2022, Authentication and Firmware - Cyber Security Informer

Ransomware: February 2022 review

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal).

Ransomware

Ransomware Phishing Accountability Technology

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. “CVE-2022-22071 was included in our May 2022 public bulletin. CVE-2023-28540 : Improper Authentication in Data Modem.

Firmware

Firmware Surveillance Authentication Manufacturing

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

The Hacker News

MAY 13, 2022

SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1.

Firmware

Firmware Mobile Authentication

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Ransomware: March 2022 review

Malwarebytes

APRIL 11, 2022

In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services.

Ransomware

Ransomware Accountability Technology Firmware

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. 11)C0 and earlier V5.21(AAZF.12)C0

Firewall

Firewall Firmware Authentication VPN

IT threat evolution Q3 2022

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Non-mobile statistics.

Malware

Malware Computers and Electronics Adware Cryptocurrency

Ransomware: April 2022 review

Malwarebytes

MAY 6, 2022

April 2022 was most notable for the emergence of three new ransomware-as-a-service ( RaaS ) groups— Onyx , Mindware , and Black Basta —as well as the unwelcome return of REvil , one of the world’s most notorious and dangerous ransomware operations. Ransomware attacks in April 2022. Known ransomware attacks in April 2022 by country.

Ransomware

Ransomware Encryption Accountability Technology

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. .”

Firmware

Firmware Authentication Passwords Manufacturing

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication

Authentication Firmware Hacking Engineering

Zyxel fixes a critical bug in its business firewall and VPN devices

Security Affairs

APRIL 1, 2022

Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. “Zyxel has released patches for products affected by the authentication bypass vulnerability. Patch 5 in May 2022. Patch 5 in May 2022.

Firewall

Firewall VPN Firmware Authentication

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Digital transformation

Digital transformation Cybersecurity Computers and Electronics Encryption

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Malwarebytes

JANUARY 12, 2022

Microsoft yesterday released the first patch Tuesday security updates of the year 2022. Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” It’s unclear if Server 2022 is similarly impacted. CVE-2022-21836 allows an attacker to bypass a security feature.

Authentication

Authentication Firmware Passwords Technology

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware

Firmware Authentication Software Hacking

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated.

Firmware

Firmware IoT Authentication Backups

Best Disaster Recovery Solutions for 2022

eSecurity Planet

JULY 8, 2022

“With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS. Identity and access management with role-based access control and multi-factor authentication is available.

Backups

Backups Ransomware Technology Marketing

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Thu, 03/17/2022 - 09:46. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Anonymous (not verified). Continuous Risk Detection.

Authentication

Authentication Risk Mobile Computers and Electronics

CISA advises D-Link users to take vulnerable routers offline

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease. CISA catalog.

Firmware

Firmware Software Risk Authentication

Update now! Zyxel patches critical firewall bypass vulnerability

Malwarebytes

APRIL 4, 2022

Zyxel says the vulnerability, listed as CVE-2022-0342 , is an authentication bypass vulnerability caused by the lack of a proper access control mechanism, which has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device.

Firewall

Firewall Firmware VPN Authentication

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. “An

Firewall

Firewall Firmware Cyber Attacks VPN

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

.” The vulnerabilities, tracked as CVE-2023-27357 , CVE-2023-27367 , CVE-2023-27368 , CVE-2023-27369 , CVE-2023-27370 , were demonstrated by Claroty researchers during the 2022 Pwn2Own Toronto hacking contest as part of an exploit. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Hacking

Hacking Firmware Authentication DNS

Arris router vulnerability could lead to complete takeover

Malwarebytes

FEBRUARY 16, 2023

Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company.

Firmware

Firmware Authentication Passwords Internet

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication

Authentication Firmware Hacking Engineering

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

Criminal group busted after stealing hundreds of keyless cars

Malwarebytes

OCTOBER 18, 2022

Europol said it's supported the investigation since March 2022 by providing extensive analysis and the dissemination of intelligence packages to each of the affected countries. Vulnerabilities in the keyless entry systems have been found in the firmware of other car manufactures. Mitigation.

Firmware

Firmware Manufacturing Software Authentication

The secrets of Schneider Electric’s UMAS protocol

SecureList

SEPTEMBER 29, 2022

In 2020, CVE-2020-28212 , a vulnerability affecting this software, was reported, which could be exploited by a remote unauthorized attacker to gain control of a PLC with the privileges of an operator already authenticated on the controller. The procedure acts as authentication. In firmware versions prior to 2.7

Firmware

Firmware Passwords Authentication Engineering

Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday

Malwarebytes

MARCH 9, 2022

The updates for Microsoft’s March 2022 Patch Tuesday should fix 92 vulnerabilities, including three zero-day vulnerabilities. CVE-2022-21990 : A Remote Desktop Client remote code execution vulnerability. CVE-2022-24512 : A.NET and Visual Studio Remote Code Execution vulnerability. Remote Desktop Client. Exchange Server.

