Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 122

Firmware Technology Authentication IoT 122

Security Affairs

FEBRUARY 18, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Firewall 63

Firewall Firmware Authentication VPN 63

Security Boulevard

APRIL 27, 2021

Cigent Technology today launched Cigent Data Defense, an offering that combines existing multifactor authentication and encryption capabilities to secure sensitive data residing on solid-state drives (SSDs). The post Cigent Technology Extends Firmware to Secure SSDs appeared first on Security Boulevard.

Firmware 102

Firmware Technology Encryption Authentication 102

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. This challenge has not escaped the global cybersecurity community. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up.

Cybersecurity 214

Cybersecurity Digital transformation Computers and Electronics Encryption 214

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware 74

Ransomware Backups Firmware Insurance 74

Security Affairs

NOVEMBER 25, 2024

According to the advisory, the attack is only possible if the device is configured to use User-Based-PSK authentication and has a valid user with a username longer than 28 characters. ” The vendor addressed these vulnerabilities with the release of firmware version 5.39 ” reads the advisory published by the vendor.

Firewall 73

Firewall Ransomware VPN Firmware 73

Heimadal Security

OCTOBER 10, 2022

On Friday, a Twitter account going by the handle “freak” shared links to what they claimed to be the UEFI firmware source code for Intel Alder Lake, which they claim was made available by 4chan. Intel confirms the source code leak for the UEFI BIOS is authentic. Alder Lake is the name of the company’s […].

Authentication 105

Authentication Firmware Accountability Cybersecurity 105

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Follow SecureWorld News for more stories related to cybersecurity.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware 98

Firmware Malware Encryption Authentication 98

The Hacker News

JUNE 30, 2021

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4)

Firmware 145

Firmware Authentication Network Security Cybersecurity 145

Security Affairs

FEBRUARY 12, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel deviceflaws to its Known Exploited Vulnerabilities catalog. Cybersecurity firm Censys reported that more than 1,500 online devices are affected by the vulnerability. reads the advisory published by GreyNoise. 4)C0_20170615. reads the advisory.

Authentication 70

Authentication Firmware Cybersecurity Hacking 70

Centraleyes

APRIL 7, 2025

What is the EU Cybersecurity Certification Scheme? The EU Cybersecurity Certification Scheme is designed to simplify and harmonize cybersecurity certifications across the EU. How Does It Differ from Pre-existing Systems? Encryption Protocols: Compliance with robust encryption standards like TLS 1.3

Cybersecurity 52

Cybersecurity Encryption Marketing Healthcare 52

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The flaws affected multiple products including the following smart switches, below is the list of the impacted devices and related firmware fixes: GC108P fixed in firmware version 1.0.8.2

Firmware 127

Firmware Authentication Passwords Hacking 127

Security Affairs

JULY 1, 2021

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. “In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited.” html) and the firmware image itself (.chk

Firmware 139

Firmware Authentication Encryption Passwords 139

Security Affairs

MAY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev.

Firmware 128

Firmware Passwords Authentication Hacking 128

SecureList

JUNE 11, 2024

Second, terminals can be connected to other scanners, such as electronic pass readers, or support other authentication methods using built-in hardware. External appearance of the device The device has several physical interfaces, supporting four authentication methods: biometric (facial recognition), password, electronic pass, and QR code.

Firmware 131

Firmware Authentication Passwords Risk 131

Security Affairs

JUNE 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-26169 is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges.

Firmware 129

Firmware Authentication Hacking Cybersecurity 129

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 145

Firmware Architecture Malware Hacking 145

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 The researchers discovered that the issue resides in the CGI program. /httpd/cgi-bin/authLogout.cgi.

Firmware 145

Firmware Advertising Malware Internet 145

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. The company states that devices running the Nebula cloud management mode are not impacted.

VPN 143

VPN Firewall Firmware Authentication 143

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. To address this threat, organizations of all sizes while conducting a risk assessment need to take into account the vulnerabilities of all third-party software or firmware.

Cybersecurity 116

Cybersecurity Cybercrime Social Engineering Risk 116

CyberSecurity Insiders

AUGUST 13, 2021

According to a research carried out by Maryland based Cybersecurity firm Tenable, hackers are targeting millions of home routers to add them to the Mirai botnet radar that is used to launch DDoS Cyber attack campaigns. The post Millions of home routers on Mirai Botnet Radar appeared first on Cybersecurity Insiders.

Firmware 136

Firmware Malware DDOS Manufacturing 136

Penetration Testing

FEBRUARY 6, 2025

Two newly discovered security vulnerabilitiesCVE-2024-9643 and CVE-2024-9644affecting the Four-Faith F3x36 router (firmware v2.0.0) could allow remote attackers to The post CVE-2024-9643 & CVE-2024-9644: Authentication Bypass in Four-Faith F3x36 Routers Puts Networks at Risk appeared first on Cybersecurity News.

Authentication 61

Authentication Risk Firmware Cybersecurity 61

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 128

Firmware Wireless Passwords Internet 128

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware 117

Firmware Ransomware Passwords Mobile 117

Security Affairs

AUGUST 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog. The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The flaw received a CVSS v3 score of 8.1,

Authentication 130

Authentication Firmware Hacking Engineering 130

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk 267

Risk VPN Internet Internet 267

Penetration Testing

MARCH 17, 2025

A critical vulnerability, designated CVE-2024-540385, has been uncovered in HPE Cray XD670 servers utilizing the AMI BMC Redfish The post HPE Cray Vulnerability (CVE-2024-540385): Authentication Bypass Threat, CVSS 10 Alert appeared first on Cybersecurity News.

Authentication 69

Authentication Cybersecurity Firmware 69

Security Affairs

JULY 1, 2020

Four of flaws have been rated high severity , they can be exploited by an unauthenticated attacker with network access to the vulnerable Netgear device to execute arbitrary code with admin or root privileges, and to bypass authentication. Authentication is not required to exploit this vulnerability.” ” states the CERT/CC.

Authentication 145

Authentication Firmware Hacking Mobile 145

Security Affairs

OCTOBER 13, 2020

IoT devices are exposed to cybersecurity vulnerabilities. However, if you know where the dangers lurk, there is a way to minimize the cybersecurity risks. Here are five significant cybersecurity vulnerabilities with IoT in 2020. The cybersecurity issues related to IoT are a brand-new topic in the niche. Poor credentials.

IoT 142

IoT Cybersecurity Manufacturing Internet 142

eSecurity Planet

APRIL 28, 2022

cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. The cybersecurity authorities urged organizations to immediately apply timely patches to their systems and implement a centralized patch management system in order to reduce their attack surface.

Cybersecurity 113

Cybersecurity Software Firmware Internet 113

Security Affairs

DECEMBER 12, 2020

Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw. “Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.”

Firmware 115

Firmware Manufacturing Software Authentication 115

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. The two vulnerabilities, tracked as CVE-2018-9099 and CVE-2018-9100 , resides in the firmware of the CMD-V5 dispenser and RM3/CRS dispenser respectively.

Hacking 135

Hacking Firmware Encryption Manufacturing 135

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware 108

Firmware Penetration Testing Manufacturing Authentication 108

Security Affairs

NOVEMBER 10, 2019

Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Here’s a look at how the report frames AI and 5G in cybersecurity. Most Respondents Say AI Will Impact Their Cybersecurity Strategies.

Risk 109

Risk Cybersecurity Artificial Intelligence Education 109

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page.

Malware 142

Malware Firmware Advertising Manufacturing 142