Encryption, Firmware and Hacking - Cyber Security Informer

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware

Firmware Cybersecurity Encryption Financial Services

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals.

Hacking

Hacking Firmware Encryption Manufacturing

Attack Against PC Thunderbolt Port

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data. Intel responds.

Firmware

Firmware Manufacturing Encryption Hacking

Hacking Group Has PS5 Root Encryption Keys

Heimadal Security

NOVEMBER 15, 2021

A hacking group dubbed Fail0verflow announced on Twitter that they have got the PS5 root encryption keys. These types of keys are usually used to perform PS5’s firmware decryption. Hackers Have PS5 Root Encryption Keys: Details […]. Hackers Have PS5 Root Encryption Keys: Details […].

Encryption

Encryption Hacking Firmware Software

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Threatpost

OCTOBER 14, 2020

Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.

Encryption

Encryption Firmware IoT Hacking

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. encryption keys, passwords) from a running operating system after using a cold reboot to restart the machine. Pierluigi Paganini.

Firmware

Firmware Encryption Advertising Passwords

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

NOVEMBER 6, 2018

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Encryption

Encryption Firmware Passwords Advertising

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. SecurityAffairs – D-Link DIR-865L, hacking).

Firmware

Firmware Wireless Advertising Risk

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable. .

Firmware

Firmware Encryption Passwords Authentication

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. The malware stole data and encrypted files to block remediation attempts.

Firewall

Firewall Hacking Malware Passwords

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Who controls these servers?

Surveillance

Surveillance Hacking Firmware Manufacturing

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” SecurityAffairs – hacking, CVE-2019-0090).

Firmware

Firmware Technology Advertising Authentication

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The botnet uses the WSS (WebSocket over TLS) protocol for C2 communication to circumvent the typical Mirai traffic detection and provide secure encrypted communication for command and control. “Two zero days, 12 remote access functions for the router, encrypted traffic protocol, and infrastructure IP that that moves around.

IoT

IoT Firmware Advertising DNS

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” “As the communications are not encrypted, it is simple to Man-in-the-Middle the traffic and analyse the API.” ” reads the analysis published by MWR InfoSecurity.

IoT

IoT Hacking DNS Authentication

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

Maze Ransomware operators published data from LG and Xerox

Security Affairs

AUGUST 4, 2020

At the time, the Maze ransomware operators only released three screenshots as proof of the data breaches on the Maze ransomware leak site: Researchers from ZDNet who analyzed the leaked data confirmed that it included source code for the firmware of various LG products, including phones and laptops. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Encryption Advertising Firmware

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

OCTOBER 16, 2019

These certificates leverage something called the public key infrastructure ( PKI ), a framework for encrypting data and authenticating the machines talking to each other. The technology makes a certificate, which is an encrypted key — in effect an identity. This cleared the way to push malware onto 70,000 Asus computers in field.

Digital transformation

Digital transformation Firmware Authentication IoT

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). Pierluigi Paganini.

Ransomware

Ransomware Firmware Wireless Encryption

TP-Link Archer C5400X gaming router is affected by a critical flaw

Security Affairs

MAY 27, 2024

The issue affects firmware versions, through 1.1.1.6, Below is the timeline for this flaw: 2024-02-16 –Report submitted to TP-Link PSIRT through encrypted email. Archer C5400X(EU)_V1_1.1.7 Build 20240510 addressed the flaw. 2024-02-19 –Case opened by TP-Link PSIRT. 2024-04-10 –TP-Link shares a beta version of 1.1.7p1 for validation.

Firmware

Firmware Encryption Hacking Information Security

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. If sources are in question, run a full factory reset on the device prior to completing the firmware upgrade.

Malware

Malware Firmware Advertising Manufacturing

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Security Affairs

MAY 7, 2021

Passive Recon & OSINT: First of all (even without attempting to open the token) we can immediately notice our best-hardware-hacking-friend: the FCC ID. Conclusion, always do your homework before putting your hands on the target: FCC database, Google, and Chinese search engines are your best friend when doing a hardware hacking research!

Firmware

Firmware Passwords Password Management Encryption

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Security Affairs

FEBRUARY 5, 2020

More recent firmware versions had Telnet access and debug port (9527/ tcp ) disabled by default, but they had open port 9530/ tcp that could be exploited by attackers to send a special command to start telnet daemon and enable shell access with a static password ([ 1 ], [ 2 ], [ 3 ]). SecurityAffairs – HiSilicon chips, hacking).

