Bleeping Computer

DECEMBER 12, 2023

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [.]

Firewall 105

Firewall Firmware 105

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8)

Firewall 98

Firewall Firmware VPN Wireless 98

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 5 in May 2022.

Firewall 105

Firewall VPN Firmware Authentication 105

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Malwarebytes

APRIL 4, 2022

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Affected series Affected firmware version Patch availability USG/ZyWALL ZLD V4.20 Patch 5 in May 2022. The vulnerability. through ZLD V4.70 USG FLEX ZLD V4.50

Firewall 90

Firewall Firmware VPN Authentication 90

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall 110

Firewall Firmware IoT Authentication 110

eSecurity Planet

DECEMBER 10, 2023

Firewalls monitor and control incoming and outgoing traffic while also preventing unauthorized access. Overlapping rules may impair firewall efficiency or expose flaws that allow attackers to circumvent regulations. Choose a centralized platform that is interoperable with several firewall suppliers.

Firewall 121

Firewall Network Security Backups Education 121

DoublePulsar

JANUARY 15, 2025

The data appears to have been assembled in October 2022, as a zero day vuln. The sowhat Even if you patched back in 2022, you may still have been exploited as the configs were dumped years ago and only just releasedyou probably want to find out when you patched this vuln. 2022 zero day was used to raid Fortigate firewall configs.

Firewall 79

Firewall VPN Passwords Firmware 79

Hacker Combat

SEPTEMBER 22, 2022

Customers can access their devices through the web using this cloud platform without directly exposing them to the internet, allowing them to keep the devices hidden behind a firewall or network address translation (NAT) router. CVE-2022-3183 through CVE-2022-3189 are the CVE identifiers given to the seven vulnerabilities.

Firmware 130

Firmware Firewall Manufacturing Internet 130

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. 11)C0 and earlier V5.21(AAZF.12)C0

Firewall 103

Firewall Firmware Authentication VPN 103

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

Firewall 134

Firewall Firmware Cyber Attacks VPN 134

Security Affairs

JUNE 13, 2023

“For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. through 6.2.13

Firewall 98

Firewall VPN Firmware Manufacturing 98

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. released June 1, 2022). Unfortunately the Arris firmware is based on the vulnerable version of muhttpd. Derek Abdine found several vulnerabilities, one of which is: CVE-2022-31793 : Path traversal from the filesystem root.

Firmware 145

Firmware Internet Internet Passwords 145

Security Affairs

SEPTEMBER 6, 2024

. “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” However SonicWall recommends youinstall the latest firmware. 5035 and older versions.

Firewall 125

Firewall Passwords Internet Internet 125

CyberSecurity Insiders

NOVEMBER 1, 2022

Back then, endpoint security focused on computers, which meant the installation of antivirus, malware protection, firewall, and (sometimes) VPN in every computer. These ignored, forgotten, and un-updated (OS/firmware) connected devices can become vulnerabilities exploited by cybercriminals to gain access to networks and cloud resources.

IoT 120

IoT Antivirus Threat Detection Cyber threats 120

Security Affairs

JANUARY 8, 2022

SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. x firmware in MySonicWall downloads section for TZ, NSA and SOHO platforms. Junk Store 7.6.9

Firewall 105

Firewall Engineering Firmware Malware 105

Malwarebytes

MAY 26, 2023

Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls. Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 93

Firmware VPN Firewall Accountability 93

Krebs on Security

AUGUST 12, 2022

That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software. On July 20, 2022, the researcher referred to other potential issues, and we trust the researcher will provide more detail. Anything lower than version 4.1

Firmware 241

Firmware Manufacturing Passwords Software 241

Security Affairs

JANUARY 15, 2025

released in October 2022. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” ” reported Heise Security. We can exclude the circumstance that the attackers may have compromised Fortinet.

VPN 90

VPN Passwords Firewall Firmware 90

Security Affairs

MARCH 17, 2023

An alleged Chinese threat actor group is behind attacks on government organizations exploiting a Fortinet zero-day flaw (CVE-2022-41328). A suspected China-linked group is exploiting a Fortinet zero-day vulnerability, tracked as CVE-2022-41328 , in attacks aimed at government organizations.

Firewall 98

Firewall Manufacturing Government Firmware 98

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. Upgrade to the latest firmware version.

