Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites.

DNS 106

DNS Malware Firmware Phishing 106

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT 145

IoT Firmware Advertising DNS 145

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. ” states CERT/CC. . ” states CERT/CC.

Firmware 130

Firmware DNS Advertising Architecture 130

Security Affairs

JANUARY 10, 2020

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number.”

Firmware 96

Firmware DNS Manufacturing Advertising 96

Security Affairs

FEBRUARY 23, 2019

A user reported that its D-Link DNS-320 device was infected by malicious code. The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware 111

Ransomware DNS Firmware Encryption 111

Security Affairs

AUGUST 4, 2021

“The new vulnerabilities allow for Remote Code Execution, Denial of Service, Information Leak, TCP Spoofing, or DNS Cache Poisoning.” In fact, INFRA:HALT includes examples of memory corruption like in AMNESIA:33, weak ISN generation like in NUMBER:JACK and DNS vulnerabilities like in NAME:WRECK” continues the report.

DNS 131

DNS Manufacturing Firmware Technology 131

Security Affairs

JANUARY 16, 2023

Milisic discovered pre-loaded malware into its firmware. The malicious code embedded in the firmware of the device acts like the Android CopyCat malware. Milisic also devised a trick to block the malware using the Pi-hole to change the DNS of the command and control server, YCXRL.COM to 127.0.0.2. ” continues the expert.

Malware 98

Malware DNS Firmware Internet 98

Security Affairs

MAY 16, 2023

The platform provides real-time monitoring and control, it also supports advanced features such as device management, software and firmware updates, GPS tracking, and data visualization. The compromised industrial devices may also be used to launch attacks against other devices or networks.” ” reads the advisory from CISA.

Hacking 98

Hacking Internet Internet Manufacturing 98

Security Affairs

AUGUST 4, 2022

All the affected models have a patched firmware available for download on the vendor’s website.” SecurityAffairs – hacking, DrayTek Vigor). The post Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction appeared first on Security Affairs. Pierluigi Paganini.

Hacking 100

Hacking Internet Internet Passwords 100

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS 105

DNS Passwords Advertising Banking 105

Malwarebytes

JUNE 30, 2022

The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. According to an article in the Financial Times Chinese university students have been lured to work as translators to help identify hacking targets, and to analyze stolen material. DNS hijacking.

Malware 107

Malware DNS Small Business Firmware 107

Security Affairs

AUGUST 20, 2021

“By infecting routers, they can perform man-in-the-middle (MITM) attacks—via HTTP hijacking and DNS spoofing—to compromise endpoints and deploy ransomware or cause safety incidents in OT facilities. Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords.

IoT 107

IoT DNS Manufacturing Firmware 107

Security Affairs

NOVEMBER 1, 2021

Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control. SecurityAffairs – hacking, Pink botnet). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post Pink Botnet infected over 1.6

Architecture 145

Architecture DDOS Advertising DNS 145

Security Affairs

FEBRUARY 21, 2021

SecurityAffairs – hacking, newsletter). If you want to receive the weekly Security Affairs Newsletter for free subscribe here. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini. The post Security Affairs newsletter Round 302 appeared first on Security Affairs.

Data breaches 101

Data breaches DNS Firmware Antivirus 101

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. Security Affairs – Novidade exploit kit, hacking). ” continues the analysis.

DNS 111

DNS Advertising Firmware Banking 111

SecureList

MAY 27, 2022

MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Lapsus$ group hacks Okta. Targeted attacks.

Phishing 133

Phishing Spyware Firmware Malware 133

eSecurity Planet

APRIL 18, 2022

Antivirus and EDR tools, SIEM systems (security information and event management), security vendors, software, hardware, firmware, and operating systems. Public WHOIS data such as DNS name servers, IP blocks, and contact information. One of the most underappreciated aspects of hacking is the timing.

Penetration Testing 144

Penetration Testing DNS Firmware Antivirus 144

Security Affairs

AUGUST 12, 2018

. · Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges. · HP releases firmware updates for two critical RCE flaws in Inkjet Printers. · TSMC Chip Maker confirms its facilities were infected with WannaCry ransomware. · GitHub started warning users when adopting compromised credentials. · (..)

Advertising 65

Advertising DNS Firmware Surveillance 65

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Another type of service sold on the dark web is IoT hacking. DNS changer Malicious actors may use IoT devices to target users who connect to them.

IoT 137

IoT DDOS Passwords Malware 137

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Kali Linux

OCTOBER 12, 2022

A L ittle O ffensive A pplication)” It takes the standard Kali Linux image and adds custom software and some extra firmware designed for the Raspberry Pi Zero W to turn it into a Swiss Army knife of attacks and exfiltration. Lastly, to save our trigger, we click the Update button: Happy hacking! Happy hacking (again)!

Wireless 52

Wireless Passwords DNS Internet 52

Kali Linux

FEBRUARY 23, 2021

We have also added support for the Raspberry Pi 400’s wireless card, however it is very important to note that this is not a nexmon firmware, as nexmon does not currently support it. If you’d like to see it in action, David Bombal has put out a video of it.

Wireless 52

Wireless DNS Firmware Architecture 52

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 145

Malware Government Surveillance Spyware 145