Firewall, Firmware and Information Security

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.” hardware firewalls: SonicOS 6.5.5.1-6n 6n or newer Gen 6 / 6.5

Firewall

Firewall Firmware VPN Authentication

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., based Sophos Ltd.

Firewall

Firewall Hacking Malware Passwords

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. ” continues the advisory.

Firewall

Firewall VPN Accountability Firmware

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. The security firm reported that this vulnerability is being used in attacks against a small set of specific organizations, primarily in South Asia. reads the advisory. “A MR5 (18.5.5), v19.0

Firmware

Firmware Firewall Internet Internet

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” ” reported Heise Security. We can exclude the circumstance that the attackers may have compromised Fortinet.

VPN

VPN Passwords Firewall Firmware

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Sophos used custom implants to monitor China-linked thret actors targeting firewall zero-days in a years-long battle. Improved operational security, including disrupting firewall telemetry to hinder detection and minimize their digital footprint. ” concludes the report.

Firmware

Firmware Government Firewall Malware

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. Researchers from Bishop Fox used BinaryEdge source data to find SonicWall firewalls with management interfaces exposed to the internet.

Firewall

Firewall Hacking Firmware Internet

SonicWall addressed an improper access control issue in its firewalls

Security Affairs

AUGUST 26, 2024

SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices. SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), in its firewalls. However SonicWall recommends youinstall the latest firmware.

Firewall

Firewall Firmware Malware Internet

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Mirai botnet targets SSR devices, Juniper Networks warns

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Below are actions recommended by Juniper Networks: Strengthen Security Practices : Change default credentials on all SSRs.

DDOS

DDOS Firmware Firewall Passwords

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices. USG FLEX ZLD V4.60 VPN ZLD V4.60

Firewall

Firewall Firmware VPN DDOS

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall

Firewall Firmware VPN Wireless

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. reads the report published by Rapid7.

Firewall

Firewall VPN Firmware Internet

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2024-11667 is a directory traversal flaw in Zyxel firmware (V5.00–V5.38)

Firewall

Firewall Authentication Accountability Firmware

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

Firewall

Firewall Firmware Cyber Attacks VPN

Aquabot variant v3 targets Mitel SIP phones

Security Affairs

JANUARY 29, 2025

In mid-July 2024, Mitel addressed the vulnerability with the release of firmware updates. “In his GitHub README, Burns reported that he found that the Mitel 6869i SIP phone, firmware version 6.3.0.1020, failed to sanitize user-supplied input properly, and he found multiple endpoints vulnerable to this. HF1 (R6.4.0.136).

DDOS

DDOS Firmware Malware Firewall

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

SonicWall warns that SonicOS bug exploited in attacks

Security Affairs

SEPTEMBER 6, 2024

. “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” However SonicWall recommends youinstall the latest firmware. 5035 and older versions.

Firewall

Firewall Passwords Internet Internet

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. and 7 p.m., power grid ( Energywire , April 30). .

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability VPN

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT

IoT Firmware Advertising DNS

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. in its firewall devices. Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware

Firmware Firewall Authentication VPN

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices.

Firewall

Firewall Firmware Authentication VPN

Avtech camera vulnerability actively exploited in the wild, CISA warns

Security Affairs

AUGUST 2, 2024

” The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. Placing control system networks and remote devices behind firewalls and isolating them from business networks. .” reads the advisory published by CISA.

Firmware

Firmware Firewall Risk Authentication

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

A whopping 79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers. Oldest firmware versions have been released as far back as 2007.

Firmware

Firmware Internet Internet Advertising

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

According to WatchGuard , Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances. ” reads the advisory published by the UK National Cyber Security Centre. The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Architecture Firewall

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. “However, many vendors may have bought vulnerable versions of this stack prior to the 2012 update, starting in the early 2000s when it was first issued, and integrated it into their own firmware.

