Firmware, Information and Internet - Cyber Security Informer

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware

Firmware IoT Manufacturing Cyber Risk

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware

Firmware Firewall Internet Internet

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

Let's drill into all that and then go deeper into custom firmware and soldering too. I can easily block a device from talking to the internet, throttle its connection, see which online services it's communicating with and access a whole host of other information about it. Why is this so hard?!

Firmware

Firmware IoT Wireless Manufacturing

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely.

Firmware

Firmware DNS Malware Technology

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Security Affairs

FEBRUARY 1, 2023

Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys concludes.

Internet

Internet Internet Firmware IoT

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast.

Firmware

Firmware Hacking Internet Internet

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors.

Malware

Malware IoT Firmware Internet

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. . “Organizations using VHD PTZ camera firmware < 6.3.40 CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware

Firmware Manufacturing Healthcare IoT

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox used BinaryEdge source data to find SonicWall firewalls with management interfaces exposed to the internet. The experts found that 76% (178,637 of 233,984) of the Internet-facing firewalls are vulnerable to one or both issues. ” concludes the report.

Firewall

Firewall Hacking Firmware Internet

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware

Firmware Passwords Internet Internet

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Today’s generation of kids and teens consider their devices and the Internet as extensions of their lives. So without further ado, let’s dive into what we should be teaching our kids about Internet safety and what we can do to enforce these teachings. 7 Internet safety tips. Update your child’s device’s firmware.

Internet

Internet Internet Passwords Password Management

SonicWall addressed an improper access control issue in its firewalls

Security Affairs

AUGUST 26, 2024

However SonicWall recommends youinstall the latest firmware. Users unable to address the issue should restrict firewall management access to trusted sources or disable WAN management access from the internet. .” Below are the impacted versions: Impacted Platforms Impacted Versions SOHO (Gen 5) 5.9.2.14-12o

Firewall

Firewall Firmware Malware Internet

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 The Akamai SIRT this week published an additional update after one of the affected vendors, QNAP, released advisory information and guidance. and earlier. and earlier (5.0.0 released June 21, 2014).

Firmware

Firmware Wireless DDOS IoT

Millions of Arris routers are vulnerable to path traversal attacks

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. ISP customer premise equipment (CPE) often uses this web server, and ISP subscribers will typically get these routers in loan for telephony and Internet access. Unfortunately the Arris firmware is based on the vulnerable version of muhttpd.

Firmware

Firmware Internet Internet Passwords

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” reported the SektorCERT.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

DIR-X4860 A1 firmware version 1.00, 1.04 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04. COVR-X1870 firmware version v1.02 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04 CVE-2024-45695 (9.8 The issue impacts: CVE-2024-45697 (9.8

Wireless

Wireless Firmware Manufacturing Hacking

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. The described setup allowed us to verify the information passing through, for example, during the over-the-air update process.

Firmware

Firmware Passwords Manufacturing Mobile

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Malwarebytes

MAY 8, 2023

On April 7, 2023 MSI (Micro-Star International) released a statement confirming a cyberattack on part of its information systems. The Money Message gang claimed to have stolen 1.5TB of data during the attack, including firmware, source code, and databases. Among them are household names like Lenovo and HP. Prevent intrusions.

Firmware

Firmware Ransomware Backups Malware

How Initial Program Load Enhances Cybersecurity in 2024

Hacker's King

OCTOBER 7, 2024

Modern-day attacks increasingly target the firmware and boot stages of computing systems, aiming to compromise devices long before the operating system is fully functional. Firmware Integrity Checks: Firmware sits between the hardware and software, making it an attractive target for attackers.

Firmware

Firmware Cybersecurity IoT Passwords

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. continues the report.

Firewall

Firewall Firmware Cyber Attacks VPN

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware

Firmware Malware Spyware Surveillance

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Your SOHO Router is a Juicy Target for Hackers

Security Boulevard

AUGUST 14, 2024

To backtrack a little , it's important to understand that a lot of threat actors target routers - which can include modems and gateways - alongside internet-of-things (IoT devices). Security vulnerabilities in router firmware is too large of a topic to cover in just a section of this post.

