Security Affairs

JANUARY 15, 2024

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. The vulnerability was reported to the vendor in August 2023 and was addressed by the vendor in November 2023.

Firmware 115

Firmware IoT Hacking Information Security 115

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall 129

Firewall Hacking Firmware Internet 129

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy.

Firewall 85

Firewall VPN Firmware Manufacturing 85

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. The details of the remaining CVEs will be shared in our December 2023 public bulletin.”

Firmware 101

Firmware Surveillance Authentication Manufacturing 101

Security Affairs

FEBRUARY 7, 2024

The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances. The vulnerability CVE-2023-40547 is an RCE in http boot support that can lead to Secure Boot bypass “A remote code execution vulnerability was found in Shim. .”

Firmware 116

Firmware Hacking Information Security 116

Security Affairs

SEPTEMBER 6, 2023

The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_iperf3_svr.cgi API has a format string vulnerability. This function does not properly verify the input format string.

Firmware 130

Firmware Hacking Internet Internet 130

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The experts reported the two vulnerabilities to the respective vendors, but they plan to release the fixes in December 2023. and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware 115

Firmware Wireless DDOS IoT 115

SecureWorld News

JUNE 13, 2023

Critical Start today released its biannual Cyber Intelligence Report, featuring the top threats observed in the first half of 2023 and emerging cybersecurity trends impacting the healthcare, financial services, and state and local government industries. After a brief hiatus, Emotet threat actors resumed their operations in early March 2023.

Cyber threats 74

Cyber threats Malware Phishing Penetration Testing 74

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 The vendor has released temporary firmware mitigation for customers currently running FutureSmart 5.6

Firmware 89

Firmware Education Media Hacking 89

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 84

Firmware VPN Wireless Passwords 84

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Threat actors are actively attempting to exploit the command injection vulnerability CVE-2023-28771 impacting Zyxel firewalls. Patch 1 ZLD V5.36

Firmware 85

Firmware VPN Firewall Hacking 85

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process. The executable resides in a UEFI firmware volume.

Firmware 92

Firmware Risk Software Passwords 92

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. through 4.73, VPN series firmware versions 4.60

Firewall 92

Firewall Firmware VPN DDOS 92

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS 96

DDOS Firmware VPN Firewall 96

Security Affairs

MAY 11, 2023

An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks.” for the RAX30 router family.

Hacking 96

Hacking Firmware Authentication DNS 96

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11), 0)b31 or older.

Firmware 76

Firmware Hacking Cybercrime Information Security 76

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence 102

Artificial Intelligence Firmware Data breaches Hacking 102

Security Affairs

MAY 4, 2023

Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting SPA112 2-Port phone adapters. “An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. The company product has reached end-of-life (EoL).

Firmware 86

Firmware Education Media Authentication 86

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Lenovo released updates to address the vulnerabilities impacting the ThinkPad X13s BIOS.

Firmware 87

Firmware Manufacturing Software Hacking 87

Security Affairs

FEBRUARY 6, 2024

“The Ministry of Defence (MOD) of the Netherlands was impacted in 2023 by an intrusion into one of its networks. The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” The effects were limited because of prior network segmentation” reads the report.

Malware 109

Malware Firmware VPN Backups 109

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 89

Firmware Authentication Passwords Hacking 89

Security Affairs

MAY 25, 2023

The first vulnerability, tracked as CVE-2023-32165 , is a D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution flaw. “Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. ” We are in the final!

Firmware 94

Firmware Authentication Software Hacking 94

Security Affairs

MARCH 29, 2023

Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. The vulnerability was discovered by security firm Synacktiv, it is a sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit.

Firmware 96

Firmware Hacking Internet Internet 96

Security Affairs

JUNE 28, 2023

The experts focused on achieving code execution on a commercially available drone, supporting significant security features (i.e. the use of signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot), using non-invasive techniques. ” added the company.

Firmware 93

Firmware Encryption Hacking Information Security 93

Security Affairs

AUGUST 13, 2023

The researchers presented their findings at the DEFCON security conference today. The nine vulnerabilities have received CVE between CVE-2023-3259 through CVE-2023-3267. Below is the list of flaws discovered by the researchers: CyberPower PowerPanel Enterprise: CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7)

Hacking 87

Hacking Firmware Authentication Software 87

Security Affairs

JULY 14, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and trigger a denial-of-service condition. ” reads the advisory published by CISA.

Firmware 82

Firmware CISO Hacking Government 82

Security Affairs

JULY 10, 2023

A Proof-of-Concept (PoC) exploit for the CVE-2023-31998 vulnerability in the Ubiquiti EdgeRouter has been publicly released. The CVE-2023-31998 flaw (CVSS v3 5.9) 6 and earlier and AirCube firmware version 2.8.8 The flaw resides in the miniupnpd service and can be exploited by a LAN attacker. and earlier.

Firmware 68

Firmware Software Hacking Information Security 68

Security Affairs

APRIL 15, 2024

Below is the timeline of the attack published on ruexfil.com: Initial access June 2023. Fuxnet (stuxnet on steroids) was deployed earlier to slowly and physically destroy sensory equipment (by NAND/SSD exhaustion and introducing bad CRC into the firmware). Access to 112 Emergency Service. YouTube Video 1 , YouTube Video 2 ).

Malware 125

Malware Firmware IoT Hacking 125

Security Affairs

MAY 18, 2023

A brief description of each of the flaws is as follows – CVE-2023-20159 (CVSS score: 9.8): Small Business Series Switches Stack Buffer Overflow Vulnerability CVE-2023-20160 (CVSS score: 9.8): Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability CVE-2023-20161 (CVSS score: 9.8): Small Business Series Switches Unauthenticated (..)

Small Business 87

Small Business Firmware Hacking Cybersecurity 87

Security Affairs

MARCH 3, 2023

In some cases, the attacker can also overwrite protected data in the TPM firmware. ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. .” ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. This may lead to a crash or arbitrary code execution within the TPM.”

Firmware 98

Firmware IoT Authentication Hacking 98

Security Affairs

MARCH 2, 2023

Cisco addressed a critical vulnerability, tracked as CVE-2023-20078, impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. Cisco released security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The flaw, tracked as CVE-2023-20078 (rated 9.8

Firmware 82

Firmware Hacking Software Information Security 82

Security Affairs

JULY 14, 2023

Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 ” explained Matrosov.

Firmware 97

Firmware Malware CISO Hacking 97

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches 82

Data breaches Cybercrime Firewall Artificial Intelligence 82

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. APT28 was also observed exploiting the critical privilege escalation vulnerability CVE-2023-23397 (CVSS score: 9.8)

Energy and Utilities 98

Energy and Utilities Government Firewall Malware 98

Security Affairs

APRIL 7, 2023

The group published a series of screenshots of the company’s CTMS and ERP databases The Money Message group threatens to publish the stolen files by Wednesday, April 12, 2023, if the company will not pay the ransom. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems.

Ransomware 87

Ransomware Firmware Hacking Manufacturing 87

Security Affairs

APRIL 25, 2023

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451 ) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8)

DDOS 91

DDOS Engineering Firmware Architecture 91

Security Affairs

MAY 8, 2023

The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom. The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. Previously we already described the BG pkeys leak impact.

Data breaches 81

Data breaches Ransomware Firmware Manufacturing 81