2020 and Firmware - Cyber Security Informer

Weekly Update 211

Troy Hunt

OCTOBER 2, 2020

22% of breaches begin with phishing (DBIR 2020). This week there's all the above and, on a more personal note, my relationship with Charlotte. References My shoes are connected! Sponsored by: Tines. Submit suspicious emails and attachments to Phish.ly for free immediate analysis!

Firmware

Firmware Phishing Accountability

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. 2020-05-03.

Firmware

Firmware DNS Malware Technology

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware

Firmware Malware System Administration Technology

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT

IoT Government Firmware Hacking

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware

Firmware Passwords Internet Internet

Microsoft Finds New NETGEAR Firmware Vulnerabilities

Heimadal Security

JULY 2, 2021

Tracked as PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365, they range in CVSS rating from high (7.4) The post Microsoft Finds New NETGEAR Firmware Vulnerabilities appeared first on Heimdal Security Blog. to critical (9.4). Microsoft reported […].

Firmware

Firmware Identity Theft IoT Cybersecurity

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Encryption

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Between 2020 and 2022, attackers launched multiple campaigns to exploit zero-day vulnerabilities in publicly accessible network appliances, focusing on WAN-facing services. Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices.

Firmware

Firmware Government Firewall Malware

Mobile malware evolution 2020

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. It just so happened that the year 2020 gave hackers a large number of powerful news topics, with the COVID-19 pandemic as the biggest of these.

Mobile

Mobile Malware Adware Banking

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

NOVEMBER 9, 2020

TFC 2020 has come to the end, all these excellent offensive researchers and their burning 0days makes #TFC 2020 a success! pic.twitter.com/MwJLc5M0B4 — TianfuCup (@TianfuCup) November 8, 2020. — TianfuCup (@TianfuCup) November 8, 2020. Thank you all for participating and following! Pierluigi Paganini.

Hacking

Hacking Firmware Software Government

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Security Affairs

MAY 28, 2021

Researchers at industrial cybersecurity firm Claroty have discovered a high-severity vulnerability in Siemens PLCs, tracked as CVE-2020-15782 , that could be exploited by remote and unauthenticated attackers to bypass memory protection. Claroty’s blog post describes the PLC sandbox and the role CVE-2020-15782 could play in an attack.

Hacking

Hacking Firmware Engineering Cybersecurity

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests. Overall, Q4 remained within the parameters of 2020 trends.

DDOS

DDOS Cryptocurrency Marketing Internet

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. D-Link’s DIR-865L is no longer supported for U.S.

Firmware

Firmware Wireless Advertising Risk

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, ” reads the advisory published by NCC Group.”

Firmware

Firmware Authentication Hacking Software

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

In October last year, experts reported a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135 , in SonicWall Network Security Appliance (NSA) appliances. The post SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day appeared first on Security Affairs. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

Microsoft's Pluton security processor tackles hardware, firmware vulnerabilities

CSO Magazine

JANUARY 19, 2022

First announced in 2020, the Pluton is a security processor that Microsoft developed in partnership with AMD and Qualcomm to provide what they called “chip to cloud” security. While this year’s Consumer Electronics Show was impacted by COVID, it didn’t stop Lenovo from announcing the first Microsoft Pluton-powered Windows 11 PCs.

Firmware

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507). Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020.

Cryptocurrency

Cryptocurrency Firmware Malware Threat Detection

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The vulnerabilities have been reported by the ACE Team at Loginsoft, below the full list included in the security advisory published by the vendor: CVE-2020-15892 :: Link :: DAP 1520 :: Buffer overflow in the `ssi` binary, leading to arbitrary command execution. B09 (and below) will receive no security updates remaining vulnerable.

Firmware

Firmware Advertising Authentication Hacking

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The vulnerabilities ((CVE-2020-25183, CVE-2020-25187, CVE-2020-27252)) could be only exploited by an attacker within the Bluetooth range of the vulnerable product. The third vulnerability, tracked as CVE-2020-27252, is a race condition that could be leveraged to upload and execute unsigned firmware on the Patient Reader.

Firmware

Firmware Authentication Mobile IoT

SiteLock’s Top Five Cybersecurity Predictions For 2020

SiteLock

AUGUST 27, 2021

According to SiteLock researchers and cybersecurity experts, the threat landscape will only continue to grow in 2020 and will likely bring even more new challenges with it. We’ve analyzed the current state of the industry and packaged up our top five cybersecurity predictions for 2020.

Cybersecurity

Cybersecurity Phishing Data breaches IoT

Microsoft found auth bypass, system hijack flaws in Netgear routers

Security Affairs

JULY 1, 2021

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. “In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited.” html) and the firmware image itself (.chk

Firmware

Firmware Authentication Encryption Passwords

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

.” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987. The vulnerability was detailed in July 2020 by the security researchers Sanjana Sarda. “We recommend that Tenda router users check their firmware and make necessary update.”