Firmware

Firmware Manufacturing Malware Passwords

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Hacker Combat

SEPTEMBER 22, 2022

More than 2,000 PDUs were directly exposed to the internet in 2021, and roughly a third of those were iBoot PDUs, according to a Censys research. The problems include server-side request forgery, path traversal, sensitive information disclosure, inappropriate access control, and faulty and erroneous authorisation (SSRF).

Firmware

Firmware Firewall Manufacturing Internet

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

JANUARY 22, 2024

ChargePoint, with its last firmware update, has disabled the HTTP server and updated the NTP client to address the issues. For more information, please email the InfoSec team at: infosec@chargepoint.com. Our focus remains on delivering a convenient, dependable, and safe EV charging experience for all drivers.”

IoT

IoT InfoSec Firmware Manufacturing

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware

Firmware Authentication Hacking Software

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Malwarebytes

AUGUST 23, 2022

The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. Given the amount of available information, it is trivial even for a “copy and paste criminal,” to make use of the unpatched cameras. The critical bug received a 9.8 The critical bug received a 9.8

Firmware

Firmware VPN Internet Internet

Avtech camera vulnerability actively exploited in the wild, CISA warns

Security Affairs

AUGUST 2, 2024

” The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. The US Agency advises users to reduce the risk of exploitation of the vulnerability CVE-2024-7029 by: Limiting network exposure of control system devices to prevent internet access.

Firmware

Firmware Firewall Risk Authentication

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. “Firmware Update 8.2B

Firmware

Firmware Manufacturing Passwords Penetration Testing

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. If every victim had paid the ransom, this attack would have netted the hackers about $4,484,700.”

Ransomware

Ransomware Firmware Internet Internet

NETGEAR fixes a severe bug in its routers. Patch it asap!

Security Affairs

DECEMBER 30, 2022

The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” RAX35 fixed in firmware version 1.0.2.60. Click Downloads.

Firmware

Firmware Wireless Authentication Hacking

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware

Malware Firmware Antivirus Manufacturing

Y2k + 20: risk, COVID and "the Internet issue"

Notice Bored

JANUARY 9, 2021

So, egged-on by information security pro's and IT auditors (me, for instance), management took the risk seriously and invested significant resources into solving "the Y2k issue". Hey, welcome to the life of every information risk and security professional! OK, apart from identifying, and evaluating, and treating information risks.".

Internet

Internet Internet Risk InfoSec

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

MyBook Users Urged to Unplug Devices from Internet

Trending Sources

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

MoonBounce: the dark side of UEFI firmware

Dynamic analysis of firmware components in IoT devices

Western Digital customers have to update their My Cloud devices to latest firmware version

QNAP urges users to update NAS firmware and app to prevent infections

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Using EM Waves to Detect Malware

PTZOptics cameras zero-days actively exploited in the wild

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Another 0-Day Looms for Many Western Digital Users

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

SonicWall addressed an improper access control issue in its firewalls

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Millions of Arris routers are vulnerable to path traversal attacks

Ubiquiti: Change Your Password, Enable 2FA

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

D-Link addressed three critical RCE in wireless router models

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

How Initial Program Load Enhances Cybersecurity in 2024

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

MoonBounce UEFI implant spotted in a targeted APT41 attack

Hikvision cameras could be remotely hacked due to critical flaw

Your SOHO Router is a Juicy Target for Hackers

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Avtech camera vulnerability actively exploited in the wild, CISA warns

Widespread exploitation by botnet operators of Zyxel firewall flaw

Experts found backdoors in a popular Auerswald VoIP appliance

Who and What is Behind the Malware Proxy Service SocksEscort?

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

NETGEAR fixes a severe bug in its routers. Patch it asap!

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Y2k + 20: risk, COVID and "the Internet issue"

Stay Connected