2019, Firmware and Internet - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. These are the carriers that provide Internet access to rural areas all across America. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

Let's drill into all that and then go deeper into custom firmware and soldering too. I can easily block a device from talking to the internet, throttle its connection, see which online services it's communicating with and access a whole host of other information about it. Why is this so hard?!

Firmware

Firmware IoT Wireless Manufacturing

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Tech consultancy IDC tells us that global spending on security hardware, software and services is on course to top $103 billion in 2019, up 9.4

Firmware

Firmware Hacking Software Surveillance

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. “In reality, enumeration of these prefixes has shown that the number of online devices was ~1,517,260 in March 2019.

IoT

IoT Firewall Manufacturing Computers and Electronics

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. In 2019 alone, attacks on IoT devices increased by 300%. Are You Secure?

Internet

Internet Internet IoT Software

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Today’s generation of kids and teens consider their devices and the Internet as extensions of their lives. So without further ado, let’s dive into what we should be teaching our kids about Internet safety and what we can do to enforce these teachings. 7 Internet safety tips. Update your child’s device’s firmware.

Internet

Internet Internet Passwords Password Management

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Weitere Informationen von unseren Kollegen bei @CERTFI : [link] — CERT-Bund (@certbund) October 31, 2019. Webshell functionality for remote access. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019. Pyle said he started acquiring old EAS equipment off of eBay in 2019, and that he quickly identified a number of serious security vulnerabilities in a device that is broadly used by states and localities to encode and decode EAS alert signals.

Firmware

Firmware Manufacturing Passwords Software

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. reads the advisory. 830) and Germany (789).

VPN

VPN Passwords Banking Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware Advertising DNS

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

According to the Chinese security firm Qihoo 360’s Netlab team, operators of several botnets , including Chalubo , FBot , and Moobot , targeting LILIN DVRs at least since August 30, 2019. The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 181024 CVE-2019-19824 TOTOLINK Realtek SDK based routers, this affects A3002RU through 2.0.0, Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

These issues usually occur due to some improper synchronization between user code and the SDK firmware distributed by the SoC vendor, Security Bypass : Vulnerabilities that could be exploited by attackers in radio range to bypass the latest secure pairing mode of BLE. 2.60 (CVE-2019-16336) and NXP KW41Z 3.40 SDK (CVE-2019-17519).

IoT

IoT Firmware Advertising Hacking

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

OCTOBER 16, 2019

We had a chance to meet again at Black Hat 2019. Now consider that cloud computing is still on the rise, and that the Internet of Things is on the verge of rapid expansion as more 5G networks come on line. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Digital transformation

Digital transformation Firmware Authentication IoT

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. Independent experts observed a surge in eCh0raix ransomware infection reports between April 19 and April 26.

Ransomware

Ransomware Encryption Firmware Passwords

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. The notice mentions the following products along with recommended actions: SRA 4600/1600 (EOL 2019) disconnect immediately and reset passwords.

Ransomware

Ransomware Firmware VPN Passwords

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. The first one could be exploited by a remote and unauthenticated attacker with admin privileges to obtain sensitive information ( CVE-2019-1653 ), while the second one can be exploited for command injection ( CVE-2019-1652 ). through 1.4.2.20.

Small Business

Small Business Firmware Advertising VPN

Cyclops Blink malware: US and UK authorities issue alert

Malwarebytes

FEBRUARY 24, 2022

Cyclops Blink has been found in WatchGuard’s firewall devices since at least June 2019. But the NCSC warns that it is likely that Sandworm is capable of compiling the same or very similar malware for other architectures and firmware. Internet access to the management interface of any device is a security risk.

Malware

Malware Firewall Firmware DDOS

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. CVE-2019-7256 is actively being exploited by DDoS botnet operators.

DDOS

DDOS Hacking Internet Internet

Western Digital: Disconnect My Book Live drives immediately

SC Magazine

JUNE 25, 2021

Hackers appeared to be taking advantage of a vulnerability first published in 2019. Western Digital stopped supporting My Live drives in 2015, and have not updated their firmware since. Western Digital is asking customers to disconnect My Book Live hard drives from the internet to prevent malware from wiping them of data.

Firmware

Firmware Media Internet Internet

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

OCTOBER 7, 2019

Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019. The flaw has received a CVSS v31 base score of 9.8 and a CVSS v20 base score of 10.0.

Authentication

Authentication Advertising Firmware Hacking

Initial fixes for Cisco RV320 and RV325 routers were incomplete

Security Affairs

MARCH 30, 2019

The first one could be exploited by a remote and unauthenticated attacker with admin privileges to obtain sensitive information ( CVE-2019-1653 ), while the second one can be exploited for command injection ( CVE-2019-1652 ). Firmware updates that address this vulnerability are not currently available.

