Blog, Firmware and Information Security

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Encryption Ransomware Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. and having IPsec enabled.

Firmware

Firmware Education Media Hacking

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

“Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user assumes all risk and liability for use thereof.

Firmware

Firmware Authentication Software Hacking

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. To nominate, please visit:? Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

“The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” Owners of impacted devices have to upgrade them with the latest firmware release as soon as possible. They ask to keep the information confidential until the patch has been released.

Firmware

Firmware Passwords Hacking Cybersecurity

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The vulnerabilities affecting the Lenovo UEFI result from the use of two UEFI firmware drivers, named SecureBackDoor and SecureBackDoorPeim respectively. ” reads the advisory published by Lenovo.

Firmware

Firmware Manufacturing Hacking Cybersecurity

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. ” reads the advisory.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

“NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94 These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited.”

Hacking

Hacking Firmware Authentication DNS

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” After QNAP forced the firmware security update, the number of infections dropped to less than 300 in March. It was looking like this problem was behind us.”

Ransomware

Ransomware Firmware Internet Internet

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 If possible, enable automatic firmware updates. Commands are executed as the nobody user.” ” reads the report published by Rapid7. through ZLD V5.21

Firewall

Firewall Firmware VPN Wireless

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event.

DDOS

DDOS Engineering Firmware Architecture

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

“The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” Owners of impacted devices have to upgrade them with the latest firmware release as soon as possible. They ask to keep the information confidential until the patch has been released.

Firmware

Firmware Passwords Hacking Cybersecurity

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Spyware

Spyware Firmware Ransomware Scams

Synology and QNAP warn of critical Netatalk flaws in some of their products

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology products affected by the flaw are: Product Severity Fixed Release Availability DSM 7.1 Critical Upgrade to 7.1-42661-1 42661-1 or above. Critical Ongoing DSM 6.2 Critical Ongoing SRM 1.2 Critical Ongoing. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Firmware

Firmware Hacking Cybersecurity Internet

Kali Linux 2024.1 Release (Micro Mirror)

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. For anyone interested in Internet infrastructure, we encourage you to read it, that’s a well-written blog post right there, waiting for you. Automate it!

Software

Software Firmware VPN Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Most analyzed brands (96.44% of the discovered cameras) force users to set passwords or generate unique default passwords on the newest models and firmware versions. Sometimes, they don’t even mention it in the initial setup process, with the recommendation being on a blog post instead.

Surveillance

Surveillance Manufacturing Passwords Internet

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

Below is the list of vulnerable products and related patches: AFFECTED MODEL AFFECTED FIRMWARE VERSION PATCH AVAILABILITY USG FLEX 100(W), 200, 500, 700 ZLD V5.00 If possible, enable automatic firmware updates. “The affected models are vulnerable to unauthenticated and remote command injection via the administrative HTTP interface.

Firewall

Firewall VPN Firmware Internet

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

Below the list of patches that could be installed to prevent Chinese hackers and other threat actors from exploiting them: Vulnerability Patch Information CVE-2020-5902 F5 Security Advisory: K52145254: TMUI RCE vulnerability CVE-2020-5902 CVE-2019-19781 Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 11.1

Government

Government VPN Firmware Energy and Utilities

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs

APRIL 24, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Cyber Insurance

Cyber Insurance Spyware Firmware Insurance

Experts explained how to hack a building controller widely adopted in Russia

Security Affairs

MARCH 24, 2022

The expert found the default credentials (default credentials are admin:secret ) in manuals firmware and software for its building controller models. The expert published a blog post that describes a step by step procedure to achieve remote code execution with root privileges. ” wrote the expert.

Hacking

Hacking Firmware Internet Internet

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. It includes discovery of other devices on the network by querying the Address Resolution Protocol (ARP) table to obtain MAC addresses. ” continues the report.

Malware

Malware Firmware Government Education

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. Ransomware operators are also offering for sale the QNAP the master decryption key for 50 BTC which could allow all the victims of this ransomware family to decrypt their files.

Ransomware

Ransomware Internet Internet Firmware

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Security Affairs

MAY 28, 2021

The flaw impacts SIMATIC S7-1200 and S7-1500 CPUs, the vendor has already released firmware updates for the impacted systems. Claroty’s blog post describes the PLC sandbox and the role CVE-2020-15782 could play in an attack. Siemens also provided workarounds for those products for which the vendor has yet to address the flaw.

