SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Distribution of router vulnerabilities by priority, 2021 ( download ). Router-targeting malware.

DDOS 133

DDOS Passwords IoT Firmware 133

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 143

Firmware Authentication Hacking Software 143

SC Magazine

FEBRUARY 3, 2021

x firmware. x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. . SonicWall’s firmware update to version 10.2.0.5-29sv The post SonicWall issues firmware patch after attackers exploited critical bugs appeared first on SC Media. SonicWall). 31 and Feb.

Firmware 95

Firmware Mobile InfoSec Passwords 95

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services. ” reads the flash alert.

Ransomware 143

Ransomware Firmware Antivirus Accountability 143

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. Vendor supplies information.

Firmware 143

Firmware Encryption Passwords Authentication 143

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. Netgear has addressed three vulnerabilities tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145 that received a CVSS score between 7.4 ” explained Coldwind.

Firmware 127

Firmware Authentication Passwords Hacking 127

eSecurity Planet

MARCH 17, 2025

Since its emergence in 2021, Medusa has targeted over 300 victims across various critical infrastructure sectors, including medical, education, legal, insurance, technology, and manufacturing. What is Medusa ransomware?

Ransomware 75

Ransomware Backups Firmware Insurance 75

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 145

Authentication Firmware Hacking Engineering 145

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware 98

Firmware Malware Encryption Authentication 98

Security Affairs

DECEMBER 9, 2021

Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.”

Firmware 145

Firmware Architecture Malware Hacking 145

Malwarebytes

AUGUST 9, 2021

On August 3, 2021 a vulnerability that was discovered by Tenable was made public. The vulnerability is listed as CVE-2021-20090. Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02

Firmware 136

Firmware DDOS Internet Internet 136

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware 128

Firmware Wireless Passwords Internet 128

eSecurity Planet

APRIL 28, 2022

cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. The advisory entails the top 15 Common Vulnerabilities and Exposures (CVEs) that were routinely exploited by malicious cyber actors in 2021, plus another 21 frequently exploited CVEs.

Cybersecurity 115

Cybersecurity Software Firmware Internet 115

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication 131

Authentication Firmware Hacking Engineering 131

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.

Firmware 128

Firmware Passwords Authentication Hacking 128

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication.

Network Security 143

Network Security Authentication Firmware Passwords 143

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. link] pic.twitter.com/EpBsc715kI — JAMESWT (@JAMESWT_MHT) June 24, 2021. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e.

VPN 143

VPN Firewall Firmware Authentication 143

Security Affairs

DECEMBER 8, 2021

The most severe vulnerabilities addressed by SonicWall are two critical stack-based buffer overflow vulnerabilities tracked as CVE-2021-20038 and CVE-2021-20045 respectively. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, ” reads the advisory for the CVE-2021-20038 flaw.

Authentication 133

Authentication Firmware Hacking Information Security 133

eSecurity Planet

MAY 28, 2021

We look at three RSAC 2021 sessions and some of the most daunting vulnerabilities presented by the SANS Institute, Cybersecurity and Infrastructure Security Agency (CISA), and Varonis Systems. Also Read: And the Winner of the 2021 RSA Innovation Contest is… SANS: Five dangerous new attack techniques and vulnerabilities.

Software 120

Software DNS Firmware VPN 120

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “One of the vulnerabilities disclosed, CVE-2021-35395 [2], affects the web interface that is part of the SDK, and is a collection of 6 different vulnerabilities. ” reported IoT Inspector. ” reported IoT Inspector.

IoT 133

IoT Firmware Internet Internet 133

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease. CISA catalog. The vulnerability.

Firmware 145

Firmware Software Risk Authentication 145

Malwarebytes

OCTOBER 22, 2021

Unfortunately, in an echo of the Y2K bug, a flaw in some versions of GPSD could cause time to roll back after October 23, 2021. The buggy versions of the code reportedly subtract 1024 from the week number on October 24, 2021. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time.

Authentication 145

Authentication System Administration Firmware Passwords 145

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A However, it turns out that this information is not so secret after all, but can be retrieved without authentication from the path /about_state” reads the analysis published by the experts. “Firmware Update 8.2B

Firmware 112

Firmware Manufacturing Passwords Penetration Testing 112

Security Affairs

MAY 29, 2021

SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026 , impacting on-premises versions of the Network Security Manager (NSM).

Firmware 114

Firmware Authentication Network Security Hacking 114

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication 101

Authentication Firmware Hacking Engineering 101

Malwarebytes

AUGUST 24, 2021

Last time it was a vulnerability in the Arcadyan firmware found in devices distributed by some of today’s biggest router vendors and internet service providers, such as ASUS, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, and British Telecom. Vulnerabilities. Same botnet, same operator?

Firmware 107

Firmware IoT Internet Internet 107

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware 145

Firmware Passwords Authentication Manufacturing 145

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. Gift yourself a Samsung device from this Thanksgiving 2021 or Black Friday 2021 deals.

Mobile 132

Mobile Firmware Passwords Manufacturing 132

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 77

Authentication Risk Mobile Computers and Electronics 77

CyberSecurity Insiders

AUGUST 13, 2021

Tenable researchers claim hackers are exploiting a security flaw termed authentication-bypass vulnerability that is impact routers and internet of things (IoT) devices. What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan.

Firmware 136

Firmware Malware DDOS Manufacturing 136

Security Affairs

SEPTEMBER 2, 2021

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers. ” continue the researchers.

Firmware 123

Firmware Manufacturing IoT Technology 123

SecureList

SEPTEMBER 29, 2022

In 2020, CVE-2020-28212 , a vulnerability affecting this software, was reported, which could be exploited by a remote unauthorized attacker to gain control of a PLC with the privileges of an operator already authenticated on the controller. The procedure acts as authentication. In firmware versions prior to 2.7

Firmware 108

Firmware Passwords Authentication Engineering 108

Security Affairs

JULY 19, 2021

Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466 , affecting the Windows Hello facial authentication process, An attacker could exploit the vulnerability to login systems running the Windows 10 OS. For more information, please see CVE-2021-34466: [link].

Manufacturing 126

Manufacturing Authentication Firmware Hacking 126

Security Affairs

APRIL 23, 2021

Recently QNAP addressed a critical authentication bypass issue, tracked as CVE-2021-28799 , in its Hybrid Backup Sync. If you are using a QNAP NAS device update the above apps and its firmware as soon as possible. qlocker @QNAP_nas — Jack Cable (@jackhcable) April 22, 2021. I can help recover data.

Ransomware 144

Ransomware Backups Media Malware 144

Security Affairs

DECEMBER 14, 2022

million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. The reign of a Chinese brand.

Surveillance 145

Surveillance Manufacturing Internet Internet 145

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated.

Firmware 100

Firmware IoT Authentication Backups 100

Thales Cloud Protection & Licensing

APRIL 20, 2021

Organizations Need a New NetSec Approach, Reveals Verizon’s 2021 Mobile Security Index. Tue, 04/20/2021 - 11:33. In the MSI 2021, more than half of respondents told Verizon that their organizations allowed employees to access corporate IT assets over public Wi-Fi. Verizon’s MSI 2021, page 72. Verizon’s MSI 2021, page 73.

Mobile 71

Mobile Architecture Data breaches Authentication 71