Authentication

Authentication Firmware Accountability

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: “An attacker can make an authenticated HTTP request to trigger this vulnerability.” ” states Talos. on January 19, 2023.

Wireless

Wireless Firmware Authentication Passwords

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk

Risk VPN Internet Internet

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Thu, 03/17/2022 - 09:46. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Anonymous (not verified). Continuous Risk Detection.

Authentication

Authentication Risk Mobile Computers and Electronics

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

Two of these vulnerabilities, tracked as CVE-2022-31805 and CVE-2022-31806, have been rated critical (CVSS scores: 9.8), 7 as high risk, and 2 as medium risk. recommending vendors who use CODESYS V2 Runtime to investigate themselves in time, and actively to fix and release the patched version of firmware.

Software

Software Manufacturing Firmware Risk

Router security in 2021

SecureList

JUNE 8, 2022

Number of router vulnerabilities according to cve.mitre.org, 2010–2022 ( download ). Number of router vulnerabilities according to nvd.nist.gov, 2010–2022 ( download ). search for smart devices with the default password in the summer of last year revealed more than 27,000 hits, a similar search in April 2022 returned only 851.

DDOS

DDOS Passwords IoT Firmware

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

PoC exploit code for critical Realtek RCE flaw released online

Security Affairs

AUGUST 18, 2022

The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek’s RTL819x system on a chip was released online. ” reads the advisory published by Realtek, which published the issue in March 2022. exploits_nexx t: PoC and exploit code.

Firmware

Firmware IoT Hacking Authentication

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. Upgrade to the latest firmware version.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Android vulnerabilities could allow arbitrary code execution

Malwarebytes

OCTOBER 6, 2022

The critical Qualcomm vulnerabilities all relate to the WLAN component and have the following CVEs: CVE-2022-25748 has a CVSS score of 9.8 CVE-2022-25718 has a CVSS score of 9.1 CVE-2022-25720 has a CVSS score of 9.8 CVE-2022-25720 has a CVSS score of 9.8

Wireless

Wireless Mobile Encryption Firmware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. hard drive, storage device, the cloud).

Ransomware

Ransomware Antivirus Passwords Malware

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The CVE-2022-47391 received a severity rating of 7.5, The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. ” reads the advisory published by Microsoft.

Authentication

Authentication Firmware Hacking Passwords

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Potential results of the exploits include authentication bypass and command injection. January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. Versions 9.x

Firewall

Firewall Firmware IoT Authentication

After Log4j, December’s Patch Tuesday has snuck up on us

Malwarebytes

DECEMBER 16, 2021

No form of authentication is required for exploitation. Once installed, use the Update & security section of the app to download and install the latest firmware. When the second phase of Windows updates become available in Q1 2022, customers will be notified via a revision to the security vulnerability.

Wireless

Wireless Passwords Firmware Authentication

FBI issues advisory over Play ransomware

Malwarebytes

DECEMBER 19, 2023

According to the FBI, Play made around 300 victims between June 2022 and October 2023 among a wide range of businesses and critical infrastructure in North America, South America, and Europe. This means they steal data as well as encrypting systems and then threaten to publish the stolen data on their Dark Web leak site.

Ransomware

Ransomware Backups Encryption Firmware

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Security Affairs

MARCH 3, 2023

Both vulnerabilities were reported in November 2022 by cybersecurity firm Quarkslab. “An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing access to sensitive data. In some cases, the attacker can also overwrite protected data in the TPM firmware. ” states Quarkslab.

Firmware

Firmware IoT Authentication Hacking

Ransomware: February 2022 review

Chipmaker Qualcomm warns of three actively exploited zero-days

Trending Sources

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

HID Mercury Access Controller flaws could allow to unlock Doors

Ransomware: March 2022 review

Zyxel addressed a critical RCE flaw in its NAS devices

IT threat evolution Q3 2022

Ransomware: April 2022 review

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Zyxel fixes a critical bug in its business firewall and VPN devices

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

D-Link fixes two critical flaws in D-View 8 network management suite

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Best Disaster Recovery Solutions for 2022

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Enhance your security posture by detecting risks on authenticator devices

CISA advises D-Link users to take vulnerable routers offline

Update now! Zyxel patches critical firewall bypass vulnerability

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Arris router vulnerability could lead to complete takeover

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Criminal group busted after stealing hundreds of keyless cars

The secrets of Schneider Electric’s UMAS protocol

Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday

Experts released PoC exploits for severe flaws in Netgear Orbi routers

CISA Order Highlights Persistent Risk at Network Edge

Enhance your security posture by detecting risks on authenticator devices

Two critical flaws affect CODESYS ICS Automation Software

Router security in 2021

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

PoC exploit code for critical Realtek RCE flaw released online

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Android vulnerabilities could allow arbitrary code execution

BlackCat Ransomware gang breached over 60 orgs worldwide

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

VulnRecap 1/16/24 – Major Firewall Issues Persist

After Log4j, December’s Patch Tuesday has snuck up on us

FBI issues advisory over Play ransomware

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Stay Connected