2023, Firmware and Internet - Cyber Security Informer

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

JUNE 8, 2023

On May 19, Barracuda identified that the malicious traffic was taking advantage of a previously unknown vulnerability in its ESG appliances, and on May 20 the company pushed a patch for the flaw to all affected appliances ( CVE-2023-2868 ). “That’s not a ransomware actor, that’s a state actor.

Firmware

Firmware Malware Software Ransomware

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.” MR5 (18.5.5), v19.0

Firmware

Firmware Firewall Internet Internet

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

. “Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” in newer ones. ” concludes the report.

Manufacturing

Manufacturing Malware Firmware IoT

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. ” In details published on June 12 , Fortinet confirmed that one of the vulnerabilities ( CVE-2023-27997 ) is being actively exploited. .”

Risk

Risk VPN Internet Internet

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall

Firewall Hacking Firmware Internet

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. The problem: The vulnerabilities ( CVE-2023-39238 , CVE-2023-39239 and CVE-2023-39240 ), with a CVSS v3.1 score of 9.8

VPN

VPN Authentication Firmware Phishing

Massive Surge in DDoS Attacks Reported in First Quarter of 2023

CyberSecurity Insiders

APRIL 12, 2023

StormWall , a premier cybersecurity firm specializing in the defense of websites, networks, and online services from Distributed Denial of Service (DDoS) attacks, has published an in-depth report on the DDoS landscape during the first quarter of 2023.

DDOS

DDOS Telecommunications Data breaches DNS

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The experts reported the two vulnerabilities to the respective vendors, but they plan to release the fixes in December 2023. and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware

Firmware Wireless DDOS IoT

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software

Software Education Ransomware Firmware

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT

IoT DDOS Passwords Malware

ASUS routers are affected by three critical remote code execution flaws

Security Affairs

SEPTEMBER 6, 2023

The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_iperf3_svr.cgi API has a format string vulnerability. This function does not properly verify the input format string.

Firmware

Firmware Hacking Internet Internet

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

JULY 19, 2023

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 While the threat actor infrastructure might request Net-NTLMv2 authentication, Windows will honor the defined internet security zones and will not send (leak) Net-NTLMv2 hashes.

Firmware

Firmware Internet Internet Government

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.

Scams

Scams DDOS Cryptocurrency Accountability

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN DDOS

Zyxel patches two critical vulnerabilities

Malwarebytes

MAY 26, 2023

Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface. Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware

Firmware VPN Firewall Accountability

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. through 5.35.

Firewall

Firewall Firmware Cyber Attacks VPN

SonicWall addressed an improper access control issue in its firewalls

Security Affairs

AUGUST 26, 2024

However SonicWall recommends youinstall the latest firmware. Users unable to address the issue should restrict firewall management access to trusted sources or disable WAN management access from the internet. .” Below are the impacted versions: Impacted Platforms Impacted Versions SOHO (Gen 5) 5.9.2.14-12o

Firewall

Firewall Firmware Malware Internet

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS

DDOS Firmware VPN Firewall

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

“Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Hacking

Hacking Firmware Authentication DNS

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale. In 2023, the U.S.

IoT

IoT Government Internet Internet

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware

Firmware VPN Wireless Passwords

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

The researchers discovered eight vulnerabilities that impact thousands of internet-connected devices worldwide. The experts demonstrated multiple attack vectors, including the exploitation of flaws in internet-exposed services, cloud account takeover, and the exploitation of flaws in the cloud infrastructure. through 00.07.03.4

Hacking

Hacking Internet Internet Manufacturing

SonicWall warns that SonicOS bug exploited in attacks

Security Affairs

SEPTEMBER 6, 2024

The vendor also provided a workaround to minimize potential risks, they recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. Similarly, for SSLVPN, ensure that access is limited to trusted sources or disable SSLVPN access from the Internet. 5035 and older versions.

Firewall

Firewall Passwords Internet Internet

Barracuda SecureEdge SASE Review 2023

eSecurity Planet

SEPTEMBER 22, 2023

These one, three, and five year subscriptions provide enhanced support for the hardware, firmware maintenance, security updates, and optional participation in early-release firmware updates. Subscribe The post Barracuda SecureEdge SASE Review 2023 appeared first on eSecurity Planet. You can unsubscribe at any time.

Firewall

Firewall Marketing Firmware Technology

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. In 2023 attacks observed by Lumen, the bot targeted ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380 router models. The attack only impacted a single ASN.

Malware

Malware Internet Internet Firmware

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware

Firmware Passwords Manufacturing Mobile

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Malwarebytes

MAY 8, 2023

On April 7, 2023 MSI (Micro-Star International) released a statement confirming a cyberattack on part of its information systems. The Money Message gang claimed to have stolen 1.5TB of data during the attack, including firmware, source code, and databases. Among them are household names like Lenovo and HP. Prevent intrusions.

