Advertising, Firmware and Hacking - Cyber Security Informer

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. SecurityAffairs – D-Link DIR-865L, hacking).

Firmware

Firmware Wireless Advertising Risk

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Securi ty Affairs – cold boot attacks, hacking).

Firmware

Firmware Encryption Advertising Passwords

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Example of available open printers on a single IoT search engine (Shodan.io): As we can see, many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. Change the default password.

Hacking

Hacking IoT Firmware Internet

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. The company released firmware p atches for the device in January. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Smart Light Bulbs, hacking).

Hacking

Hacking IoT Wireless Firmware

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware

Firmware Advertising Manufacturing Malware

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

Security Affairs

JANUARY 1, 2019

The group of researchers presented called “ wattet.fail ” firmware, side-channel, microcontroller and supply-chain attacks that impact most popular hardware-based cryptocurrency wallets, including Trezor One, Ledger Nano S, and Ledger Blue. “The Hacking the Supply Chain. Hacking the Bootloader. Side-channel Attacks.

Cryptocurrency

Cryptocurrency Hacking Firmware Advertising

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” SecurityAffairs – hacking, CVE-2019-0090).

Firmware

Firmware Technology Advertising Authentication

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. Below the details for the flaws: Vulnerabilities in the open source brcmfmac driver: • CVE-2019-9503 : If the brcmfmac driver receives the firmware event frame from the host, the appropriate handler is called.

Hacking

Hacking Firmware Advertising Wireless

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Security Affairs

FEBRUARY 18, 2020

Successfully dumped the smartlock’s firmware. And after having successfully dumped the firmware we can proceed at extracting some valuable evidences for the forensics case. But it saves my time while hacking (I)IoT targets. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

DECEMBER 6, 2018

PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles. The PASTA car hacking tool is contained in an 8 kg portable briefcase, experts highlighted the delay of the automotive industry in developing cyber security for modern cars.

Hacking

Hacking Advertising Firmware Engineering

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware

Firmware Advertising Malware Internet

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Security Affairs

OCTOBER 3, 2018

Lenovo confirmed that firmware versions 4.1.402.34662 and earlier are vulnerable, users have to download firmware version 4.1.404.34716 (or later). The company suggests removing any public shares and using the device only on trusted networks in case it is not possible to immediately update the firmware. Pierluigi Paganini.

Hacking

Hacking Firmware Advertising Backups

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

It’s not immediately clear which security vulnerabilities led to these estimated 250,000 MikroTik routers getting hacked by Meris. “The largest share belongs to the version of firmware previous to the current stable one.” ” Qrator’s breakdown of Meris-infected MikroTik devices by operating system version.

IoT

IoT DDOS Internet Internet

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Automatic updates are available via Wi-Fi and can be installed by setting IoT radio devices back to factory settings and downloading the latest firmware version. . SecurityAffairs – IoT radio devices, hacking). .

IoT

IoT Hacking Firmware Advertising

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. ” states CERT/CC. . ” states CERT/CC.

Firmware

Firmware DNS Advertising Architecture

Hacking Radio Blasting Systems for Fun & Explosions

Security Affairs

AUGUST 5, 2019

While driving to work I have seen the advertisement of a Fireworks Festival that’s going to happen in the city. What about hacking Radio Blasting Systems? Which means, we can easily bruteforce and thus exhaust the space between them with the main WHID Elite Firmware. SecurityAffairs – Radio Blasting Systems , hacking).

Hacking

Hacking Firmware Engineering Advertising

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips.

Hacking

Hacking Firmware Advertising Mobile

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware

Firmware Manufacturing Advertising Hacking

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, D-Link). Pierluigi Paganini.

Firmware

Firmware Advertising Authentication Hacking

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack. “We recommend that Tenda router users check their firmware and make necessary update.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Firmware Advertising DNS

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. In September 2018, a user by the name “ ципа ” (phonetically “ Zipper ” in Russian) registered on the Russian hacking forum Lolzteam using the edgard0111012@gmail.com address.

Scams

Scams DDOS Cryptocurrency Accountability

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. SecurityAffairs – hacking, LILIN). Pierluigi Paganini.

Firmware

Firmware Surveillance Manufacturing Advertising

HP releases firmware updates for two critical RCE flaws in Inkjet Printers

Security Affairs

AUGUST 6, 2018

HP has released firmware updates that address two critical remote code execution vulnerabilities in some models of inkjet printers. HP has released firmware updates to address two critical RCE flaws affecting some Inkjet printers. Go to the Upgrading Printer Firmware page and follow the instructions provided to install the firmware.

Firmware

Firmware Advertising Software Hacking

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Wireless Authentication Advertising

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

“ Experts found hardcoded credentials in the firmware that are used to connect to a private broker through the Message Queuing Telemetry Transport (MQTT) protocol for exchanging messages with remote IoT boards and sensors. If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’

IoT

IoT Hacking DNS Authentication

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs

JULY 10, 2019

The experts at the healthcare cybersecurity firm CyberMDX have found some flaws in the firmware of the anesthesia machines, the issues could expose patients to serious risks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Healthcare Advertising Firmware

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation. The flaw has been classified as “medium severity,” it affects firmware versions prior to SCV10150. SecurityAffairs – Patch Tuesday, hacking).

Firmware

Firmware Advertising Authentication Hacking

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

On February 10, 2020, the Taiwanese manufacturer DrayTek issued a security bulletin to address the vulnerability with the release of the firmware program 1.5.1. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. .” firmware or later. ” reads the security bulletin.

Firmware

Firmware VPN Accountability Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. The two agencies urge organizations to ensure their devices have not been previously infected, they recommend a full factory reset of the device before performing the firmware upgrade. Pierluigi Paganini.

Malware

Malware Firmware Advertising Manufacturing

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – iLnkP2P flaws, IoT).

IoT

IoT Hacking Manufacturing Advertising

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Advertising

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

QNAP urges users to update NAS firmware and app to prevent infections

Trending Sources

Hacking IoT & RF Devices with BürtleinaBoard

Intel addresses High-Severity flaws in NUC Firmware and other tools

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Second-ever UEFI rootkit used in North Korea-themed attacks

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

NSA publishes guidance on UEFI Secure Boot customization

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

Some Zyxel devices can be hacked via DNS requests

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Broadcom WiFi Driver bugs expose devices to hack

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Researchers warn of QNAP NAS attacks in the wild

AMD is going to patch UEFI SMM callout privilege escalation flaw

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Hacking Radio Blasting Systems for Fun & Explosions

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

BadPower attack could burn your device through fast charging

USBAnywhere BMC flaws expose Supermicro servers to hack

D-Link addressed 5 flaws on some router models, some of them reached EoL

New Ttint IoT botnet exploits two zero-days in Tenda routers

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Interview With a Crypto Scam Investment Spammer

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Botnet operators target multiple zero-day flaws in LILIN DVRs

HP releases firmware updates for two critical RCE flaws in Inkjet Printers

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Expert found multiple critical issues in MoFi routers

Hacking the Twinkly IoT Christmas lights

Severe vulnerabilities allow hacking older GE anesthesia machines

Intel addresses high severity flaw in Processor Diagnostic Tool

Hackers target zero-day flaws in enterprise Draytek network devices

QSnatch malware infected over 62,000 QNAP NAS Devices

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

xHelper, the Unkillable Android malware that re-Installs after factory reset

Stay Connected