2022, Authentication and Firmware - Cyber Security Informer

APT trends report Q2 2022

SecureList

JULY 28, 2022

This is our latest installment, focusing on activities that we observed during Q2 2022. In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). The most remarkable findings.

Malware

Malware Firmware Phishing Cryptocurrency

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. “CVE-2022-22071 was included in our May 2022 public bulletin. CVE-2023-28540 : Improper Authentication in Data Modem.

Firmware

Firmware Surveillance Authentication Manufacturing

Ransomware: February 2022 review

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal).

Ransomware

Ransomware Phishing Accountability Technology

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Ransomware: March 2022 review

Malwarebytes

APRIL 11, 2022

In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services.

Ransomware

Ransomware Accountability Technology Firmware

Ransomware: April 2022 review

Malwarebytes

MAY 6, 2022

April 2022 was most notable for the emergence of three new ransomware-as-a-service ( RaaS ) groups— Onyx , Mindware , and Black Basta —as well as the unwelcome return of REvil , one of the world’s most notorious and dangerous ransomware operations. Ransomware attacks in April 2022. Known ransomware attacks in April 2022 by country.

Ransomware

Ransomware Encryption Accountability Technology

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. .”

Firmware

Firmware Passwords Authentication Manufacturing

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. 11)C0 and earlier V5.21(AAZF.12)C0

Firewall

Firewall Firmware Authentication VPN

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

The Hacker News

MAY 13, 2022

SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1.

Firmware

Firmware Mobile Authentication

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication

Authentication Firmware Hacking Engineering

Zyxel fixes a critical bug in its business firewall and VPN devices

Security Affairs

APRIL 1, 2022

Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. “Zyxel has released patches for products affected by the authentication bypass vulnerability. Patch 5 in May 2022. Patch 5 in May 2022.

Firewall

Firewall VPN Firmware Authentication

IT threat evolution Q3 2022

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Non-mobile statistics.

Malware

Malware Computers and Electronics Adware Cryptocurrency

Best Disaster Recovery Solutions for 2022

eSecurity Planet

JULY 8, 2022

“With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS. Identity and access management with role-based access control and multi-factor authentication is available.

Backups

Backups Ransomware Technology Marketing

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Malwarebytes

JANUARY 12, 2022

Microsoft yesterday released the first patch Tuesday security updates of the year 2022. Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” It’s unclear if Server 2022 is similarly impacted. CVE-2022-21836 allows an attacker to bypass a security feature.

Authentication

Authentication Firmware Passwords Technology

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Cybersecurity

Cybersecurity Digital transformation Computers and Electronics Encryption

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware

Firmware Authentication Software Hacking

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated.

Firmware

Firmware IoT Authentication Backups

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Thu, 03/17/2022 - 09:46. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Anonymous (not verified). Continuous Risk Detection.

Authentication

Authentication Risk Mobile Computers and Electronics

Update now! Zyxel patches critical firewall bypass vulnerability

Malwarebytes

APRIL 4, 2022

Zyxel says the vulnerability, listed as CVE-2022-0342 , is an authentication bypass vulnerability caused by the lack of a proper access control mechanism, which has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device.

Firewall

Firewall Firmware VPN Authentication

CISA advises D-Link users to take vulnerable routers offline

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease. CISA catalog.

Firmware

Firmware Software Risk Authentication

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

.” The vulnerabilities, tracked as CVE-2023-27357 , CVE-2023-27367 , CVE-2023-27368 , CVE-2023-27369 , CVE-2023-27370 , were demonstrated by Claroty researchers during the 2022 Pwn2Own Toronto hacking contest as part of an exploit. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Hacking

Hacking Firmware Authentication DNS

2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.

DoublePulsar

JANUARY 15, 2025

The data appears to have been assembled in October 2022, as a zero day vuln. The sowhat Even if you patched back in 2022, you may still have been exploited as the configs were dumped years ago and only just releasedyou probably want to find out when you patched this vuln. In other words, the data is authentic.

Firewall

Firewall VPN Passwords Firmware

Arris router vulnerability could lead to complete takeover

Malwarebytes

FEBRUARY 16, 2023

Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company.

Firmware

Firmware Authentication Passwords Internet

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication

Authentication Firmware Hacking Engineering

Criminal group busted after stealing hundreds of keyless cars

Malwarebytes

OCTOBER 18, 2022

Europol said it's supported the investigation since March 2022 by providing extensive analysis and the dissemination of intelligence packages to each of the affected countries. Vulnerabilities in the keyless entry systems have been found in the firmware of other car manufactures. Mitigation.

Firmware

Firmware Manufacturing Software Authentication

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk

Risk VPN Internet Internet

Unanswered Questions Loom Over Cyber Attacks on M&S, Co-op & Harrods

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. Using strong, unique passwords and enabling multi-factor authentication (MFA) or preferably passkeys wherever possible remains vital.

