Authentication, Blog, Firmware and Information Security

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware

Firmware Authentication Software Hacking

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94 The remaining ones are authentication bypass and command injection flaws. for the RAX30 router family. We are in the final!

Hacking

Hacking Firmware Authentication DNS

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.

Surveillance

Surveillance Manufacturing Passwords Internet

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

is affected by multiple vulnerabilities that can be exploited by an authenticated, remote attacker to execute code on an affected system or cause vulnerable devices to reload. The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. through 12.4 through 15.6

Malware

Malware Firmware Government Education

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom.

Data breaches

Data breaches Ransomware Firmware Manufacturing

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible.

Ransomware

Ransomware Antivirus Passwords Malware

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

Attackers replaced binaries on compromised EdgeRouters with trojanized OpenSSH server binaries allowing remote attackers to bypass authentication. Upgrade to the latest firmware version. Researchers observed the MooBot botnet targeting routers with default or weak credentials to deploy OpenSSH trojans. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Security Affairs

APRIL 2, 2021

Security researchers at SAM Seamless Network discovered a couple of critical unpatched flawsin QNAP small office/home office (SOHO) network-attached storage (NAS) devices that could allow remote attackers to execute arbitrary code on vulnerable devices. March 31, 2021 – Initial blog post published. ” continues the advisory.

Firmware

Firmware Internet Internet Authentication

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

eSecurity Planet

MAY 20, 2024

The problem: Researcher Patrick Peng discovered and wrote a blog post about a vulnerability in the llama_cpp_python dependency. doesn’t always require authentication for SSID during a Wi-Fi session. Note that some DIR-600 devices are end of life, so D-Link won’t release any firmware updates for these.

VPN

VPN Firmware Malware Software

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

In this blog, we’ll take a look at some of the re-used Mirai modules , their functionality, and the Uptycs EDR detection capabilities of Gafgyt. Keep systems and firmware updated with the latest releases and patches. The modules are: HTTP flooding UDP flooding TCP flooding STD module Telnet Bruteforce. Click to see larger version.).

Malware

Malware DDOS IoT Firmware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups. Pierluigi Paganini.

Passwords

Passwords Architecture Backups Cyber Attacks

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2). CVE-2021-33883 – Cleartext Transmission of Sensitive Information (CVSS 7.1). For a brief overview please see our summary blog here. Table of Contents.

Computers and Electronics

Computers and Electronics Authentication Software Risk

A Spectre proof-of-concept for a Spectre-proof web

Google Security

MARCH 12, 2021

Posted by Stephen Röttger and Artur Janc, Information Security Engineers Three years ago, Spectre changed the way we think about security boundaries on the web. Cross-Origin Embedder Policy (COEP) ensures that any authenticated resources requested by the application have explicitly opted in to being loaded.

Engineering

Engineering Architecture Software Firmware

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

In this blog, we’ll home in on Conti, the strain identified by some as the successor, cousin or relative of Ryuk ransomware , due to similarities in code use and distribution tactics. Install updates/patch operating systems, software, and firmware as soon as they are released. Use multi-factor authentication where possible.

Healthcare

Healthcare Ransomware Encryption Passwords

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

As Stuart Brand said back in 1984 “information wants to be free.” ” So should analyzing a device’s firmware for security flaws be considered illegal? Roberts: We've got some great so secure repairs I founded in 2019. Or should our right to repair our own devices extend into the digital world?

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

As Stuart Brand said back in 1984 “information wants to be free.” ” So should analyzing a device’s firmware for security flaws be considered illegal? Roberts: We've got some great so secure repairs I founded in 2019. Or should our right to repair our own devices extend into the digital world?

InfoSec

InfoSec Manufacturing Technology Software

Cyber Security Informer

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

D-Link fixes two critical flaws in D-View 8 network management suite

Webinars

Trending Sources

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Webinars

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

HID Mercury Access Controller flaws could allow to unlock Doors

Second-ever UEFI rootkit used in North Korea-themed attacks

3.5m IP cameras exposed, with US in the lead

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Money Message gang leaked private code signing keys from MSI data breach

BlackCat Ransomware gang breached over 60 orgs worldwide

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

Mirai code re-use in Gafgyt

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

A Spectre proof-of-concept for a Spectre-proof web

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected