Accountability and Firmware - Cyber Security Informer

Weekly Update 211

Troy Hunt

OCTOBER 2, 2020

And then there's Scott's Grindr account. This week there's a lot of connected things: connected shoes, connected garage camera and connected GoPro. Actually, since recording this weekly update the details of the issue have now been released so I'll talk about that in more detail next week. References My shoes are connected!

Firmware

Firmware Phishing Accountability

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. In the last year, there have been several public accounts on the ongoing trend of UEFI threats. What happened?

Firmware

Firmware Malware Encryption Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware

Firmware Passwords Internet Internet

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT

IoT Government Firmware Hacking

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted).

Passwords

Passwords Authentication Firmware Accountability

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. “This DNS misconfiguration could have been done by accident, or as a malicious modification by a threat actor with access to the domains registrar account. v=spf1 include:example.com -all ) and denies others.

DNS

DNS Malware Firmware Authentication

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

MARCH 19, 2020

Use a Strong and Unique Password: Discourage employees from reusing passwords that are linked to other accounts. Update the Firmware: Router manufacturers are constantly issuing updates and patches for newly discovered firmware vulnerabilities. Otherwise, it can easily be accessed and potentially compromised.

Wireless

Wireless Firmware Firewall Manufacturing

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Encryption

Five Ways to Secure Your Home Office Webcam

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware

Firmware Manufacturing Passwords Software

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. Patch1 in Dec. patch 0).

Firewall

Firewall VPN Firmware Passwords

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Malware

Malware Cryptocurrency Mobile Firmware

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

.” The vendor addressed these vulnerabilities with the release of firmware version 5.39 The company urges users to update admin and user account passwords for enhanced protection. Users are advised to update ALL administrators and ALL User accounts for optimal protection.”

Firewall

Firewall Ransomware VPN Firmware

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

Security Affairs

FEBRUARY 18, 2025

The vulnerabilities are: CVE-2024-12511: SMB / FTP pass-back vulnerability CVE-2024-12510: LDAP pass-back vulnerability The vulnerabilities impact Xerox Versalink MFPs and Firmware Version: 57.69.91 This attack requires access to the MFP printer admin account and an already configured LDAP service. and earlier.

Firmware

Firmware Authentication Accountability Passwords

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

Threat actors gained unauthorized access to network devices, created accounts, and modified configurations. ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14 They added new local accounts to VPN groups or directly to SSL VPN portals. ” concludes the report.

Firewall

Firewall VPN Accountability Firmware

Triada strikes back

SecureList

APRIL 25, 2025

With time, the vulnerabilities were patched, and restrictions were added to the firmware. Attackers are leveraging this by embedding malicious software into Android device firmware. Attackers are now embedding a sophisticated multi-stage loader directly into device firmware. oat ) located in the same directory.

Cryptocurrency

Cryptocurrency Malware Firmware Accountability

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

[NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Then they found a backdoor that an intruder had left behind in the system.

Accountability

Accountability IoT Passwords Firmware

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client. Traceability and accountability. Before a device reaches the end user, multiple stakeholders have contributed to it or handled it. Threat detection.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.

Firmware

Firmware Passwords Accountability VPN

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Pick either 1Password or LastPass , go through all your accounts, and for each one…reset the password to something created by (and stored in) your password manager. Automatic Logins Using Lastpass.

Risk

Risk Passwords Password Management Accountability

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data.

Firmware

Firmware Accountability Advertising Manufacturing

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. The company states that devices running the Nebula cloud management mode are not impacted.

VPN

VPN Firewall Firmware Authentication

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

On February 10, 2020, the Taiwanese manufacturer DrayTek issued a security bulletin to address the vulnerability with the release of the firmware program 1.5.1. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. .” firmware or later. ” reads the security bulletin.

Firmware

Firmware VPN Accountability Advertising

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.

Firmware

Firmware Passwords Authentication Hacking

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Zyxel patches two critical vulnerabilities

Malwarebytes

MAY 26, 2023

The CVEs patched in these updates are: CVE-2023-33009 : A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware

Firmware VPN Firewall Accountability

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

For example, HiChip — a Chinese IoT vendor that Marrapese said accounts for nearly half of the vulnerable devices — uses the prefixes FFFF, GGGG, HHHH, IIII, MMMM, ZZZZ. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low.

IoT

IoT Firewall Manufacturing Computers and Electronics

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” Embedded S3 credentials have unlimited access to all S3 buckets provisioned for that account,” continues the analysis. ” read a post published by 0dayallday.org.

Firmware

Firmware Surveillance IoT Passwords

Leaked Alder Lake BIOS Source Code, Confirmed Authentic by Intel

Heimadal Security

OCTOBER 10, 2022

On Friday, a Twitter account going by the handle “freak” shared links to what they claimed to be the UEFI firmware source code for Intel Alder Lake, which they claim was made available by 4chan. Intel confirms the source code leak for the UEFI BIOS is authentic. Alder Lake is the name of the company’s […].

Authentication

Authentication Firmware Accountability Cybersecurity

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

One of the members of the group, Tillie Kottmann, revealed that they have gained access to these surveillance cameras using a super admin account for the surveillance company Verkada. Once Verkada became aware of the hack, it has disabled all internal administrator accounts to prevent any unauthorised access.

Surveillance

Surveillance Hacking Banking Firmware

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 12, 2025

Both vulnerabilities allow unauthenticated attackers to execute arbitrary commands using service accounts (supervisor and/or zyuser). The vulnerability CVE-2024-40890 is a post-authentication command injection issue in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615. 4)C0_20170615.

Authentication

Authentication Firmware Cybersecurity Hacking

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. Several websites and multiple social media accounts exist all touting their password “crackers.””

Passwords

Passwords Software Firmware Malware

SonicWall Warning: 'Imminent Risk of a Targeted Ransomware Attack'

SecureWorld News

JULY 14, 2021

x firmware in an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of firmware.". x firmware should continue to follow best security practices. x firmware are past temporary mitigations.

Risk

Risk Ransomware Firmware Mobile

Millions of Arris routers are vulnerable to path traversal attacks

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. Unfortunately the Arris firmware is based on the vulnerable version of muhttpd. The usernames and (sometimes encrypted) passwords of all administration accounts on the system. muhttpd web server. The muhttpd server 1.1.5 Vulnerabilities.

Firmware

Firmware Internet Internet Passwords

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

Firmware

Firmware Education Media Hacking

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Firmware Antivirus Accountability

Ranzy Locker Ransomware warning issued by FBI

CyberSecurity Insiders

OCTOBER 28, 2021

Taking regular backups that can be efficiently used to data continuity when the need arises, implementing network segmentation, installing regular software and firmware updates, auditing user accounts at regular intervals, limiting access to RDPs, deploying email threat monitoring solutions on network servers and disabling links embedded in the mail (..)

Ransomware

Ransomware Firmware Encryption Backups

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

“It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. The CVE–2022–36158 flaw is a hidden system command web page that was discovered performing reverse engineering of the firmware used by the device. ” reads the advisory published by Contec. ” continues the researchers.

Wireless

Wireless Firmware Passwords Engineering

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

Audit user accounts regularly, particularly Remote Monitoring and Management accounts that are publicly accessible. Patch operating systems, software, firmware, and endpoints. Monitor inbound and outbound network traffic; set alerts for data exfiltration. Pierluigi Paganini. SecurityAffairs – hacking, FBI).

Ransomware

Ransomware Backups Firmware Accountability

Weekly Update 211

Android devices shipped with backdoored firmware as part of the BADBOX network

Webinars

Trending Sources

MoonBounce: the dark side of UEFI firmware

Webinars

Another 0-Day Looms for Many Western Digital Users

Japanese Government Will Hack Citizens' IoT Devices

Ubiquiti: Change Your Password, Enable 2FA

MikroTik botnet relies on DNS misconfiguration to spread malware

5 Ways to Ensure Home Router Security with a Remote Workforce

IoT Unravelled Part 3: Security

Five Ways to Secure Your Home Office Webcam

Expert found a secret backdoor in Zyxel firewall and VPN

New Triada Trojan comes preinstalled on Android devices

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Zyxel firewalls targeted in recent ransomware attacks

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Triada strikes back

Whistleblower: Ubiquiti Breach “Catastrophic”

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

10 Behaviors That Will Reduce Your Risk Online

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Hackers target zero-day flaws in enterprise Draytek network devices

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Botnet operators target multiple zero-day flaws in LILIN DVRs

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Zyxel patches two critical vulnerabilities

P2P Weakness Exposes Millions of IoT Devices

Guardzilla Security Video System Footage exposed online

Leaked Alder Lake BIOS Source Code, Confirmed Authentic by Intel

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

White hat hackers gained access more than 150,000 surveillance cameras

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

SonicWall Warning: 'Imminent Risk of a Targeted Ransomware Attack'

Millions of Arris routers are vulnerable to path traversal attacks

HP would take up to 90 days to fix a critical bug in some business-grade printers

Ranzy Locker ransomware hit tens of US companies in 2021

Ranzy Locker Ransomware warning issued by FBI

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Stay Connected