Cyber Attacks

Cyber Attacks Retail Cyber threats Backups

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. “An

Firewall

Firewall Firmware Cyber Attacks VPN

Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday

Malwarebytes

MARCH 9, 2022

The updates for Microsoft’s March 2022 Patch Tuesday should fix 92 vulnerabilities, including three zero-day vulnerabilities. CVE-2022-21990 : A Remote Desktop Client remote code execution vulnerability. CVE-2022-24512 : A.NET and Visual Studio Remote Code Execution vulnerability. Remote Desktop Client. Exchange Server.

Authentication

Authentication Accountability Firmware

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: “An attacker can make an authenticated HTTP request to trigger this vulnerability.” ” states Talos. on January 19, 2023.

Wireless

Wireless Firmware Authentication Passwords

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Thu, 03/17/2022 - 09:46. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Anonymous (not verified). Continuous Risk Detection.

Authentication

Authentication Risk Mobile Computers and Electronics

The secrets of Schneider Electric’s UMAS protocol

SecureList

SEPTEMBER 29, 2022

In 2020, CVE-2020-28212 , a vulnerability affecting this software, was reported, which could be exploited by a remote unauthorized attacker to gain control of a PLC with the privileges of an operator already authenticated on the controller. The procedure acts as authentication. In firmware versions prior to 2.7

Firmware

Firmware Passwords Authentication Engineering

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

But first, let’s examine how they fared with the predictions for 2022. What we predicted in 2022. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors. Mobile devices exposed to wide attacks. Source: Meta.

Firmware

Firmware Surveillance Mobile Telecommunications

Router security in 2021

SecureList

JUNE 8, 2022

Number of router vulnerabilities according to cve.mitre.org, 2010–2022 ( download ). Number of router vulnerabilities according to nvd.nist.gov, 2010–2022 ( download ). search for smart devices with the default password in the summer of last year revealed more than 27,000 hits, a similar search in April 2022 returned only 851.

DDOS

DDOS Passwords IoT Firmware

PoC exploit code for critical Realtek RCE flaw released online

Security Affairs

AUGUST 18, 2022

The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek’s RTL819x system on a chip was released online. ” reads the advisory published by Realtek, which published the issue in March 2022. exploits_nexx t: PoC and exploit code.

Firmware

Firmware IoT Hacking Authentication

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

Two of these vulnerabilities, tracked as CVE-2022-31805 and CVE-2022-31806, have been rated critical (CVSS scores: 9.8), 7 as high risk, and 2 as medium risk. recommending vendors who use CODESYS V2 Runtime to investigate themselves in time, and actively to fix and release the patched version of firmware.

Software

Software Manufacturing Firmware Risk

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

Android vulnerabilities could allow arbitrary code execution

Malwarebytes

OCTOBER 6, 2022

The critical Qualcomm vulnerabilities all relate to the WLAN component and have the following CVEs: CVE-2022-25748 has a CVSS score of 9.8 CVE-2022-25718 has a CVSS score of 9.1 CVE-2022-25720 has a CVSS score of 9.8 CVE-2022-25720 has a CVSS score of 9.8

Wireless

Wireless Mobile Encryption Firmware

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The CVE-2022-47391 received a severity rating of 7.5, The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. ” reads the advisory published by Microsoft.

Authentication

Authentication Firmware Hacking Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. hard drive, storage device, the cloud).

Ransomware

Ransomware Antivirus Passwords Malware

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Potential results of the exploits include authentication bypass and command injection. January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. Versions 9.x

Firewall

Firewall Firmware IoT Authentication

APT trends report Q2 2022

Chipmaker Qualcomm warns of three actively exploited zero-days

Webinars

Trending Sources

Ransomware: February 2022 review

Webinars

Ransomware: March 2022 review

Ransomware: April 2022 review

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

HID Mercury Access Controller flaws could allow to unlock Doors

Zyxel addressed a critical RCE flaw in its NAS devices

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Zyxel fixes a critical bug in its business firewall and VPN devices

IT threat evolution Q3 2022

Best Disaster Recovery Solutions for 2022

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

D-Link fixes two critical flaws in D-View 8 network management suite

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Enhance your security posture by detecting risks on authenticator devices

Update now! Zyxel patches critical firewall bypass vulnerability

CISA advises D-Link users to take vulnerable routers offline

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.

Arris router vulnerability could lead to complete takeover

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Criminal group busted after stealing hundreds of keyless cars

CISA Order Highlights Persistent Risk at Network Edge

Unanswered Questions Loom Over Cyber Attacks on M&S, Co-op & Harrods

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Enhance your security posture by detecting risks on authenticator devices

The secrets of Schneider Electric’s UMAS protocol

Advanced threat predictions for 2023

Router security in 2021

PoC exploit code for critical Realtek RCE flaw released online

Two critical flaws affect CODESYS ICS Automation Software

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Android vulnerabilities could allow arbitrary code execution

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

BlackCat Ransomware gang breached over 60 orgs worldwide

VulnRecap 1/16/24 – Major Firewall Issues Persist

Stay Connected