2019, Firewall, Firmware and Hacking - Cyber Security Informer

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. percent from 2018.

Firmware

Firmware Hacking Software Surveillance

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019. Pyle said he started acquiring old EAS equipment off of eBay in 2019, and that he quickly identified a number of serious security vulnerabilities in a device that is broadly used by states and localities to encode and decode EAS alert signals.

Firmware

Firmware Manufacturing Passwords Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

” Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. The feature was implemented to enable connecting to collectors from the supervisor when there is a firewall between the collector and the supervisor. Dec 3, 2019: Automated reply from PSIRT that email was received. Pierluigi Paganini.

Authentication

Authentication Firmware Advertising Firewall

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. According to WatchGuard , Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances. SecurityAffairs – hacking, CISA). Pierluigi Paganini.

Malware

Malware Firmware Architecture Firewall

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. CVE-2019-7256 is actively being exploited by DDoS botnet operators. 06 and older. .

DDOS

DDOS Hacking Internet Internet

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. and 7 p.m., power grid ( Energywire , April 30). .

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Security Affairs

JANUARY 10, 2020

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings. Hundreds of millions of Broadcom-based cable modems are at risk of remote hijacking due to the presence of a vulnerability dubbed Cable Haunt, CVE-2019-19494.

Firmware

Firmware DNS Manufacturing Advertising

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The Zeppelin ransomware first appeared on the threat landscape in November 2019 when experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin. The group uses multiple attack vectors to gain access to victim networks, including RDP exploitation, SonicWall firewall vulnerabilities exploitation, and phishing attacks.

Ransomware

Ransomware Encryption Firmware Backups

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

The vulnerabilyt was tracked as CVE-2019-10955 and received a CVSS score of 7.1 Rockwell has released firmware updates that address the vulnerability for the affected controllers. Locate control system networks and devices behind firewalls and isolate them from the business network. SecurityAffairs – Rockwell, hacking).

Firmware

Firmware Social Engineering Advertising Malware

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system. Cashdollar (@_larry0) June 25, 2019. The only way to recover infected devices is to manually reinstall the device’s firmware. ” reported ZDnet.

IoT

IoT Malware Advertising Firmware

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

“The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet.” The malware leverages the firmware update process to achieve persistence. SecurityAffairs – hacking, Russia). To nominate, please visit:?

Malware

Malware Government Firmware Firewall

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The most severe vulnerability, tracked as CVE-2019-7670, is an OS command injection flaw. Another issue, tracked as CVE-2019-7669, is an improper validation of file extensions when uploading files that was rated as CVSS score of 9.1. Another critical issue, tracked as CVE-2019-7672, received a CVSS score of 8.8.

Backups

Backups Authentication Advertising Firmware

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Security Affairs

MARCH 29, 2019

It's been over 90 days since I reported it and @TPLINK never responded, so: arbitrary command execution on the TP-Link SR20 smart hub and router (and possibly other TP-Link device) — Matthew Garrett (@mjg59) March 28, 2019. While TDDP listens on all interfaces, the default firewall implemented in the routers prevents network access.

Advertising

Advertising Firmware Firewall Authentication

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

JULY 19, 2023

msg VT First Submission 2022-10-25 10:00:00 UTC UNC path 168.205.200.55test (reminder time set to 2019-02-17 19:00) Sent by: 168.205.200.55 For example, this router is typically used by ISPs on the customer side and its firmware provides a Command Line Interface (CLI) accessible directly through a WebUI.

Firmware

Firmware Internet Internet Government

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

In September 2016, source code of one of the most popular botnets named Mirai was leaked and uploaded to one of the hacking community forums, and later uploaded to GitHub with detailed information on the botnet, its infrastructure, configuration and how to build it. Install security and firmware upgrades from vendors, as soon as possible.

Malware

Malware IoT Authentication Antivirus

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests. Educational institutions are recommended to use anti-DDoS solutions and strong firewall settings, and partner up with ISPs. Share of smart attacks, Q3/Q4 2020 and Q4 2019 ( download ).

DDOS

DDOS Cryptocurrency Marketing Internet

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

In 2019 alone, attacks on IoT devices increased by 300%. It’s more than someone hacking into your smart light bulbs and turning on all the lights in your home. Staying current with firmware patches and updates is also key to enabling robust security. . With the increase in connected devices comes an increase in IoT attacks.

Internet

Internet Internet IoT Software

Cyber Security Informer

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

New Ttint IoT botnet exploits two zero-days in Tenda routers

Webinars

Trending Sources

Sounding the Alarm on Emergency Alert System Flaws

Webinars

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

US and UK link new Cyclops Blink malware to Russian state hackers?

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

DoS attack the caused disruption at US power utility exploited a known flaw

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Silex malware bricks thousands of IoT devices in a few hours

US dismantled the Russia-linked Cyclops Blink botnet

CISA warns of critical flaws in Prima FlexAir access control system

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

BotenaGo strikes again – malware source code uploaded to GitHub

DDoS attacks in Q4 2020

The Internet of Things Is Everywhere. Are You Secure?

Stay Connected