Krebs on Security

MARCH 30, 2021

A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. ” Ubiquiti has not responded to repeated requests for comment.

Accountability 280

Accountability IoT Passwords Firmware 280

Security Affairs

SEPTEMBER 8, 2020

Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password.

Firmware 128

Firmware Wireless Authentication Advertising 128

Security Affairs

DECEMBER 8, 2020

Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The third flaw is an Authenticated Crontab Injection that could allow an authenticated user to inject arbitrary CRON entries that will then be executed as root.

VPN 132

VPN Hacking Firmware Authentication 132

Security Affairs

DECEMBER 12, 2020

The flaw, tracked as CVE-2020-25191, affects driver versions prior to 20.5. “Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” Update the firmware on CompactRIO controllers to v8.5

Firmware 116

Firmware Manufacturing Software Authentication 116

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012.

IoT 141

IoT DDOS Authentication Advertising 141

Security Affairs

APRIL 17, 2020

The flaw, tracked as CVE-2020-3161, has been rated as a critical severity and received a CVSS score of 9.8. ” The CVE-2020-3161 vulnerability is caused by the improper validation of HTTP requests, an attacker could exploit the issue by sending a crafted HTTP request to the web server of the vulnerable IP Phones.

Big data 138

Big data Wireless Advertising Firmware 138

Security Affairs

JULY 1, 2020

Four of flaws have been rated high severity , they can be exploited by an unauthenticated attacker with network access to the vulnerable Netgear device to execute arbitrary code with admin or root privileges, and to bypass authentication. ZDI reported the flaws to the vendor in November 2019, January and February 2020.

Authentication 145

Authentication Firmware Hacking Mobile 145

Security Affairs

DECEMBER 17, 2020

According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020. Patch operating systems, software, firmware, and endpoints. PIN Number 20201210-001.

Ransomware 144

Ransomware Backups Firmware Accountability 144

Security Affairs

MARCH 21, 2020

A new variant of the infamous Mirai malware, tracked as Mukashi, targets Zyxel network-attached storage (NAS) devices exploiting recently patched CVE-2020-9054 issue. According to Palo Alto researchers, threat actors exploited the recently patched CVE-2020-9054 vulnerability in Zyxel NAS. The vendor advisory is also available.

DDOS 134

DDOS Authentication Advertising Firmware 134

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom.”

Malware 142

Malware Firmware Advertising Manufacturing 142

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names.

Internet 138

Internet Internet Firmware Advertising 138

Security Affairs

APRIL 25, 2021

Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. “The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface.

Firmware 122

Firmware Passwords Authentication Wireless 122

SecureList

SEPTEMBER 29, 2022

In 2020, CVE-2020-28212 , a vulnerability affecting this software, was reported, which could be exploited by a remote unauthorized attacker to gain control of a PLC with the privileges of an operator already authenticated on the controller. The procedure acts as authentication. In firmware versions prior to 2.7

Firmware 107

Firmware Passwords Authentication Engineering 107

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware 98

Firmware Education Media Authentication 98

Security Affairs

AUGUST 5, 2020

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data. UPDATE: [link] — Bank Security (@Bank_Security) August 5, 2020. According to Bank Security , all the Pulse Secure VPN servers included in the list were vulnerable to the CVE-2019-11510 flaw.

VPN 144

VPN Passwords Banking Advertising 144

Security Affairs

JANUARY 22, 2021

Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses.

Hacking 144

Hacking Authentication Firmware Phishing 144

CyberSecurity Insiders

NOVEMBER 11, 2021

The string “Server: Boa/0.93.15” is mapped to the function “main_infectFunctionGponFiber,” (see figure 4) which attempts to exploit a vulnerable target, allowing the attacker to execute an OS command via a specific web request (CVE-2020-8958 as shown in figure 5). CVE-2020-8515. CVE-2020-9377. A2pvI042j1.d26m.

Malware 85

Malware IoT Firmware Authentication 85

Security Affairs

OCTOBER 26, 2021

The gang has been active since at least 2020, threat actors hit organizations from various industries. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services. Disable hyperlinks in received emails.

Ransomware 143

Ransomware Firmware Antivirus Accountability 143

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. “An

Firewall 135

Firewall Firmware Cyber Attacks VPN 135

Security Affairs

APRIL 2, 2021

The vulnerabilities affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446 that reached end of life (EOL). “During the inspection, we fuzzed the web server with customized HTTP requests to different cgi pages, with focus on those that do not require prior authentication. ” continues the advisory.