Firmware

Firmware Ransomware Backups Malware

Reducing your attack surface is more effective than playing patch-a-mole

Malwarebytes

JUNE 21, 2023

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-02. Zyxel warned its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.

Internet

Internet Internet Firmware Cyber Risk

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. While Teslas aren’t the typical business IoT device, their connection to the internet makes them a cyber threat as much as your business’s other IoT technology.

Hacking

Hacking IoT Firmware Cybersecurity

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

The Last Watchdog

JUNE 27, 2023

June 27, 2023 – The industry is vying for ever-increasing gigabyte capacities. The models of the EM-30 and S-56(u) series, which are available as an embedded component in the form of an e.MMC or as flexible, interchangeable SD memory cards, offer maximum reliability due to proven firmware architecture. Westford, Mass.,

IoT

IoT Manufacturing Media Technology

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

The nine vulnerabilities have received CVE between CVE-2023-3259 through CVE-2023-3267. Below is the list of flaws discovered by the researchers: CyberPower PowerPanel Enterprise: CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7) CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5)

Hacking

Hacking Firmware Authentication Software

QNAP fixed Sudo privilege escalation bug in NAS devices

Security Affairs

MARCH 29, 2023

Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. Go to Control Panel > System > Firmware Update. Go to Control Panel > System Settings > Firmware Update. Click Update System.

Firmware

Firmware Hacking Internet Internet

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure. Below is the timeline of the attack published on ruexfil.com: Initial access June 2023. Access to 112 Emergency Service.

Malware

Malware Firmware IoT Hacking

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

The vulnerability can be tracked as CVE-2023-29357. January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. The report didn’t become publicly available until January 11.

Firewall

Firewall Firmware IoT Authentication

FujiFilm printer credentials encryption issue fixed

Pen Test Partners

OCTOBER 31, 2023

This has been given the ID CVE-2023-46327. This led him to reverse engineering the firmware to identify how the CipherValue (AKA the password) was derived. We identified 1917 of these devices exposed on the internet. 30 th June 2023 – Acceptance of vulnerability. 31 st October 2023 – Advisories and patches released.

Encryption

Encryption Passwords Firmware Engineering

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking

Banking Malware Computers and Electronics Mobile

An educational robot security research

SecureList

FEBRUARY 27, 2024

” For instance, educational robots that connect to the internet and support video calls. ” Interactive features include gaming and educational applications for children, a voice assistant, internet access and connection to the parent app for smartphones. In other words, this is a “tablet on wheels.”

Education

Education Manufacturing Internet Internet

Patch Management vs Vulnerability Management: What’s the Difference?

eSecurity Planet

APRIL 28, 2023

Third-party vendor systems include Operating Systems (OS), firmware (software installed on hardware), and applications. but also applies to firmware that controls equipment such as hard drives, network routers, and security cameras. The most common patch requirements will be for endpoint operating systems (macOS, Windows, etc.)

Penetration Testing

Penetration Testing IoT Firmware Software

Your SOHO Router is a Juicy Target for Hackers

Security Boulevard

AUGUST 14, 2024

To backtrack a little , it's important to understand that a lot of threat actors target routers - which can include modems and gateways - alongside internet-of-things (IoT devices). Security vulnerabilities in router firmware is too large of a topic to cover in just a section of this post.

Firmware

Firmware Manufacturing Malware Passwords

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs

MARCH 22, 2023

Netgear addressed the flaws with the release of the firmware version 4.6.14.3 on January 19, 2023. The security firm is not aware of attacks in the wild exploiting these flaws. “Users are encouraged to update these affected products as soon as possible: Netgear Orbi Satellite RBS750, version 4.6.8.5.

Wireless

Wireless Firmware Authentication Passwords

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Ransomware Artificial Intelligence

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Trending Sources

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

CISA Order Highlights Persistent Risk at Network Edge

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Massive Surge in DDoS Attacks Reported in First Quarter of 2023

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Overview of IoT threats in 2023

ASUS routers are affected by three critical remote code execution flaws

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

Interview With a Crypto Scam Investment Spammer

Widespread exploitation by botnet operators of Zyxel firewall flaw

Zyxel patches two critical vulnerabilities

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

SonicWall addressed an improper access control issue in its firewalls

Multiple DDoS botnets were observed targeting Zyxel devices

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

ASUS addressed critical flaws in some router models

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

SonicWall warns that SonicOS bug exploited in attacks

Barracuda SecureEdge SASE Review 2023

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Reducing your attack surface is more effective than playing patch-a-mole

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

QNAP fixed Sudo privilege escalation bug in NAS devices

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

VulnRecap 1/16/24 – Major Firewall Issues Persist

FujiFilm printer credentials encryption issue fixed

IT threat evolution Q1 2024

An educational robot security research

Patch Management vs Vulnerability Management: What’s the Difference?

Your SOHO Router is a Juicy Target for Hackers

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Stay Connected