Cybercrime and Firmware - Cyber Security Informer

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.” Patch 0 through ZLD V4.35 Patch 0 through ZLD V4.35

Firewall

Firewall Firmware VPN IoT

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.”

VPN

VPN Passwords Firewall Firmware

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Conti ransomware targeted Intel firmware for stealthy attacks

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware

Firmware Ransomware Cybercrime Hacking

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware

Firmware Malware System Administration Technology

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

The inherent complexity of the supply chain for modern technology is a reason why so many cybercrime attempts have been successful. Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit

Dark Reading

JULY 25, 2022

The firmware threat offers ultimate stealth and persistence -- and may be distributed via tainted firmware components in a supply-chain play, researchers theorize.

Cybercrime

Cybercrime Firmware

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

“The largest share belongs to the version of firmware previous to the current stable one.” . “The spectrum of RouterOS versions we see across this botnet varies from years old to recent,” the company wrote. ” Qrator’s breakdown of Meris-infected MikroTik devices by operating system version.

IoT

IoT DDOS Internet Internet

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. The attackers’ research vector is now shifting from software vulnerabilities to those located at the hardware and firmware level. Pierluigi Paganini.

Cybercrime

Cybercrime Hacking Banking Phishing

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. .” The analysis of the headers of the spam messages revealed a botnet of ~13,000 hijacked MikroTik devices, forming a network capable of executing large-scale malicious activities.

DNS

DNS Malware Firmware Authentication

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Malware

Malware Cryptocurrency Mobile Firmware

Mirai botnet targets SSR devices, Juniper Networks warns

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Keep Software Updated : Apply the latest firmware updates to patch vulnerabilities. Implement strong, unique passwords across devices.

DDOS

DDOS Firmware Firewall Passwords

Chip maker giant AMD investigates a data breach

Security Affairs

JUNE 19, 2024

.” Earlier this week IntelBroker announced on the BreachForums cybercrime forum that they were “selling the AMD.com data breach.” The allegedly stolen data includes information on future products, datasheets, employee and customer databases, property files, firmware, source code, and financial documentation.

Data breaches

Data breaches Firmware Cybercrime Media

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs. The two vulnerabilities, tracked as CVE-2018-9099 and CVE-2018-9100 , resides in the firmware of the CMD-V5 dispenser and RM3/CRS dispenser respectively.

Hacking

Hacking Firmware Encryption Manufacturing

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns. Spooky fact : The infamous Mirai botnet attack in 2016 turned more than 600,000 IoT devices into cyber zombies, leading to one of the most significant DDoS attacks in history.

IoT

IoT Phishing DDOS Backups

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Security Affairs

JUNE 25, 2024

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware

Firmware Hacking Cybercrime Information Security

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware. By sharing our findings, we aim to contribute to the fight against cybercrime and raise awareness of this formidable threat.”

Antivirus

Antivirus Firmware Encryption Manufacturing

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. WHO’S BEHIND SOCKSESCORT? com, super-socks[.]com,

Malware

Malware VPN Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” Compromised hosts display unique strings during execution, including you are now apart of hail c**k botnet in older versions and I just wanna look after my cats, man. in newer ones.

Manufacturing

Manufacturing Malware Firmware IoT

Aquabot variant v3 targets Mitel SIP phones

Security Affairs

JANUARY 29, 2025

In mid-July 2024, Mitel addressed the vulnerability with the release of firmware updates. “In his GitHub README, Burns reported that he found that the Mitel 6869i SIP phone, firmware version 6.3.0.1020, failed to sanitize user-supplied input properly, and he found multiple endpoints vulnerable to this. HF1 (R6.4.0.136).

DDOS

DDOS Firmware Malware Firewall

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Threat actors could exploit this flaw to inject malicious code, execute commands with system privileges, and take over devices, potentially leading to serious cybercrimes and data breaches. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices.

Hacking

Hacking Firmware Mobile Penetration Testing

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware

Malware Firmware Antivirus Manufacturing

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers. ” continue the researchers.

Firmware

Firmware Manufacturing IoT Technology

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14 and 7.0.16, which were released on February 2024 and October 2024 respectively.

Firewall

Firewall VPN Accountability Firmware

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

DeadBolt ransomware gang tricked into giving victims free decryption keys

Malwarebytes

OCTOBER 19, 2022

As a countermeasure, QNAP pushed out an automatic, forced, update with firmware containing the latest security updates to protect against the attackers' DeadBolt ransomware, which annoyed part of its userbase. It is important to file a complaint if you are a victim of a cybercrime. Each of them received instructions to pay 0.05

Ransomware

Ransomware Firmware VPN Cybercrime

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack DORA Compliance Strategy for Business Leaders City of Cleveland still working to fully restore systems impacted by a cyber attack Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones Google fixed an actively exploited zero-day (..)

Data breaches

Data breaches Hacking Ransomware Malware

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches

Data breaches Computers and Electronics Spyware Cybercrime

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

Here are five specific trends for 2023 that you need to be aware of: The business of cybercrime will be further professionalized. The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. To combat cybercrime, organizations keep investing into IT security.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Risk

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Architecture Firewall

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

In order to protect Dahua devices, users have to install the latest firmware version. It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Authentication

Authentication Firmware Hacking Engineering

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification.

Malware

Malware Wireless Firmware Mobile

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. What people will eventually come to realize, the sooner the better, is that we will need to flatten the X factor represented by cybercrime. Sadly, coronavirus phishing and ransomware hacks already are in high gear. Always remember.

Social Engineering

Social Engineering Cyber Attacks Scams Engineering

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11), 0)b31 or older.

Firmware

Firmware Hacking Cybercrime Information Security

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos experts investigated an infection of DirectLogic PLCs from Automation Direct, they performed reverse engineering of the password cracking tool and discovered it did not crack the password at all, rather, it exploited a vulnerability in the firmware to retrieve the password on command. ” reads the advisory published by Dragos.

Passwords

Passwords Software Firmware Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. hard drive, storage device, the cloud). Use multifactor authentication where possible.

Ransomware

Ransomware Antivirus Passwords Malware

Zyxel 0day Affects its Firewall Products, Too

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Trending Sources

MoonBounce: the dark side of UEFI firmware

Android devices shipped with backdoored firmware as part of the BADBOX network

Conti ransomware targeted Intel firmware for stealthy attacks

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

MikroTik botnet relies on DNS misconfiguration to spread malware

HelloKitty ransomware gang targets vulnerable SonicWall devices

New Triada Trojan comes preinstalled on Android devices

Mirai botnet targets SSR devices, Juniper Networks warns

Chip maker giant AMD investigates a data breach

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Enhanced capabilities sustain the rapid growth of Vo1d botnet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Who and What is Behind the Malware Proxy Service SocksEscort?

Interview With a Crypto Scam Investment Spammer

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Aquabot variant v3 targets Mitel SIP phones

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

DeadBolt ransomware gang tricked into giving victims free decryption keys

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Five Cybersecurity Trends that Will Affect Organizations in 2023

US and UK link new Cyclops Blink malware to Russian state hackers?

PoC exploit for 2 flaws in Dahua cameras leaked online

Realtek SDK flaws exploited to deliver Mirai bot variant

Experts show how to run malware on chips of a turned-off iPhone

Widespread exploitation by botnet operators of Zyxel firewall flaw

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

Gafgyt botnet is targeting EoL Zyxel routers

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

BlackCat Ransomware gang breached over 60 orgs worldwide

Stay Connected