Firmware, Information and Internet - Cyber Security Informer

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

Let's drill into all that and then go deeper into custom firmware and soldering too. I can easily block a device from talking to the internet, throttle its connection, see which online services it's communicating with and access a whole host of other information about it. Why is this so hard?!

Firmware

Firmware IoT Wireless Manufacturing

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware

Firmware Passwords Internet Internet

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors.

Malware

Malware IoT Firmware Internet

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely.

Firmware

Firmware DNS Malware Technology

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware

Firmware Firewall Internet Internet

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware

Firmware IoT Manufacturing Cyber Risk

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Today’s generation of kids and teens consider their devices and the Internet as extensions of their lives. So without further ado, let’s dive into what we should be teaching our kids about Internet safety and what we can do to enforce these teachings. 7 Internet safety tips. Update your child’s device’s firmware.

Internet

Internet Internet Passwords Password Management

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox used BinaryEdge source data to find SonicWall firewalls with management interfaces exposed to the internet. The experts found that 76% (178,637 of 233,984) of the Internet-facing firewalls are vulnerable to one or both issues. ” concludes the report.

Firewall

Firewall Hacking Firmware Internet

Millions of Arris routers are vulnerable to path traversal attacks

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. ISP customer premise equipment (CPE) often uses this web server, and ISP subscribers will typically get these routers in loan for telephony and Internet access. Unfortunately the Arris firmware is based on the vulnerable version of muhttpd.

Firmware

Firmware Internet Internet Passwords

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

It’s not a mystery, a printer left exposed online without proper security could open the doors to hackers, now researchers from Shadowserver Foundation have discovered tens of thousands of printers that are exposed online that are leaking information. and printers (or print servers). ” continues the report.

Internet

Internet Internet Firmware Advertising

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. . “Organizations using VHD PTZ camera firmware < 6.3.40 CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware

Firmware Manufacturing Healthcare IoT

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware

Firmware Malware Spyware Surveillance

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Security Affairs

FEBRUARY 1, 2023

Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys concludes.

Internet

Internet Internet Firmware IoT

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware

Firmware Authentication Hacking Software

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware

Firmware Surveillance Marketing VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. continues the report.

Firewall

Firewall Firmware Cyber Attacks VPN

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 The Akamai SIRT this week published an additional update after one of the affected vendors, QNAP, released advisory information and guidance. and earlier. and earlier (5.0.0 released June 21, 2014).

Firmware

Firmware Wireless DDOS IoT

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” reported the SektorCERT.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Spectre and Meltdown Attacks Against Microprocessors

Schneier on Security

JANUARY 5, 2018

Information about these flaws has been secretly circulating amongst the major IT companies for months as they researched the ramifications and coordinated updates. The second is that some of the patches require updating the computer's firmware. It also requires more coordination.

Firmware

Firmware Software Engineering Phishing

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

“Claroty has privately disclosed details to Real Time Automation (RTA), informing the vendor of a critical vulnerability in its proprietary 499ES EtherNet/IP (ENIP) stack. Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware.

Hacking

Hacking Firmware Internet Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability VPN

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. “Firmware Update 8.2B

Firmware

Firmware Manufacturing Passwords Penetration Testing

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Hacker Combat

SEPTEMBER 22, 2022

More than 2,000 PDUs were directly exposed to the internet in 2021, and roughly a third of those were iBoot PDUs, according to a Censys research. The problems include server-side request forgery, path traversal, sensitive information disclosure, inappropriate access control, and faulty and erroneous authorisation (SSRF).

Firmware

Firmware Firewall Manufacturing Internet

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Security Affairs

SEPTEMBER 18, 2021

NETGEAR urge its customers using the following products to download the latest firmware: GC108P fixed in firmware version 1.0.8.2 GC108PP fixed in firmware version 1.0.8.2 GS108Tv3 fixed in firmware version 7.0.7.2 GS110TPP fixed in firmware version 7.0.7.2 GS110TPv3 fixed in firmware version 7.0.7.2

Firmware

Firmware Engineering Passwords Hacking

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.” “Based on this information, we did a quick investigation to see how popular the system is.

Firmware

Firmware Passwords Authentication Wireless

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers.

Firmware

Firmware Internet Internet Advertising

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. Keep your firmware and software updated. don’t install software from random places on the internet. So, I decided to update the advice myself.

Risk

Risk Password Management Passwords Accountability

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. that were created from different Internet addresses in Vienna, Austria.

Scams

Scams DDOS Cryptocurrency Accountability

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

The flaws affect QNAP NAS firmware versions prior to August 2020. Threat actors customized the program by hiding the mining process and the real CPU memory resource usage information to hide the malicious activity to QNAP owners that could check their system usage via the WEB management interface. and Quick.tar.gz. unity_install.sh

Cryptocurrency

Cryptocurrency Firmware Malware Threat Detection

MyBook Users Urged to Unplug Devices from Internet

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Trending Sources

Another 0-Day Looms for Many Western Digital Users

Using EM Waves to Detect Malware

QNAP urges users to update NAS firmware and app to prevent infections

Ubiquiti: Change Your Password, Enable 2FA

Western Digital customers have to update their My Cloud devices to latest firmware version

MoonBounce: the dark side of UEFI firmware

Dynamic analysis of firmware components in IoT devices

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

IoT Unravelled Part 3: Security

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Millions of Arris routers are vulnerable to path traversal attacks

A daily average of 80,000 printers exposed online via IPP

PTZOptics cameras zero-days actively exploited in the wild

MoonBounce UEFI implant spotted in a targeted APT41 attack

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Hikvision cameras could be remotely hacked due to critical flaw

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Patch now! Insecure Hikvision security cameras can be taken over remotely

Expert found a secret backdoor in Zyxel firewall and VPN

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Spectre and Meltdown Attacks Against Microprocessors

A critical flaw in industrial automation systems opens to remote hack

Who and What is Behind the Malware Proxy Service SocksEscort?

BotenaGo botnet targets millions of IoT devices using 33 exploits

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Experts found backdoors in a popular Auerswald VoIP appliance

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Expert discloses details and PoC code for Netgear Seventh Inferno bug

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

79 Netgear router models affected by a dangerous Zero-day

10 Behaviors That Will Reduce Your Risk Online

Interview With a Crypto Scam Investment Spammer

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Stay Connected