Small Business

Small Business Advertising Firmware Engineering

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

In May, the Department of Energy confirmed that on March 5, 2019, between 9 a.m. “Have as few internet facing devices as possible,” NERC urged in its report.” “ After seeing no adverse effects, the entity deployed the firmware patch at an operational generation site that night.” and 7 p.m.,

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

IoT

IoT Firmware Marketing Authentication

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities. CVE-2019-11510. CVE-2019-19781. CVE-2019-18935. Also read: Best Patch Management Software & Tools. “U.S.,

Cybersecurity

Cybersecurity Software Firmware Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches.

IoT

IoT DDOS Malware Firmware

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. ” Check Point reported the issue to Philips and Signify (owner of the Philips Hue brand) in November 2019. The company released firmware p atches for the device in January.

Hacking

Hacking IoT Wireless Firmware

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems. According to the experts, Pink is the largest botnet they have observed in the last six years.

Architecture

Architecture DDOS Advertising DNS

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The vulnerabilities have been tracked as CVE-2019-13473 and CVE-2019-13474. . The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . The devices have httpd web server , Web GUI, Wifi, or Bluetooth on board. ” continues the experts.

IoT

IoT Hacking Firmware Advertising

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019.” “There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” ” reads the analysis published by Palo Alto Networks.

IoT

IoT DDOS Authentication Advertising

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

The vulnerabilyt was tracked as CVE-2019-10955 and received a CVSS score of 7.1 Rockwell has released firmware updates that address the vulnerability for the affected controllers. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

Firmware

Firmware Social Engineering Advertising Malware

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

In April 2019, experts at Bad Packets uncovered a new wave of attacks mainly aimed at compromising D-Link routers, many of them hosted belonging to Brazilian users. . According to Avast, in the first half of 2019, hackers have modified the DNS settings of over 180,000 Brazilian routers with even more complex attacks. concludes Avast.

DNS

DNS Passwords Advertising Banking

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443.

Government

Government Passwords Firmware Accountability

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The most severe vulnerability, tracked as CVE-2019-7670, is an OS command injection flaw. Another issue, tracked as CVE-2019-7669, is an improper validation of file extensions when uploading files that was rated as CVSS score of 9.1. Another critical issue, tracked as CVE-2019-7672, received a CVSS score of 8.8.

Backups

Backups Authentication Advertising Firmware

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

The Last Watchdog

AUGUST 14, 2019

With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Many attacks today begin with a targeted phishing attacks to get a toehold inside a network.

Antivirus

Antivirus Digital transformation Firmware Software

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

The first iLnkP2P flaw tracked as CVE-2019-11219 is an enumeration vulnerability that could be exploited by an attacker to discover devices exposed online. The second issue tracked as CVE-2019-11220 can be exploited by an attacker to intercept connections to vulnerable devices and conduct man-in-the-middle (MitM) attacks.

IoT

IoT Hacking Manufacturing Advertising

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Cashdollar (@_larry0) June 25, 2019. The only way to recover infected devices is to manually reinstall the device’s firmware. pic.twitter.com/gUjWCdSIQO — Ankit Anubhav (@ankit_anubhav) June 25, 2019. pic.twitter.com/Ue661ku0fy — Larry W. ” reported ZDnet.

IoT

IoT Malware Advertising Firmware

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. However, with more than 30 billion IoT devices expected to be connected to the internet by 2026, attacks against them can have wide-ranging impacts.

IoT

IoT DDOS Malware Internet

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

To overcome the user authentication, we used a known vulnerability, CVE-2019-9013 , which allows us to perform a replay attack against the PLC using the unsecured username and password’s hash that were sent during the sign-in process , allowing us to bypass the user authentication process.” ” continues the report.

Authentication

Authentication Firmware Hacking Passwords

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2019-19824. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

Malware

Malware IoT Firmware Authentication

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Trending Sources

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Dynamic analysis of firmware components in IoT devices

MoonBounce: the dark side of UEFI firmware

P2P Weakness Exposes Millions of IoT Devices

The Internet of Things Is Everywhere. Are You Secure?

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

QSnatch malware infected over 62,000 QNAP NAS Devices

Sounding the Alarm on Emergency Alert System Flaws

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

New Ttint IoT botnet exploits two zero-days in Tenda routers

Botnet operators target multiple zero-day flaws in LILIN DVRs

BotenaGo botnet targets millions of IoT devices using 33 exploits

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

SonicWall warns users of “imminent ransomware campaign”

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Cyclops Blink malware: US and UK authorities issue alert

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Western Digital: Disconnect My Book Live drives immediately

D-Link router models affected by remote code execution issue that will not be fixed

Initial fixes for Cisco RV320 and RV325 routers were incomplete

DoS attack the caused disruption at US power utility exploited a known flaw

Flaws in Wyze cam devices allow their complete takeover

Mozi Botnet is responsible for most of the IoT Traffic

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

A new Zerobot variant spreads by exploiting Apache flaws

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

For nearly a year, Brazilian users have been targeted with router attacks

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

CISA warns of critical flaws in Prima FlexAir access control system

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Silex malware bricks thousands of IoT devices in a few hours

Attacks Escalating Against Linux-Based IoT Devices

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Stay Connected