2020, Firmware and Internet - Cyber Security Informer

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

Let's drill into all that and then go deeper into custom firmware and soldering too. I can easily block a device from talking to the internet, throttle its connection, see which online services it's communicating with and access a whole host of other information about it. — Dementor ????

Firmware

Firmware IoT Wireless Manufacturing

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

Almost - there's still that cloud dependency and there's really only 2 ways around that: Control the existing device locally with the original firmware Flash the device with 3rd party firmware that supports local control Let's explore these more starting with the first option because it feels like the most low-friction path.

Internet

Internet Internet IoT Firmware

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware

Firmware Passwords Internet Internet

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Infrastructure.

Firmware

Firmware DNS Malware Technology

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

In October last year, experts reported a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135 , in SonicWall Network Security Appliance (NSA) appliances. This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, ” reads the advisory published by NCC Group.”

Firmware

Firmware Authentication Hacking Software

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. Source: DZone’s Edge Computing and IoT, 2020 . A Safer Internet of Things.

Internet

Internet Internet IoT Software

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

Troy Hunt

NOVEMBER 22, 2020

link] — Troy Hunt (@troyhunt) April 25, 2020 In my mind, the answer would be simple: "Just buy X, plug it in and you're good to go". Instead, I found myself heading down the rabbit hole into a world of soldering, custom firmware and community-driven home automation kits. So impressed with the Shelly 1, it made this so simple ??

IoT

IoT Firmware Manufacturing Internet

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507). Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020.

Cryptocurrency

Cryptocurrency Firmware Malware Threat Detection

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. In May 2020, Zipper told another Lolzteam member that quot[.]pw A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. and printers (or print servers). .

Internet

Internet Internet Firmware Advertising

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. 11, Ubiquiti Inc. ” Ubiquiti has not responded to repeated requests for comment.

Accountability

Accountability IoT Passwords Firmware

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The vulnerabilities ((CVE-2020-25183, CVE-2020-25187, CVE-2020-27252)) could be only exploited by an attacker within the Bluetooth range of the vulnerable product. The third vulnerability, tracked as CVE-2020-27252, is a race condition that could be leveraged to upload and execute unsigned firmware on the Patient Reader.

Firmware

Firmware Authentication Mobile IoT

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

“To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” You can check the product support status to see the latest updates available to your NAS model.” ” continues the advisory.

Ransomware

Ransomware Cryptocurrency Malware Internet

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Tracked as CVE-2020-25159 , the flaw is rated 9.8 The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 ” Experts used the search engines for Internet-connected devices, like Shodan.io, to search for ENIP-compatible internet-facing devices and discovered more than 8,000 systems exposed online. .”

Hacking

Hacking Firmware Internet Internet

SiteLock’s Top Five Cybersecurity Predictions For 2020

SiteLock

AUGUST 27, 2021

According to SiteLock researchers and cybersecurity experts, the threat landscape will only continue to grow in 2020 and will likely bring even more new challenges with it. We’ve analyzed the current state of the industry and packaged up our top five cybersecurity predictions for 2020.

Cybersecurity

Cybersecurity Phishing Data breaches IoT

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router. “Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE.

Firmware

Firmware Wireless Authentication Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

.” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987. The vulnerability was detailed in July 2020 by the security researchers Sanjana Sarda. “We recommend that Tenda router users check their firmware and make necessary update.”

IoT

IoT Firmware Advertising DNS

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

The National Instruments CompactRIO product , a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications.

Firmware

Firmware Manufacturing Software Authentication

QNAP fixed eight flaws that could allow NAS devices takeover

Security Affairs

DECEMBER 8, 2020

The high-severity vulnerabilities tracked as CVE-2020-2495, CVE-2020-2496, CVE-2020-2497, and CVE-2020-2498 are cross-side-scripting flaws that could allow remote attackers to inject malicious code in File Station, to inject malicious code in System Connection Logs, and to inject malicious code in certificate configuration.

Firmware

Firmware Malware Ransomware Hacking

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. Another critical vulnerability addressed by the company is CVE-2020-1654 , it could be exploited to trigger a DoS condition or to execute arbitrary code remotely.

