Malwarebytes

NOVEMBER 10, 2021

Fa i l0verflow , the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen , a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks. link] — fail0verflow (@fail0verflow) November 8, 2021.

Hacking 134

Hacking Firmware Retail Engineering 134

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. When a code is sent to the SMM, the operating system is suspended and a portion of the UEFI/BIOS firmware executes various commands with elevated privileges and with access to all the data and hardware.

Firmware 106

Firmware Hacking Information Security 106

Security Affairs

MARCH 9, 2022

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. High CVE-2021-39298 BRLY-2021-004 SMM callout (privilege escalation) 8.8 High CVE-2022-23932 BRLY-2021-040 SMM callout (privilege escalation) 8.2

Firmware 98

Firmware Hacking Technology Cybersecurity 98

Security Affairs

DECEMBER 8, 2021

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

Firmware 143

Firmware DDOS Malware IoT 143

Security Affairs

SEPTEMBER 22, 2021

A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. SecurityAffairs – hacking, IoT).

Hacking 129

Hacking Firmware IoT Internet 129

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Verdict. %*.

DDOS 133

DDOS Passwords IoT Firmware 133

Security Affairs

SEPTEMBER 24, 2021

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware 125

Firmware Mobile Hacking Information Security 125

Security Affairs

MAY 19, 2021

Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. SecurityAffairs – hacking, Mercedes). ” concludes the report.

Hacking 133

Hacking Firmware Engineering Software 133

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Hacking 122

Hacking Firmware Internet Internet 122

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. SecurityAffairs – hacking, SOHO). R7900 – 1.0.4.38

DNS 141

DNS Firmware VPN Risk 141

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. Early February, SonicWall released the first firmware updates (version 10.2.0.5-29sv)

Firmware 99

Firmware Mobile Hacking Information Security 99

Security Affairs

OCTOBER 30, 2021

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. Pierluigi Paganini.

Firmware 145

Firmware Manufacturing Education Engineering 145

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. SecurityAffairs – hacking, Ranzy Locker ransomware). ” reads the flash alert. Pierluigi Paganini.

Ransomware 143

Ransomware Firmware Antivirus Accountability 143

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. Vendor supplies information.

Firmware 143

Firmware Encryption Passwords Authentication 143

Security Affairs

DECEMBER 9, 2021

Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.”

Firmware 145

Firmware Architecture Malware Hacking 145

Security Boulevard

FEBRUARY 28, 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. The sudo vulnerability aka CVE-2001-3156 , seemed to go under the radar after it was announced and patches were released on 26th January 2021. Npower App Hack.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145

Security Affairs

OCTOBER 4, 2022

North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell firmware driver dbutil_2_3.sys, SecurityAffairs – hacking, Lazarus).

Firmware 98

Firmware Malware Phishing Hacking 98

Security Affairs

SEPTEMBER 14, 2021

A high severity vulnerability, tracked as CVE-2021-3437 , in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. It can potentially be used to attack device firmware or perform legacy PCI access by accessing ports 0xCF8 / 0xCFC. SecurityAffairs – hacking, HP OMEN).

Software 141

Software Firmware Hacking Information Security 141

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 142

Firmware Authentication Hacking Software 142

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall 144

Firewall VPN Firmware Passwords 144

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware 127

Firmware Wireless Passwords Internet 127

Security Affairs

AUGUST 17, 2021

Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. This varies from device to device but typically is used for device telemetry, firmware updates, and device control.”

IoT 122

IoT Hacking Social Engineering Firmware 122

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance 101

Surveillance Hacking Firmware Manufacturing 101

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. Netgear has addressed three vulnerabilities tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145 that received a CVSS score between 7.4 ” explained Coldwind.

Firmware 126

Firmware Authentication Passwords Hacking 126

Security Affairs

AUGUST 20, 2021

During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. The company reported that during the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors.

Firmware 110

Firmware Ransomware Manufacturing Software 110

Security Affairs

MAY 2, 2021

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. A new version of ConnMan (v1.39) has been released in February 2021. The researchers Kunnamon, Inc.’s We did not want to weaponize this exploit into a worm, however.”.

Hacking 125

Hacking Firmware Manufacturing Software 125

Krebs on Security

SEPTEMBER 10, 2021

But on Thursday DDoS protection firm Qrator Labs identified the culprit — “Meris” — a new IoT monster that first emerged at the end of June 2021. It’s not immediately clear which security vulnerabilities led to these estimated 250,000 MikroTik routers getting hacked by Meris. In its Aug.

IoT 345

IoT DDOS Internet Internet 345

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware 136

Ransomware Firmware Mobile InfoSec 136

Security Affairs

SEPTEMBER 18, 2021

The flaws, tracked by the networking device vendor PSV-2021-0140, PSV-2021-0144, and PSV-2021-0145, impact the following models: GC108P GC108PP GS108Tv3 GS110TPP GS110TPv3 GS110TUP GS308T GS310TP GS710TUP GS716TP GS716TPP GS724TPP GS724TPv2 GS728TPPv2 GS728TPv2 GS750E GS752TPP GS752TPv2 MS510TXM MS510TXUP. Pierluigi Paganini.

Firmware 115

Firmware Engineering Passwords Hacking 115

Security Affairs

OCTOBER 7, 2021

Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. . In order to protect Dahua devices, users have to install the latest firmware version. SecurityAffairs – hacking, Dahua cameras).

Authentication 144

Authentication Firmware Hacking Engineering 144

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, CISA ) CISA orders federal agencies to fix these vulnerabilities by June 6, 2024.

Firmware 127

Firmware Passwords Authentication Hacking 127

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. link] pic.twitter.com/EpBsc715kI — JAMESWT (@JAMESWT_MHT) June 24, 2021. SecurityAffairs – hacking, Zyxel). The company states that devices running the Nebula cloud management mode are not impacted.

VPN 143

VPN Firewall Firmware Authentication 143

CyberSecurity Insiders

MAY 14, 2021

Apple AirTags can be hacked says a security expert from Germany and that too within a week of the sale of the very first device launched prestigiously in the first week of May’2021. Stack claimed that his study found that the device can be infiltrated and the firmware can be altered in such a way that it starts favoring the hackers.

Hacking 84

Hacking Firmware DDOS Scams 84

Security Affairs

JANUARY 14, 2024

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Bluetooth)

Firmware 137

Firmware Hacking Information Security 137

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “One of the vulnerabilities disclosed, CVE-2021-35395 [2], affects the web interface that is part of the SDK, and is a collection of 6 different vulnerabilities. ” reported IoT Inspector. ” reported IoT Inspector.

IoT 131

IoT Firmware Internet Internet 131

Security Affairs

MAY 25, 2021

Once activated, the Home Network Security station scans all traffic passing in and out of your home network, allowing it to prevent intrusions, block hacking attempts, and web threats as well as protect owner’s privacy. SecurityAffairs – hacking, Trend Micro Home Network Security). ” reads the analysis published by Talos.

Network Security 142

Network Security Authentication Firmware Passwords 142

Security Affairs

NOVEMBER 14, 2021

The FailOverFlow hacker group, known to have published in the past several PlayStation jailbreaks, published a message on Twitter that shows PS5 firmware symmetric root keys, Another one bites the dust pic.twitter.com/Y1ty93AvaE — fail0verflow (@fail0verflow) November 8, 2021. SecurityAffairs – hacking, jailbreak).

Firmware 123

Firmware Software Engineering Hacking 123