Firmware 113

Firmware Internet Internet Authentication 113

Security Affairs

JUNE 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 107

Firmware Advertising Ransomware Hacking 107

Security Affairs

JUNE 3, 2021

.” The vulnerabilities impact all embedded and IoT devices that use the Realtek RTL8710C module, they could be exploited only by attackers on the same Wi-Fi network or know the network’s pre-shared key (PSK) used to authenticate wireless clients on local area networks. The latest version of ambz2 SDK (7.1d) addresses the issues.

Wireless 126

Wireless IoT Encryption Firmware 126

Security Affairs

AUGUST 29, 2024

Commands can be injected over the network and executed without authentication.” The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. “Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the running process.”

Firmware 125

Firmware Malware Security Intelligence Authentication 125

Security Affairs

APRIL 23, 2021

Recently QNAP addressed a critical authentication bypass issue, tracked as CVE-2021-28799 , in its Hybrid Backup Sync. Last week, QNAP addressed a SQL Injection flaw in Multimedia Console and the Media Streaming Add-On tracked as CVE-2020-36195. If anyone's dealing with the QLocker QNAP NAS ransomware, feel free to DM me.

Ransomware 144

Ransomware Backups Media Malware 144

Security Affairs

AUGUST 3, 2019

The WPA Wireless security standard was designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and to establish secure connections that hackers cannot spy on. More worrisome, we found that the Wi-Fi firmware of Cypress chips only executes 8 iterations at minimum to prevent side-channel leaks.

Passwords 111

Passwords Hacking Wireless Authentication 111

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Use multifactor authentication where possible.

Government 103

Government Passwords Accountability Firmware 103

Security Affairs

FEBRUARY 25, 2020

Zyxel has released security patches to address a critical remote code execution vulnerability, tracked as CVE-2020-9054, that affects several NAS devices. “ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. ” reads the advisory published by CERT/CC. and earlier.

Authentication 109

Authentication Advertising Firmware Internet 109

SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Make sure to update the firmware. Conclusion.

DDOS 133

DDOS Passwords IoT Firmware 133

eSecurity Planet

APRIL 28, 2022

CVE-2020-1472. CVE-2020-0688. Three of these vulnerabilities — CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 — were also routinely exploited in 2020. CVE-2020-2509. CVE-2021-26084. Atlassian Confluence Server and Data Center. Arbitrary code execution. CVE-2021-21972. VMware vSphere Client. Elevation of privilege.

Cybersecurity 115

Cybersecurity Software Firmware Internet 115

Malwarebytes

SEPTEMBER 3, 2021

As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020. Use multi-factor authentication with strong pass phrases where possible.

Ransomware 144

Ransomware Manufacturing Passwords Internet 144

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022.

IoT 98

IoT Firmware Marketing Authentication 98

Google Security

NOVEMBER 13, 2020

Posted by Fabian Kaczmarczyck, Software Engineer, Jean-Michel Picod, Software Engineer and Elie Bursztein, Security and Anti-abuse Research Lead Security keys and your phone’s built-in security keys are reshaping the way users authenticate online. So, today we are releasing a new open source security key test suite.

Firmware 75

Firmware Authentication Engineering Technology 75

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. hard drive, storage device, the cloud).

Ransomware 119

Ransomware Passwords Backups Firmware 119

SecureList

MAY 23, 2022

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team ( RA PSIRT ) of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment. Since authentication data is encrypted with a preset symmetric key, the attacker could decrypt an intercepted target (device) password.

Passwords 110

Passwords Authentication Architecture Encryption 110

CyberSecurity Insiders

JANUARY 26, 2022

Figure 4 shows the implementation of CVE-2020-10987. Figure 5 shows the implementation of CVE-2020-10173. Install security and firmware upgrades from vendors, as soon as possible. 2830690: ETPRO EXPLOIT GPON Authentication Bypass Attempt (CVE-2018-10561). 4002119: AV EXPLOIT Comtrend Router ping.cgi RCE (CVE-2020-10173).

Malware 81

Malware IoT Authentication Antivirus 81

Malwarebytes

OCTOBER 28, 2021

Ranzy Locker ransomware emerged in late 2020, when the variant began to target victims in the United States. Install security updates for software, operating systems, and firmware as soon as they are released. Use double authentication when logging into accounts or services. Disable hyperlinks in received emails.

Ransomware 128

Ransomware Backups Encryption Accountability 128

Thales Cloud Protection & Licensing

APRIL 20, 2021

Organizations suffered an unprecedented number of cyberattacks in 2020. The FBI’s Cyber Division received as many as 4,000 complaints of digital attacks a day in H1 2020, reported by The Hill. Even fewer (19%) told Proofpoint that they had updated their Wi-Fi router’s firmware.

Mobile 71

Mobile Architecture Data breaches Authentication 71