Firmware

Firmware Advertising Firewall Internet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. .

Firewall

Firewall Firmware Cyber Attacks VPN

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Security Affairs

APRIL 2, 2021

The vulnerabilities affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446 that reached end of life (EOL). The first vulnerability is an RCE issue that affects any QNAP device exposed to the Internet, it resides in the NAS web server (default TCP port 8080). October 23, 2020 – Sent another e-mail to QNAP security team.

Firmware

Firmware Internet Internet Authentication

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

“According to analysis, QNAP NAS can become infected when they are connected to the Internet with weak user passwords.” “In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.”

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. 10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts.

Firmware

Firmware Passwords Authentication Wireless

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Since mid-April in 2020, the Atos-owned organization has struggled to have the security loopholes fixed in vain. Malicious firmware and bootloader uploads are possible too.

Firmware

Firmware Energy and Utilities Cyber Attacks Surveillance

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. reads the advisory.

VPN

VPN Passwords Banking Advertising

Security Affairs newsletter Round 268

Security Affairs

JUNE 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Ransomware Hacking

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom.” The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020.

Ransomware

Ransomware Manufacturing Passwords Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches.

IoT

IoT DDOS Malware Firmware

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software. “We also provided attribution for the researcher’s responsible disclosure, allowing us to rectify the matters before making any public statements. .”

Firmware

Firmware Manufacturing Passwords Software

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

The Last Watchdog

JUNE 27, 2023

The models of the EM-30 and S-56(u) series, which are available as an embedded component in the form of an e.MMC or as flexible, interchangeable SD memory cards, offer maximum reliability due to proven firmware architecture. Since 2020, the independent investment firm Ardian has held a majority stake in the company to support its growth.

IoT

IoT Manufacturing Media Technology

Router security in 2021

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021.

DDOS

DDOS Passwords IoT Firmware

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

Security Affairs

OCTOBER 8, 2020

According to a security advisory published by the company, both flaws, tracked as CVE-2020-2506 and CVE-2020-2507 , are improper access control vulnerabilities. Helpdesk is a built-in app that allows owners of QNAP NAS to directly submit help requests to the vendor from their NAS, to do this, the app has specific permission.

Encryption

Encryption Advertising Firmware Ransomware

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As public and private sector entities gradually march toward 5G, the financial burden of piling security standards could force some Internet of Things device manufacturers to walk away from highly regulated markets like defense. The Internet of Things Cybersecurity Improvement Act of 2020 , which was enacted Dec.

Manufacturing

Manufacturing IoT Firmware Architecture

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

The Internet of Things is a Complete Mess (and how to Fix it)

Trending Sources

Another 0-Day Looms for Many Western Digital Users

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

IoT Unravelled Part 3: Security

MoonBounce: the dark side of UEFI firmware

Expert found a secret backdoor in Zyxel firewall and VPN

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

The Internet of Things Is Everywhere. Are You Secure?

BotenaGo botnet targets millions of IoT devices using 33 exploits

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Interview With a Crypto Scam Investment Spammer

A daily average of 80,000 printers exposed online via IPP

Whistleblower: Ubiquiti Breach “Catastrophic”

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

AgeLocker ransomware operation targets QNAP NAS devices

A critical flaw in industrial automation systems opens to remote hack

SiteLock’s Top Five Cybersecurity Predictions For 2020

Expert found multiple critical issues in MoFi routers

New Ttint IoT botnet exploits two zero-days in Tenda routers

NI CompactRIO controller flaw could allow disrupting production

QNAP fixed eight flaws that could allow NAS devices takeover

Juniper Networks addressed many issues in its products

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Botnet operators target multiple zero-day flaws in LILIN DVRs

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Dovecat crypto-miner is targeting QNAP NAS devices

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs newsletter Round 268

QSnatch malware infected over 62,000 QNAP NAS Devices

FBI warns of ransomware threat to food and agriculture

A new Zerobot variant spreads by exploiting Apache flaws

Sounding the Alarm on Emergency Alert System Flaws

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

Router security in 2021

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

March to 5G could pile on heavier security burden for IoT device manufacturers

Stay Connected