Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware 98

Firmware Hacking Cybersecurity Internet 98

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware 111

Firmware Engineering Ransomware Malware 111

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019).

Phishing 141

Phishing Spyware Firmware Malware 141

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking 132

Hacking Firmware Internet Internet 132

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. SOCKS tunneling — Relay communication between different clients.

Firmware 98

Firmware Encryption Government Malware 98

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. Similarly, at the beginning of February 2022, we noticed a huge spike in the amount of activity related to Gamaredon C&C servers. It directly affected satellite modems firmwares , but was still to be understood as of mid-March.

DDOS 144

DDOS Ransomware Government Energy and Utilities 144

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. The most severe flaw is an integer overflow to buffer overflow in Automotive tracked as CVE-2022-33219 (CVSS Score 9.3). SecurityAffairs – hacking, Moshen Dragon). ” reads the advisory. .”

Firmware 98

Firmware Manufacturing Software Hacking 98

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. “CVE-2022-22071 was included in our May 2022 public bulletin. ” reads the advisory.

Firmware 133

Firmware Surveillance Authentication Manufacturing 133

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” ” The attack chain starts with the exploitation of the CVE-2022-42475 vulnerability for FortiGate devices. .” COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware 141

Malware Firmware VPN Backups 141

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Non-mobile statistics.

Malware 133

Malware Computers and Electronics Adware Cryptocurrency 133

Security Affairs

FEBRUARY 1, 2023

On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. Censys concludes.

Internet 98

Internet Internet Firmware IoT 98

Security Affairs

NOVEMBER 9, 2022

Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Firmware 114

Firmware Manufacturing Hacking Software 114

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. and its employee Guan Tianfeng for hacking U.S. ” The U.S.

Firewall 84

Firewall Hacking Malware Passwords 84

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware 116

Firmware Penetration Testing Manufacturing Authentication 116

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile 111

Mobile Hacking Firmware Surveillance 111

Security Affairs

NOVEMBER 2, 2024

Between 2020 and 2022, attackers launched multiple campaigns to exploit zero-day vulnerabilities in publicly accessible network appliances, focusing on WAN-facing services. Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices.

Firmware 129

Firmware Government Firewall Malware 129

Security Affairs

NOVEMBER 28, 2022

The experts explained that the flaw, tracked as CVE-2022-4020 , is similar to the Lenovo vulnerabilities the company disclosed earlier this month. CVE -2022-4020 is found in the DXE driver HQSwSmiDxe , which checks for the “BootOrderSecureBootDisable” NVRAM variable (notice the same name as in case of Lenovo’s #CVE -2022-3431). #CVE

Firmware 142

Firmware Hacking Information Security 142

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. SecurityAffairs – hacking, ABB Totalflow).

Firmware 145

Firmware Authentication Passwords Manufacturing 145

Security Affairs

SEPTEMBER 19, 2022

The FunJSQ module is used in various Netgear routers and Orbi WiFi systems, the issues affecting it were discovered in May 2022 and are now fixed. “Back in May 2022, we discovered FunJSQ , a third-party gaming speed-improvement service by China-based Xiamen Xunwang Network Technology Co., SecurityAffairs – hacking, NETGEAR).

Firmware 121

Firmware Passwords Technology Hacking 121

Security Affairs

MARCH 9, 2022

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices.

Firmware 102

Firmware IoT Authentication Backups 102

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware 142

Firmware Wireless DDOS IoT 142

Security Affairs

JULY 15, 2022

Dragos experts investigated an infection of DirectLogic PLCs from Automation Direct, they performed reverse engineering of the password cracking tool and discovered it did not crack the password at all, rather, it exploited a vulnerability in the firmware to retrieve the password on command. SecurityAffairs – hacking, Sality malware).

Passwords 136

Passwords Software Firmware Malware 136

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. SecurityAffairs – hacking, Zyxel).

Firewall 108

Firewall Firmware Authentication VPN 108

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” 13 Sep 2022: Details sent to ZyXEL.

Firmware 98

Firmware Passwords Hacking Cybersecurity 98

Security Affairs

MARCH 22, 2022

HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS score 8.4), that could lead to remote code execution on vulnerable devices. HP already addressed the flaw with the release of firmware security updates for the majority of the affected devices. SecurityAffairs – hacking, RCE).

Firmware 98

Firmware Hacking Data breaches Information Security 98

Security Affairs

APRIL 1, 2022

Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 5 in May 2022. The vendor is recommending customers to install the firmware updates for optimal protection. . through ZLD V4.70 through V1.33

Firewall 111

Firewall VPN Firmware Authentication 111

Security Affairs

MAY 13, 2022

Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) Zyxel silently addressed the flaw by releasing security updates on April 28, 2022, Rapid7 pointed out that this choice leaves defenders in the dark and only advantage the attackers. If possible, enable automatic firmware updates.

Firewall 98

Firewall Firmware VPN Wireless 98

Security Affairs

SEPTEMBER 19, 2022

Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. “[CVE-2022-36158] – Hidden system command web page. .

Wireless 105

Wireless Firmware Passwords Engineering 105

Security Affairs

FEBRUARY 9, 2024

In December 2023, Fortinet urged its customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices. The malware survives reboots and firmware upgrades.

VPN 138

VPN Firmware Malware Government 138

Security Affairs

AUGUST 22, 2024

It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. In order to protect Dahua devices, users have to install the latest firmware version.

Authentication 138

Authentication Firmware Hacking Engineering 138

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the analysis.

Firewall 141

Firewall Firmware Cyber Attacks VPN 141

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. SecurityAffairs – hacking, DrayTek Vigor).

Hacking 102

Hacking Internet Internet Passwords 102

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology also warns customers of other three flaws, tracked as CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 that could allow remote attackers to run arbitrary code on affected devices. SecurityAffairs – hacking, Synology). Critical Upgrade to 7.1-42661-1 42661-1 or above.

Firmware 114

Firmware Hacking Cybersecurity Internet 114