Firmware

Firmware Encryption Advertising Passwords

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

Security Affairs

OCTOBER 8, 2020

Recently QNAP published a security advisory urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. SecurityAffairs – hacking, QNAP). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Encryption

Encryption Advertising Firmware Ransomware

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Advertising

Security Affairs newsletter Round 268

Security Affairs

JUNE 14, 2020

SecurityAffairs – newsletter, hacking). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Ransomware Hacking

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding. Gillespie says that it matches the encryption algorithm he noted above.”

Ransomware

Ransomware DNS Firmware Encryption

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. SecurityAffairs – hacking, SOHO). This code is part of Circle , which is used to implement parental control features to these devices. R6700v3 – 1.0.4.106 R6900 – 1.0.2.16

DNS

DNS Firmware VPN Risk

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. Pierluigi Paganini.

Internet

Internet Internet Firmware Advertising

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Security Affairs

JUNE 3, 2021

The researchers demonstrated a proof-of-concept (PoC) exploit that sees the attacker masquerading as a legitimate access point, running a modified open-source hostapd , and sending a malicious encrypted group temporal key (GTK) to any client that connects to it via WPA2. SecurityAffairs – hacking, Realtek RTL8170C Wi-Fi module).

Wireless

Wireless IoT Encryption Firmware

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends.encrypt extension to filenames of encrypted files. SecurityAffairs – hacking, NAS). Pierluigi Paganini.

Ransomware

Ransomware Encryption Firmware Passwords

Tails OS version 4.5 supports the Secure Boot

Security Affairs

APRIL 10, 2020

The Tails OS allows to use the Internet anonymously and circumvent censorship by using the Tor Network, it leaves no trace on the computer users are using and uses the state-of-the-art cryptographic tools to encrypt files, emails and instant messaging. Tails OS version 4.5 it the first version that supports the UEFI Secure Boot.

Firmware

Firmware Advertising Encryption Internet

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide , its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, the ransomware appends. SecurityAffairs – hacking, QNAP).

Ransomware

Ransomware Firmware Internet Internet

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant. The engineering received the files from an anonymous hacker who claimed to have hacked the company earlier this year, the experts believe that this leak is just a first lot on a larger collection.

Firmware

Firmware Advertising Engineering Hacking

Using Electromagnetic Fault Injection Attacks to take over drones

Security Affairs

JUNE 28, 2023

the use of signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot), using non-invasive techniques. In a first attack scenario tested by IOActive, the researchers attempted to retrieve the encryption key using EM emanations and decrypting the firmware. ” added the company.

Firmware

Firmware Encryption Hacking Information Security

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

BleepingComputer also reported that dozens of ransom notes and encrypted files have been submitted to the ID-Ransomware service by affected QNAP users. Up to date apps and firmware seem not to help either.” The malicious code appends.encrypt extension to filenames of encrypted files. SecurityAffairs – hacking, QNAP NAS).

Ransomware

Ransomware Encryption Backups Firmware

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

The WiFi chip encrypts network traffic and holds the current WiFi credentials, thereby providing the attacker with further information.” Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. Pierluigi Paganini.

Wireless

Wireless Firmware Mobile Passwords

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

“Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” ” The ransomware appends the.checkmate extension to the filenames of encrypted files, it drops a ransom note named !CHECKMATE_DECRYPTION_README

Ransomware

Ransomware Encryption Passwords Internet

Firmware attacks, a grey area in cybersecurity of organizations

QNAP urges users to update NAS firmware and app to prevent infections

Trending Sources

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Attack Against PC Thunderbolt Port

Hacking Group Has PS5 Root Encryption Keys

IoT Unravelled Part 3: Security

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Chinese national charged for hacking thousands of Sophos firewalls

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

USBAnywhere BMC flaws expose Supermicro servers to hack

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

New Ttint IoT botnet exploits two zero-days in Tenda routers

Hacking the Twinkly IoT Christmas lights

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Maze Ransomware operators published data from LG and Xerox

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

FBI published a flash alert on Mamba Ransomware attacks

Infecting Canon EOS DSLR camera with ransomware over the air

TP-Link Archer C5400X gaming router is affected by a critical flaw

QSnatch malware infected over 62,000 QNAP NAS Devices

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs newsletter Round 268

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

A daily average of 80,000 printers exposed online via IPP

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Tails OS version 4.5 supports the Secure Boot

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Intel investigates security breach after the leak of 20GB of internal documents

Using Electromagnetic Fault Injection Attacks to take over drones

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

New Checkmate ransomware target QNAP NAS devices

Stay Connected