Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware 129

Firmware Wireless Passwords Internet 129

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware 118

Firmware Ransomware Passwords Mobile 118

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process. The executable resides in a UEFI firmware volume.

Firmware 98

Firmware Risk Software Passwords 98

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Firmware version 4.60

Firmware 126

Firmware Passwords Accountability VPN 126

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords 98

Passwords Advertising Firmware Authentication 98

Security Affairs

SEPTEMBER 6, 2021

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. GC108PP fixed in firmware version 1.0.8.2

Firmware 128

Firmware Authentication Passwords Hacking 128

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 111

Passwords Hacking Wireless Authentication 111

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

SEPTEMBER 18, 2021

In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root).” .” Coldwind explained.

Firmware 116

Firmware Engineering Passwords Hacking 116

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords 104

Passwords Manufacturing Advertising Firmware 104

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Equipped with this password we then could authenticate successfully.

Firmware 113

Firmware Manufacturing Passwords Penetration Testing 113

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable.

Firmware 143

Firmware Encryption Authentication Passwords 143

Security Affairs

SEPTEMBER 6, 2024

. * However SonicWall recommends youinstall the latest firmware. “SonicWall strongly advises that customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts immediately update their passwords to enhance security and prevent unauthorized access. ” concludes the advisory.

Firewall 127

Firewall Passwords Internet Internet 127

Security Affairs

SEPTEMBER 19, 2022

“It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. There are possibilities of data plagiarism, falsification, system destruction, and malicious program execution if this vulnerability was exploited by malicious attackers who can access to this private webpage (with passwords information).”

Wireless 102

Wireless Firmware Passwords Engineering 102

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance 145

Surveillance Manufacturing Passwords Internet 145

Security Affairs

DECEMBER 24, 2022

Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” A firmware fix has been released.

Firmware 98

Firmware Passwords Hacking Cybersecurity 98

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here.

Manufacturing 145

Manufacturing IoT Firmware VPN 145

Security Affairs

AUGUST 16, 2024

The “Showcase.apk” package, developed by Smith Micro, is part of the firmware image on millions of Android Pixel phones, potentially enhancing sales in Verizon stores. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices.

Hacking 143

Hacking Firmware Mobile Penetration Testing 143

Security Affairs

SEPTEMBER 19, 2022

Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ, which is a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models. present in the majority of NETGEAR firmware images in our corpus.”

Firmware 113

Firmware Passwords Technology Hacking 113

Security Affairs

APRIL 25, 2021

Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.” ” states the report published by Eye security. ” reads the description of the vulnerability.

Firmware 123

Firmware Passwords Authentication Wireless 123

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. No username or password needed nor any actions need to be initiated by the camera owner. ” wrote the expert.

Hacking 131

Hacking Firmware IoT Internet 131

Security Affairs

AUGUST 1, 2023

The information stored in a Canon printer depends on the specific model, however, almost any model stores the network SSID, the password, network type (WPA3, WEP, etc.), Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access. MAC address, and IP address.

Wireless 98

Wireless Passwords Firmware Authentication 98

Security Affairs

MAY 11, 2023

These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited.” “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 98

Firmware Authentication Passwords Hacking 98

Security Affairs

JANUARY 21, 2021

Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. The malware targets QNAP NAS devices exposed online that use weak passwords. ” reads the security advisory published by the vendor. Use stronger admin passwords.

Cryptocurrency 124

Cryptocurrency Firmware Malware Passwords 124

Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Keep your firmware and software updated.

Risk 345

Risk Password Management Passwords Accountability 345

Security Affairs

OCTOBER 26, 2021

The PMK is calculated from the following parameters: Passphrase– The WiFi password — hence, the part that we are really looking for. Hoorvitch used an attack technique devised by Jens “atom” Steube’s (Hashcat’s lead developer) to retrieve the PMKIDs that allowed him to derive the password. SSID – The name of the network.

Passwords 130

Passwords Small Business Firmware Manufacturing 130

Security Affairs

SEPTEMBER 3, 2021

The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts.

Ransomware 120

Ransomware Passwords Backups Firmware 120

Security Affairs

JANUARY 16, 2023

Milisic discovered pre-loaded malware into its firmware. The malicious code embedded in the firmware of the device acts like the Android CopyCat malware. Milisic was not able to test other devices from the same vendor or model to determine if their firmware was infected too. ” continues the expert.

Malware 98

Malware DNS Firmware Internet 98

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. “We chose the simplest approach, reading /etc/shadow and using hashcat cracking the root account password (which turned out to be root:root). ” reads an advisory published by Claroty.

Firmware 145

Firmware Authentication Passwords Manufacturing 145

Security Affairs

DECEMBER 13, 2021

Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. Pierluigi Paganini.

Wireless 115

Wireless Firmware Mobile Passwords 115

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence 128

Artificial Intelligence Firmware Data breaches Hacking 128

Security Affairs

APRIL 5, 2020

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. There are 7,584 apps with secret access keys, 501 apps that embed master passwords, and 6,013 apps with secret commands. Moreover, these security risks hold generally across all of our data sources.

Mobile 144

Mobile Passwords Advertising Firmware 144

Security Affairs

DECEMBER 24, 2022

Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” A firmware fix has been released.

Firmware 52

Firmware Passwords Hacking Cybersecurity 52

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. No username or password needed nor any actions need to be initiated by the camera owner. wrote the expert. “.

Hacking 124

Hacking Firmware Internet Internet 124

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. ” reads the security advisory.

Firmware 99

Firmware Passwords Advertising IoT 99

Security Affairs

APRIL 15, 2024

The website ruexfil.com provided detailed information about the attacks against Moscollector, the hackers also published screenshots of monitoring systems, servers, and databases they claim to have compromised. The site also hosts password dumps allegedly stolen from the Russian company. Access to 112 Emergency Service.

Malware 143

Malware Firmware IoT Hacking 143