Energy and Utilities 132

Energy and Utilities Government Firewall Malware 132

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 267

Risk VPN Internet Internet 267

SecureList

JULY 19, 2023

However, a later sample appeared (in a different format – TNEF attachment in.eml – that was not detected by the first version of the YARA rule used by VirusTotal) with a “FirstSeen VT” timestamp of 2022-04-01 and a received timestamp in the mail header of 2022-03-18.

Firmware 98

Firmware Internet Internet Government 98

Security Affairs

JANUARY 25, 2022

The CVE-2021-20038 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 37sv, 10.2.1.1-19sv, 19sv, 10.2.1.2-24sv 24sv and earlier versions.”

Mobile 98

Mobile Passwords Firmware Firewall 98

Security Affairs

APRIL 6, 2022

“The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. ” reads the press release published by DoJ.

Malware 98

Malware Government Firmware Firewall 98

Security Affairs

MAY 16, 2023

. “Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.” through 00.07.03.4

Hacking 98

Hacking Internet Internet Manufacturing 98

Malwarebytes

MARCH 29, 2022

On March 17, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) published an al e rt in conjunction with the Federal Bureau of Investigation (FBI) which warned of possible threats to US and international satellite communication (SATCOM) networks. pic.twitter.com/Cy1kiAN0bc — NB65 (@xxNB65) March 1, 2022.

Cybersecurity 84

Cybersecurity Internet Internet Technology 84

Malwarebytes

AUGUST 16, 2022

The advisory contains indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware variants identified through FBI investigations as recently as June 21, 2022. The CSA mentions RDP exploitation , SonicWall firewall exploits, and phishing campaigns.

Ransomware 93

Ransomware Backups Passwords Authentication 93

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. released June 1, 2022). Unfortunately the Arris firmware is based on the vulnerable version of muhttpd. Derek Abdine found several vulnerabilities, one of which is: CVE-2022-31793 : Path traversal from the filesystem root.

Firmware 58

Firmware Internet Internet Passwords 58

eSecurity Planet

MARCH 23, 2022

The DazzleSpy backdoor software had interesting features to foil detection, including end-to-end encryption to avoid firewall inspection as well as a feature that cut off communication if a TLS-inspection proxy was detected. Use web application firewalls to protect exposed web apps. See the Top Secure Email Gateway Solutions.

Firewall 110

Firewall Malware Phishing Software 110

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 116

Banking Malware Computers and Electronics Mobile 116

Security Affairs

OCTOBER 22, 2022

The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. Daixin Team also exfiltrated data from victim systems using Rclone and Ngrok tools.

Ransomware 79

Ransomware VPN Cybercrime Accountability 79

eSecurity Planet

MAY 19, 2022

Veteran system administrators know traditional networks to be the physical hardware – switches, routers, and firewalls – connecting and controlling network traffic for an organization. Next-Generation Firewalls (NGFW) and FWaaS. Next-generation firewalls ( NGFW ) are critical for enterprise network traffic.

Firewall 58

Firewall Architecture Software Backups 58

SecureList

MARCH 14, 2022

On March 10, 2022 Kaspersky’s Global Research and Analysis Team (GReAT) shared their insights into the current (and past) cyberattacks in Ukraine. We advise organizations to: Take typical measures against DDoS attacks, ransomware and destructive malware, phishing, targeted attacks, supply-chain attacks and firmware attacks.

DDOS 120

DDOS Internet Internet Firmware 120

Kali Linux

NOVEMBER 27, 2022

In Secure Kali Pi (2022) , the first blog post in the Raspberry Pi series, we set up a Raspberry Pi 4 with full disk encryption. author: Broadcom Corporation firmware: brcm/brcmfmac*-sdio.*.bin bin firmware: brcm/brcmfmac*-sdio.*.txt We mentioned that we can leave it somewhere as a drop box. wireless LAN fullmac driver.

Firmware 52

Firmware Wireless Passwords VPN 52

SecureList

SEPTEMBER 21, 2023

DeadBolt, which affected thousands of QNAP NAS devices in 2022, is a prominent example of IoT ransomware. The attack took advantage of CVE-2022-27593 , a vulnerability that allowed bad actors to modify system files on the box. The most commonly used preemptive tactic is adding firewall rules that block incoming connection attempts.

IoT 135

IoT DDOS Passwords Malware 135

eSecurity Planet

MAY 2, 2024

Deny-lists (aka: blacklist) : Blocks specific websites or IP addresses by adding them to a list for firewalls to ignore; very difficult to manage at scale. Next generation (NGFW) or web and application firewalls (WAF) : Include DDoS protection within the large number of features and capabilities to protect network traffic.

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122