranzy Locker Ransomware warning issued by FBI

D-Link router models affected by remote code execution issue that will not be fixed

Netgear is releasing fixes for ten issues affecting 79 products

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Safer with Google: Advancing Memory Safety

US and UK link new Cyclops Blink malware to Russian state hackers?

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Flaws in Wyze cam devices allow their complete takeover

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Stay Connected