Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. The web form for uploading a new firmware exists in SoftwareUpgradeRpm.htm.”

Firmware 98

Firmware Encryption Government Malware 98

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware 106

Firmware Engineering Ransomware Malware 106

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware 145

Firmware Ransomware Encryption Advertising 145

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Fuxnet (stuxnet on steroids) was deployed earlier to slowly and physically destroy sensory equipment (by NAND/SSD exhaustion and introducing bad CRC into the firmware). YouTube Video 1 , YouTube Video 2 ).

Malware 144

Malware Firmware IoT Hacking 144

Security Affairs

OCTOBER 4, 2022

North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell firmware driver dbutil_2_3.sys, sys, ESET researchers warn. Pierluigi Paganini.

Firmware 98

Firmware Malware Phishing Hacking 98

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year.

Malware 137

Malware Firmware VPN Backups 137

Security Affairs

JANUARY 16, 2023

Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. ” the expert wrote on Reddit.

Malware 98

Malware DNS Firmware Internet 98

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 208

Malware VPN Internet Internet 208

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. appeared first on Security Affairs.

Malware 114

Malware Firmware Architecture Firewall 114

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. ” reads the security advisory. reads the advisory.

Firmware 103

Firmware Mobile Hacking Information Security 103

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware 145

Malware Firmware Manufacturing Advertising 145

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. Chalubo (ChaCha-Lua-bot) is a Linux malware that was first spotted in late August 2018 by Sophos Labs while targeting IoT devices.

Malware 127

Malware Internet Internet Firmware 127

Security Affairs

DECEMBER 31, 2021

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions.

Malware 145

Malware Firmware Manufacturing Media 145

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. To nominate, please visit:? Pierluigi Paganini.

Malware 98

Malware Wireless Firmware Mobile 98

Security Affairs

AUGUST 26, 2024

However SonicWall recommends youinstall the latest firmware. In March 2023, Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540, deployed custom malware on a SonicWall SMA appliance. .” Below are the impacted versions: Impacted Platforms Impacted Versions SOHO (Gen 5) 5.9.2.14-12o

Firewall 127

Firewall Firmware Malware Internet 127

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware 142

Malware Firmware Advertising Manufacturing 142

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The team of experts presented their technique at the Annual Computer Security Applications Conference ( ACSAC ) that took place in December. ” reads a research paper published by the experts.

IoT 143

IoT Malware Internet Internet 143

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile 142

Mobile Malware Firmware Manufacturing 142

Security Affairs

NOVEMBER 9, 2024

As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. CVE-2024-8357 : Lack of root of trust in App SoC, risking persistent attacker control by bypassing boot security checks. ” concludes the report.

Hacking 131

Hacking Firmware Software Manufacturing 131

Security Affairs

NOVEMBER 2, 2024

The threat actors exploited vulnerabilities in networking devices used by businesses to gain a foothold by installing custom malware. Sophos researchers speculate the attack was part of an intelligence-gathering campaign aimed at developing malware for network devices. ” concludes the report.

Firmware 123

Firmware Government Firewall Malware 123

Security Affairs

JUNE 25, 2024

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware 126

Firmware Hacking Cybercrime Information Security 126

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT 141

IoT Firmware Malware Wireless 141

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant.

Firmware 145

Firmware Malware Spyware Surveillance 145

Security Affairs

OCTOBER 6, 2024

Baseband firmware can be affected by vulnerabilities, making it a significant attack vector. Zero-day brokers and commercial spyware vendors can exploit these vulnerabilities to target mobile users and deploy malware like Predator. ” reads Google’s announcement. Exploiting baseband bugs can lead to remote code execution.

Firmware 134

Firmware Mobile Spyware Software 134

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware 140

Firmware Advertising Manufacturing Malware 140

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 145

Firmware Architecture Malware Hacking 145

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. ” concludes the report.

Firmware 145

Firmware Spyware Surveillance Hacking 145

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware 121

Firmware Malware Hacking Manufacturing 121

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. “Dragos only tested the DirectLogic-targeting malware.

Passwords 131

Passwords Software Firmware Malware 131

Security Affairs

MARCH 8, 2021

Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. The flaws affect QNAP NAS firmware versions prior to August 2020. The malware involved in the campaign was dubbed UnityMiner by 360 Netlab experts.

Cryptocurrency 141

Cryptocurrency Firmware Malware Threat Detection 141

Security Affairs

AUGUST 29, 2024

The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. The cyber security expert Larry Cashdollar of Akamai Technologies reported the vulnerability to CISA. “ Similar to many other botnets , this one is also spreading a variant of Mirai malware to its targets.”

Firmware 127

Firmware Malware Security Intelligence Authentication 127

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence 130

Artificial Intelligence Firmware Data breaches Hacking 130

Security Affairs

DECEMBER 30, 2022

The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. “NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability” reads the advisory published by the company. Click Downloads.

Firmware 98

Firmware Wireless Authentication Hacking 98

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems. “Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60

Firewall 98

Firewall Firmware VPN DDOS 98

Security Affairs

DECEMBER 8, 2021

The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. ” reads the analysis published by Fortinet.

Firmware 144

Firmware DDOS Malware IoT 144

Security Affairs

JULY 29, 2020

Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware. According to researchers from the firmware security firm Eclypsium, which discovered the issue, the BootHole flaw affects any operating system that uses GRUB2 with Secure Boot. .

Malware 126

Malware Advertising Firmware Healthcare 126

Security Affairs

MARCH 1, 2023

ESET discovered a stealthy Unified Extensible Firmware Interface (UEFI) bootkit dubbed BlackLotus that is able to bypass the Secure Boot on Windows 11. Researchers from ESET discovered a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11.

Firmware 98

Firmware Malware Hacking Security Defenses 98