DNS, Firmware, Hacking and Internet - Cyber Security Informer

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

The researchers discovered eight vulnerabilities that impact thousands of internet-connected devices worldwide. The experts demonstrated multiple attack vectors, including the exploitation of flaws in internet-exposed services, cloud account takeover, and the exploitation of flaws in the cloud infrastructure. through 00.07.03.4

Hacking

Hacking Internet Internet Manufacturing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

“The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. All the affected models have a patched firmware available for download on the vendor’s website.” SecurityAffairs – hacking, DrayTek Vigor). ” continues the analysis.

Hacking

Hacking Internet Internet Passwords

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

JANUARY 16, 2023

Milisic discovered pre-loaded malware into its firmware. Milisic purchased the T95 Android TV box to run Pi-hole , which is a Linux network-level advertisement and Internet tracker blocking application. The malicious code embedded in the firmware of the device acts like the Android CopyCat malware. ” continues the expert.

Malware

Malware Firmware DNS Internet

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. For the specific DNS-based MITM attack used above, the attacker must race DNS queries from the Circle update daemon. SecurityAffairs – hacking, SOHO). R7900 – 1.0.4.38

DNS

DNS Firmware VPN Risk

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Malwarebytes

JUNE 30, 2022

The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. One set of C2 infrastructure controlled by this threat actor and used to interact with the Windows RATs was found to be hosted on internet services from China-based organizations. DNS hijacking.

DNS

DNS Malware Small Business Firmware

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites.

DNS

DNS Malware Firmware Phishing

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT

IoT Firmware DNS Advertising

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

“ Experts found hardcoded credentials in the firmware that are used to connect to a private broker through the Message Queuing Telemetry Transport (MQTT) protocol for exchanging messages with remote IoT boards and sensors. If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’

IoT

IoT Hacking DNS Authentication

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

“By infecting routers, they can perform man-in-the-middle (MITM) attacks—via HTTP hijacking and DNS spoofing—to compromise endpoints and deploy ransomware or cause safety incidents in OT facilities. Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords.

IoT

IoT DNS Manufacturing Firmware

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

A user reported that its D-Link DNS-320 device was infected by malicious code. The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware

Ransomware DNS Firmware Encryption

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control. SecurityAffairs – hacking, Pink botnet). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post Pink Botnet infected over 1.6

Architecture

Architecture DDOS Advertising Firmware

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Another type of service sold on the dark web is IoT hacking. DNS changer Malicious actors may use IoT devices to target users who connect to them.

IoT

IoT DDOS Passwords Malware

Community Showcase: Raspberry Pi Zero W P4wnP1 A.L.O.A.

Kali Linux

OCTOBER 12, 2022

A L ittle O ffensive A pplication)” It takes the standard Kali Linux image and adds custom software and some extra firmware designed for the Raspberry Pi Zero W to turn it into a Swiss Army knife of attacks and exfiltration. Lastly, to save our trigger, we click the Update button: Happy hacking! Happy hacking (again)!

Wireless

Wireless Passwords DNS Internet

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests.

DDOS

DDOS Cryptocurrency Marketing Internet

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Government Surveillance Spyware

Cyber Security Informer

Some Zyxel devices can be hacked via DNS requests

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Webinars

Trending Sources

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Webinars

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

T95 Android TV Box sold on Amazon hides sophisticated malware

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

New Ttint IoT botnet exploits two zero-days in Tenda routers

IoT Unravelled Part 3: Security

Hacking the Twinkly IoT Christmas lights

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

For nearly a year, Brazilian users have been targeted with router attacks

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Overview of IoT threats in 2023

Community Showcase: Raspberry Pi Zero W P4wnP1 A.L.O.A.

DDoS attacks in Q4 2020

APT trends report Q3 2021

Stay Connected