Remove 2023 Remove Firmware Remove Information Security
article thumbnail

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.” MR5 (18.5.5), v19.0

Firmware 137
article thumbnail

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

article thumbnail

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Security Affairs

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. The bootkit hooks UEFI authentication functions to bypass the Secure Boot mechanism and patches GRUB boot loader functions to evade additional integrity verifications.

Firmware 113
article thumbnail

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Security Affairs

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware 131
article thumbnail

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. ” states CERT/CC. . ” states CERT/CC. . ” states CERT/CC.

Firmware 137
article thumbnail

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Security Affairs

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. The vulnerability was reported to the vendor in August 2023 and was addressed by the vendor in November 2023.

Firmware 139