IoT

IoT Firmware Advertising DNS

IoT Unravelled Part 4: Making it All Work for Humans

Troy Hunt

NOVEMBER 25, 2020

How are you getting around it, or just banning anyone from touching physical switches? :) — Adam Fowler (@AdamFowler_IT) August 13, 2020 Those lights are Atom WiZ Connected RGB LEDs and they talk directly to the Wi-Fi network. We have one over every switch that we don’t want used they come in colors or clear.

IoT

IoT Firmware Media Marketing

Millions of Old Broadband Routers in the UK Have Serious Security Flaws

Heimadal Security

MAY 7, 2021

investigation, millions of people around the UK could be at risk of using routers with security flaws, or that are no longer being supported with firmware updates. Image Source: BBC After surveying over 6,000 adults in December 2020, Which? identified 13 older routers that are still being used by households […].

Firmware

Firmware Risk Cybersecurity

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

The Hacker News

APRIL 25, 2022

Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020. <!-

Malware

Malware Firmware IoT

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware

Firmware Malware Hacking Manufacturing

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. ” Ubiquiti has not responded to repeated requests for comment.

Accountability

Accountability IoT Passwords Firmware

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. ” reads the security bulletin.

Firmware

Firmware VPN Accountability Advertising

Updates provided by Red Hat for BootHole cause systems to hang

Security Affairs

JULY 31, 2020

This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole , that can be exploited to install a stealthy malware. minimal" version from Binary DVD iso downloaded on 7/29/2020 on system running in EFI mode 2.

Firmware

Firmware Advertising Malware Hacking

Mobile Adware makes online banking services as Prime Targets

CyberSecurity Insiders

MARCH 1, 2021

As per the document ‘Mobile Malware Evolution 2020’ document released by Kaspersky, the online banking services have become prime targets to those spreading Mobile Adware. Among the most popular adware witnessed in 2020, Ewind followed by FakeAdBlocker remained as the leading malware families in the past year, followed by HiddenAd malware.

Adware

Adware Banking Mobile Firmware

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

The Hacker News

MAY 5, 2021

1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. sys" that comes pre-installed on

Firmware

QNAP fixed eight flaws that could allow NAS devices takeover

Security Affairs

DECEMBER 8, 2020

The high-severity vulnerabilities tracked as CVE-2020-2495, CVE-2020-2496, CVE-2020-2497, and CVE-2020-2498 are cross-side-scripting flaws that could allow remote attackers to inject malicious code in File Station, to inject malicious code in System Connection Logs, and to inject malicious code in certificate configuration.

Firmware

Firmware Malware Ransomware Hacking

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants

CSO Magazine

JUNE 2, 2022

The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products. Firmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups.

Firmware

Firmware Ransomware Engineering

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

The flaw, tracked as CVE-2020-25191, affects driver versions prior to 20.5. Update the firmware on CompactRIO controllers to v8.5 Refer to Upgrading Firmware on my NI Linux Real-Time Device for directions on how to update the firmware on current controllers. ” reads the security advisory published by CISA.

Firmware

Firmware Manufacturing Software Authentication

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” ” continues the report.

Firmware

Firmware Wireless Authentication Advertising

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Tracked as CVE-2020-25159 , the flaw is rated 9.8 The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. ” reads the security advisory published by Claroty.

Hacking

Hacking Firmware Internet Internet

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

Weekly Update 211

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Webinars

Trending Sources

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Webinars

MoonBounce: the dark side of UEFI firmware

Japanese Government Will Hack Citizens' IoT Devices

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Another 0-Day Looms for Many Western Digital Users

Microsoft Finds New NETGEAR Firmware Vulnerabilities

IoT Unravelled Part 3: Security

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Mobile malware evolution 2020

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

DDoS attacks in Q4 2020

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Expert found a secret backdoor in Zyxel firewall and VPN

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

BotenaGo botnet targets millions of IoT devices using 33 exploits

Microsoft's Pluton security processor tackles hardware, firmware vulnerabilities

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

D-Link addressed 5 flaws on some router models, some of them reached EoL

AMD is going to patch UEFI SMM callout privilege escalation flaw

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

SiteLock’s Top Five Cybersecurity Predictions For 2020

Microsoft found auth bypass, system hijack flaws in Netgear routers

New Ttint IoT botnet exploits two zero-days in Tenda routers

IoT Unravelled Part 4: Making it All Work for Humans

Millions of Old Broadband Routers in the UK Have Serious Security Flaws

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

TrickBoot feature allows TrickBot bot to run UEFI attacks

Whistleblower: Ubiquiti Breach “Catastrophic”

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Hackers target zero-day flaws in enterprise Draytek network devices

Updates provided by Red Hat for BootHole cause systems to hang

Mobile Adware makes online banking services as Prime Targets

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

QNAP fixed eight flaws that could allow NAS devices takeover

Botnet operators target multiple zero-day flaws in LILIN DVRs

Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants

NI CompactRIO controller flaw could allow disrupting production

Expert found multiple critical issues in MoFi routers

A critical flaw in industrial automation systems opens to remote hack

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Stay Connected