Hacking

Hacking Firmware Internet Internet

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

“A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. Security experts from Tenable published a post detailing the flaw, they also shared Shodan dorks for searching SonicWall VPNs. 6.5.1.12, 6.0.5.3,

VPN

VPN Firewall Firmware Authentication

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Security Affairs

JANUARY 8, 2022

SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. x firmware in MySonicWall downloads section for TZ, NSA and SOHO platforms.

Firewall

Firewall Engineering Firmware Malware

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. The company published a list of security advisories to inform its customers of the vulnerabilities in its products.

Advertising

Advertising Firmware Firewall Internet

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

“In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.” Install Security Counselor and run with Intermediate Security Policy (or above). Install a firewall.

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

DDOS

DDOS Firmware VPN Firewall

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Keep your firmware and software updated. In addition to turning on the native anti-malware and firewall features in your operating system, also consider installing MalwareBytes as an extra layer of protection. Keep all of your software and hardware religiously updated. They are, and you should be taking advantage of that functionality.

Risk

Risk Passwords Password Management Accountability

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware abuses NKN decentralized P2P network protocol Snatch ransomware gang claims the hack of the food giant Kraft Heinz Multiple flaws in pfSense firewall can lead to arbitrary code execution BianLian, White Rabbit, and Mario Ransomware Gangs Spotted (..)

Data breaches

Data breaches Cybercrime Firewall Ransomware

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

The agencies recommend VPN solutions that implements protections against intrusions, such as the use of signed binaries or firmware images, a secure boot process that verifies boot code before it runs, and integrity validation of runtime processes and files.

VPN

VPN Government Firmware Authentication

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

The devices halted displaying the following error message: “System enters error-mode due to FIPS error: Firmware Integrity self-test failed” The failure of the integrity test blocks the reboot of the device to protect the integrity of the network. ” reads the report published by Mandiant.

Firewall

Firewall Manufacturing Government Firmware

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

Recently Check Point researchers warned of a surge in the DDoS attacks against education institutions and the academic industry across the world. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Education

Education Ransomware Antivirus Backups

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The operation reversibly modified the routers’ firewall rules to block remote management access to the devices. Upgrade to the latest firmware version. Implement strategic firewall rules on WAN-side interfaces to prevent the unwanted exposure of remote management services. Change any default usernames and passwords.

Energy and Utilities

Energy and Utilities Government Firewall Malware

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

The vendor released security updates for all these devices and urges customers to update their installs, it also released mitigations to address the flaws. “GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities.

Firmware

Firmware VPN Firewall Risk

SonicWall warns of an exploitable SonicOS vulnerability

Chinese national charged for hacking thousands of Sophos firewalls

Trending Sources

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Expert found a secret backdoor in Zyxel firewall and VPN

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

SonicWall addressed an improper access control issue in its firewalls

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Mirai botnet targets SSR devices, Juniper Networks warns

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Widespread exploitation by botnet operators of Zyxel firewall flaw

Zyxel fixed firewall unauthenticated remote command injection issue

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Aquabot variant v3 targets Mitel SIP phones

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

SonicWall warns that SonicOS bug exploited in attacks

DoS attack the caused disruption at US power utility exploited a known flaw

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

New Ttint IoT botnet exploits two zero-days in Tenda routers

Zyxel published guidance for protecting devices from ongoing attacks

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Zyxel addressed a critical RCE flaw in its NAS devices

Avtech camera vulnerability actively exploited in the wild, CISA warns

79 Netgear router models affected by a dangerous Zero-day

US and UK link new Cyclops Blink malware to Russian state hackers?

A critical flaw in industrial automation systems opens to remote hack

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Juniper Networks addressed many issues in its products

Dovecat crypto-miner is targeting QNAP NAS devices

Multiple DDoS botnets were observed targeting Zyxel devices

10 Behaviors That Will Reduce Your Risk Online

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

NSA, CISA release guidance on hardening remote access via VPN solutions

China-linked APT likely linked to Fortinet zero-day attacks

NCSC warns of a surge in ransomware attacks on education institutions

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

CISA is warning of vulnerabilities in GE Power Management Devices

Stay Connected