Cybercrime, Firmware and Information Security

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.”

VPN

VPN Passwords Firewall Firmware

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware

Firmware Malware System Administration Technology

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. Over the years, multiple security experts have identified several vulnerabilities in MikroTik routers, such as a remote code execution vulnerability detailed by VulnCheck researchers here.

DNS

DNS Malware Firmware Authentication

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Malware

Malware Cryptocurrency Mobile Firmware

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware

Ransomware Firmware Mobile InfoSec

Mirai botnet targets SSR devices, Juniper Networks warns

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Below are actions recommended by Juniper Networks: Strengthen Security Practices : Change default credentials on all SSRs.

DDOS

DDOS Firmware Firewall Passwords

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs. The vulnerabilities discovered by the security duo impacts the Wincor Cineo ATMs with the RM3 and CMD-V5 dispensers. Both issues received a CVSSv3.0

Hacking

Hacking Firmware Encryption Manufacturing

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. WHO’S BEHIND SOCKSESCORT? com, super-socks[.]com,

Malware

Malware VPN Internet Internet

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware. By sharing our findings, we aim to contribute to the fight against cybercrime and raise awareness of this formidable threat.”

Antivirus

Antivirus Firmware Encryption Manufacturing

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Security Affairs

JUNE 25, 2024

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware

Firmware Hacking Cybercrime Information Security

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” Compromised hosts display unique strings during execution, including you are now apart of hail c**k botnet in older versions and I just wanna look after my cats, man. in newer ones.

Manufacturing

Manufacturing Malware Firmware IoT

Aquabot variant v3 targets Mitel SIP phones

Security Affairs

JANUARY 29, 2025

In mid-July 2024, Mitel addressed the vulnerability with the release of firmware updates. “In his GitHub README, Burns reported that he found that the Mitel 6869i SIP phone, firmware version 6.3.0.1020, failed to sanitize user-supplied input properly, and he found multiple endpoints vulnerable to this. HF1 (R6.4.0.136).

DDOS

DDOS Firmware Malware Firewall

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Threat actors could exploit this flaw to inject malicious code, execute commands with system privileges, and take over devices, potentially leading to serious cybercrimes and data breaches. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices.

Hacking

Hacking Firmware Mobile Penetration Testing

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14 and 7.0.16, which were released on February 2024 and October 2024 respectively.

Firewall

Firewall VPN Accountability Firmware

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware

Malware Firmware Antivirus Manufacturing

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm. Crashes generally trigger a fatal assertion, segmentation faults due to a buffer or heap overflow within the SoC firmware.

Firmware

Firmware Manufacturing IoT Technology

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware abuses NKN decentralized P2P network protocol Snatch ransomware gang claims the hack of the food giant Kraft Heinz Multiple flaws in pfSense firewall can lead to arbitrary code execution BianLian, White Rabbit, and Mario Ransomware Gangs Spotted (..)

Data breaches

Data breaches Cybercrime Firewall Ransomware

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack DORA Compliance Strategy for Business Leaders City of Cleveland still working to fully restore systems impacted by a cyber attack Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones Google fixed an actively exploited zero-day (..)

Data breaches

Data breaches Hacking Ransomware Malware

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches

Data breaches Computers and Electronics Spyware Cybercrime

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

In order to protect Dahua devices, users have to install the latest firmware version. The post PoC exploit for 2 flaws in Dahua cameras leaked online appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, Dahua cameras).

Authentication

Authentication Firmware Hacking Engineering

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Architecture Firewall

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws.

IoT

IoT Firmware Internet Internet

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification.

Malware

Malware Wireless Firmware Mobile

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos experts investigated an infection of DirectLogic PLCs from Automation Direct, they performed reverse engineering of the password cracking tool and discovered it did not crack the password at all, rather, it exploited a vulnerability in the firmware to retrieve the password on command. ” reads the advisory published by Dragos.

Passwords

Passwords Software Firmware Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g.,

Ransomware

Ransomware Antivirus Passwords Malware

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11), 0)b31 or older.

Firmware

Firmware Hacking Cybercrime Information Security

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches Cybercrime Ransomware Passwords

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” After QNAP forced the firmware security update, the number of infections dropped to less than 300 in March. It was looking like this problem was behind us.”

Ransomware

Ransomware Firmware Internet Internet

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Implement network segmentation, such that all machines on your network are not accessible from every other machine. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware Firmware Antivirus Accountability

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Only use secure networks and avoid using public Wi-Fi networks. Focus on cyber security awareness and training. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware DDOS Passwords Backups

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

According to BleepingComputer , Kottmann has performed reverse engineering of the firmware used by Verkada and discovered hardcoded credentials for a super admin account. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, cybercrime). Pierluigi Paganini.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. “Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the running process.” reads the advisory published by CISA.

Firmware

Firmware Malware Security Intelligence Authentication

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

Security Affairs

DECEMBER 13, 2024

The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. “The Federal Office for Information Security (BSI) has now blocked communication between the malware and the computer in up to 30,000 such devices in Germany.

Firmware

Firmware Malware Telecommunications Information Security

Security Affairs newsletter Round 341

Security Affairs

NOVEMBER 20, 2021

If you want to also receive for free the newsletter with the international press subscribe here.

Banking

Banking Small Business Data breaches Firmware

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices.

Mobile

Mobile Advertising Malware Cybercrime

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

Researchers provided the following recommendations for protecting home offices from ransomware attacks: Update device firmware to keep attacks of this nature at bay. Once compromised the device, threat actors employed it in a botnet used in attacks aimed at Linux systems, including Synology NAS.

Ransomware

Ransomware Encryption Firmware Passwords

Yandex is under the largest DDoS attack in the history of Runet

Security Affairs

SEPTEMBER 9, 2021

It spreads through a vulnerability in firmware and already numbers up to hundreds of thousands of infected devices.” Having devoted the last few weeks to studying the new botnet, we can say that a completely new botnet has appeared and it is built on the network equipment of a very popular vendor from the Baltic States.

DDOS

DDOS Internet Internet Firmware

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Android devices shipped with backdoored firmware as part of the BADBOX network

Webinars

Trending Sources

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Webinars

MikroTik botnet relies on DNS misconfiguration to spread malware

New Triada Trojan comes preinstalled on Android devices

HelloKitty ransomware gang targets vulnerable SonicWall devices

Mirai botnet targets SSR devices, Juniper Networks warns

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Who and What is Behind the Malware Proxy Service SocksEscort?

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

BotenaGo botnet targets millions of IoT devices using 33 exploits

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Aquabot variant v3 targets Mitel SIP phones

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

PoC exploit for 2 flaws in Dahua cameras leaked online

US and UK link new Cyclops Blink malware to Russian state hackers?

Realtek SDK flaws exploited to deliver Mirai bot variant

Experts show how to run malware on chips of a turned-off iPhone

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

BlackCat Ransomware gang breached over 60 orgs worldwide

Widespread exploitation by botnet operators of Zyxel firewall flaw

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Beastmode Mirai botnet now includes exploits for Totolink routers

Ranzy Locker ransomware hit tens of US companies in 2021

MSI confirms security breach after Money Message ransomware attack

Avoslocker ransomware gang targets US critical infrastructure

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Corona Mirai botnet spreads via AVTECH CCTV zero-day

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

Security Affairs newsletter Round 341

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Yandex is under the largest DDoS attack in the history of Runet

Stay Connected