Hacking

Hacking Firmware Cybersecurity Engineering

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

The malware leverages the firmware update process to achieve persistence. Cyclops Blink is sophisticated malware with a modular structure. It supports functionality to add new modules at run-time allowing Sandworm operators to implement additional capability as required. To nominate, please visit:? Pierluigi Paganini.

Firmware

Firmware Malware Cybersecurity Hacking

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. hard drive, storage device, the cloud). Pierluigi Paganini.

Ransomware

Ransomware Antivirus Passwords Malware

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. Now the ransomware gang has leaked the company’s private code signing keys on their darkweb leaksite. Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem.

Data breaches

Data breaches Ransomware Firmware Manufacturing

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates.

Mobile

Mobile Hacking Firmware Surveillance

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches Cybercrime Ransomware Passwords

Critical fixed critical flaws in Cisco Small Business Switches

Security Affairs

MAY 18, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Small Business

Small Business Firmware Hacking Cybersecurity

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

Per a Microsoft blog post[3] published in March 2023, CVE-2023-23397 is a critical elevation of privilege vulnerability in Microsoft Outlook on Windows wherein Net-NTLMv2 hashes are leaked to actor-controlled infrastructure [T1119, T1020].” Upgrade to the latest firmware version. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Security Affairs

APRIL 2, 2021

Security researchers at SAM Seamless Network discovered a couple of critical unpatched flawsin QNAP small office/home office (SOHO) network-attached storage (NAS) devices that could allow remote attackers to execute arbitrary code on vulnerable devices. March 31, 2021 – Initial blog post published. Pierluigi Paganini.

Firmware

Firmware Internet Internet Authentication

Topic-specific example 11/11: secure development

Notice Bored

OCTOBER 22, 2021

Most if not all developments involve information (requirements/objectives, specifications, plans, status/progress reports etc.) and potentially substantial information risks. so the policy could cover those aspects, ballooning in scope from what was presumably intended when the standard was drafted. The end is nigh!

Risk

Risk Firmware Software Information Security

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

The malware leverages the firmware update process to achieve persistence. Cyclops Blink is sophisticated malware with a modular structure. It supports functionality to add new modules at run-time allowing Sandworm operators to implement additional capability as required. ” reads the DoJ. To nominate, please visit:? Pierluigi Paganini.

Malware

Malware Government Firmware Firewall

Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)

Kali Linux

DECEMBER 4, 2023

Much more could be written on the topic, and we plan a longer blog post dedicated to it. If you want our blog posts, and only that, in your inbox, sign up! This is where anyone can ask questions to us about Kali or the information security industry as a whole. We have a RSS feeds and newsletter of our blog to help you.

Architecture

Architecture Passwords Firmware Software

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups. Limit ICS/SCADA systems’ network connections to only specifically allowed management and engineering workstations. Pierluigi Paganini.

Passwords

Passwords Architecture Backups Cyber Attacks

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. CVE-2022-3038 , a sandbox escape in Chrome fixed in August 2022, in version 105 and found by Sergei Glazunov in June 2022.

Spyware

Spyware Surveillance Firmware Internet

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Webinars

Trending Sources

QNAP urges users to update NAS firmware and app to prevent infections

Webinars

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

HP would take up to 90 days to fix a critical bug in some business-grade printers

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

MSI confirms security breach after Money Message ransomware attack

D-Link fixes two critical flaws in D-View 8 network management suite

Experts show how to run malware on chips of a turned-off iPhone

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Second-ever UEFI rootkit used in North Korea-themed attacks

ESET warns of three flaws that affect over 100 Lenovo notebook models

HID Mercury Access Controller flaws could allow to unlock Doors

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Zyxel fixed firewall unauthenticated remote command injection issue

A new Mirai botnet variant targets TP-Link Archer A21

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs newsletter Round 368 by Pierluigi Paganini

Synology and QNAP warn of critical Netatalk flaws in some of their products

Kali Linux 2024.1 Release (Micro Mirror)

3.5m IP cameras exposed, with US in the lead

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs newsletter Round 362 by Pierluigi Paganini

Experts explained how to hack a building controller widely adopted in Russia

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

BlackCat Ransomware gang breached over 60 orgs worldwide

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Money Message gang leaked private code signing keys from MSI data breach

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Critical fixed critical flaws in Cisco Small Business Switches

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Topic-specific example 11/11: secure development

US dismantled the Russia-linked Cyclops Blink botnet

Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Stay Connected