The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Firmware is on everything from hard drives, motherboards and routers to office printers and smart medical devices. The Chinese are all over this.

Firmware 174

Firmware Hacking Software Surveillance 174

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware 145

Firmware Hacking Authentication Advertising 145

Security Affairs

AUGUST 26, 2024

SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices. SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), in its firewalls. However SonicWall recommends youinstall the latest firmware. .

Firewall 126

Firewall Firmware Malware Internet 126

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. Researchers from Bishop Fox used BinaryEdge source data to find SonicWall firewalls with management interfaces exposed to the internet.

Firewall 144

Firewall Hacking Firmware Internet 144

Security Affairs

NOVEMBER 2, 2024

Sophos used custom implants to monitor China-linked thret actors targeting firewall zero-days in a years-long battle. Improved operational security, including disrupting firewall telemetry to hinder detection and minimize their digital footprint. ” concludes the report.

Firmware 122

Firmware Government Firewall Malware 122

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 144

VPN Firewall Firmware Authentication 144

SecureWorld News

DECEMBER 8, 2024

For example, Palo Alto Networks has integrated PQC into its VPNs and next-generation firewalls to protect data in transit against quantum threats. Ensure quantum-ready hardware: Require that new infrastructure device purchases, such as routers and firewalls, have quantum-resistant or upgradable firmware.

Encryption 119

Encryption Firewall Education Firmware 119

Adam Levin

MARCH 19, 2020

Configure a Firewall: Most routers come with a built-in firewall to block unauthorized incoming internet traffic. Encourage workers to check the existing settings and enable their router’s firewall if it isn’t running already. Passwords should be difficult to guess, but easy enough for employees to remember.

Wireless 199

Wireless Firmware Firewall Manufacturing 199

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Use Firewalls and IDS/IPS : Employ firewalls to block unauthorized access and intrusion detection systems to monitor network behavior.

DDOS 67

DDOS Firmware Firewall Passwords 67

Bleeping Computer

DECEMBER 12, 2023

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [.]

Firewall 105

Firewall Firmware 105

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 362

IoT Firmware Risk Manufacturing 362

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. states GreyNoise.

Firewall 65

Firewall Firmware Authentication VPN 65

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 122

Firmware Technology Authentication IoT 122

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall 110

Firewall Firmware IoT Authentication 110

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. through ZLD V4.70 USG FLEX ZLD V4.50

Firewall 106

Firewall VPN Firmware Authentication 106

eSecurity Planet

DECEMBER 10, 2023

Firewalls monitor and control incoming and outgoing traffic while also preventing unauthorized access. Overlapping rules may impair firewall efficiency or expose flaws that allow attackers to circumvent regulations. Choose a centralized platform that is interoperable with several firewall suppliers.

Firewall 121

Firewall Network Security Backups Education 121

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices. USG FLEX ZLD V4.60 VPN ZLD V4.60

Firewall 98

Firewall Firmware VPN DDOS 98

eSecurity Planet

FEBRUARY 21, 2024

A firewall audit is a procedure for reviewing and reconfiguring firewalls as needed so they still suit your organization’s security goals. Auditing your firewall is one of the most important steps to ensuring it’s still equipped to protect the perimeter of your business’ network.

Firewall 115

Firewall Firmware Software Risk 115

SC Magazine

FEBRUARY 3, 2021

x firmware. x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. . SonicWall’s firmware update to version 10.2.0.5-29sv The post SonicWall issues firmware patch after attackers exploited critical bugs appeared first on SC Media. SonicWall). 31 and Feb.

Firmware 95

Firmware Mobile InfoSec Passwords 95

Krebs on Security

APRIL 26, 2019

iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one’s firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.

IoT 279

IoT Firewall Manufacturing Computers and Electronics 279

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. Commands are executed as the nobody user.”

Firewall 98

Firewall Firmware VPN Wireless 98

Malwarebytes

APRIL 4, 2022

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Affected series Affected firmware version Patch availability USG/ZyWALL ZLD V4.20 The vulnerability. through ZLD V4.70 USG FLEX ZLD V4.50 through ZLD V5.20 through ZLD V5.20

Firewall 89

Firewall Firmware VPN Authentication 89

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

DECEMBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2024-11667 is a directory traversal flaw in Zyxel firmware (V5.00–V5.38)

Firewall 113

Firewall Authentication Accountability Firmware 113

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. Commands are executed as the nobody user.”

Firewall 98

Firewall VPN Firmware Internet 98

Bleeping Computer

MARCH 31, 2022

Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices. [.].

Firewall 77

Firewall VPN Firmware 77

Krebs on Security

JUNE 25, 2021

The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

Internet 339

Internet Internet Backups Small Business 339

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

Firewall 136

Firewall Firmware Cyber Attacks VPN 136

CyberSecurity Insiders

JULY 16, 2021

SonicWall that offers next generation firewalls and various Cybersecurity solutions has announced that its customers using certain products are at a risk of being cyber attacked with ransomware. x firmware is going to reach its EOL aka End of Life. x firmware is going to reach its EOL aka End of Life.

Ransomware 145

Ransomware Firmware Cyber Attacks Firewall 145

Security Affairs

NOVEMBER 14, 2023

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

Cyber Attacks 139

Cyber Attacks Firmware Firewall VPN 139

Security Affairs

JANUARY 29, 2025

In mid-July 2024, Mitel addressed the vulnerability with the release of firmware updates. “In his GitHub README, Burns reported that he found that the Mitel 6869i SIP phone, firmware version 6.3.0.1020, failed to sanitize user-supplied input properly, and he found multiple endpoints vulnerable to this. HF1 (R6.4.0.136).

DDOS 69

DDOS Firmware Malware Firewall 69

Security Affairs

JUNE 13, 2023

“For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. through 6.2.13

Firewall 98

Firewall VPN Firmware Manufacturing 98

DoublePulsar

JANUARY 15, 2025

Having a full device config including all firewall rules is a lot of information. If you are in scope, may need to change device credentials and assess risk of firewall rules being publicly available. The outlier device appears to have a pre-production version of firmware 7.2.2, Somebody just released them.

Firewall 79

Firewall VPN Passwords Firmware 79

Security Affairs

SEPTEMBER 6, 2024

. “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” However SonicWall recommends youinstall the latest firmware. 5035 and older versions.

Firewall 128

Firewall Passwords Internet Internet 128

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware 126

Firmware Passwords Accountability VPN 126

eSecurity Planet

APRIL 30, 2024

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Verify that the chosen firewall can meet your security standards and functions.

Firewall 63

Firewall Architecture Firmware Risk 63