Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 112

VPN Firewall Firmware Authentication 112

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 84

Firewall VPN Firmware Internet 84

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. SecurityAffairs – hacking, Zyxel).

Firewall 88

Firewall VPN Firmware Authentication 88

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. SecurityAffairs – hacking, Zyxel).

Firewall 72

Firewall Firmware VPN Wireless 72

Security Affairs

JUNE 13, 2023

“For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. through 6.2.13

Firewall 85

Firewall VPN Firmware Manufacturing 85

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. Commands are executed as the nobody user.”

Firewall 74

Firewall VPN Firmware Internet 74

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. in its firewall devices.

Firmware 90

Firmware Firewall Authentication VPN 90

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. in its firewall devices. Patch 1 ZLD V5.36

Firmware 85

Firmware VPN Firewall Hacking 85

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking 127

Hacking Firmware Internet Internet 127

Security Affairs

MAY 16, 2023

. “Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.”

Hacking 93

Hacking Internet Internet Manufacturing 93

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. SecurityAffairs – Zyxel, hacking). ” reads the advisory. Pierluigi Paganini.

DNS 77

DNS Hacking Firmware Wireless 77

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. SecurityAffairs – hacking, Zyxel). The CVE-2022-34747 (CVSS score: 9.8) 11)C0 and earlier V5.21(AAZF.12)C0

Firewall 84

Firewall Firmware Authentication VPN 84

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

DDOS 96

DDOS Firmware VPN Firewall 96

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches 82

Data breaches Cybercrime Firewall Artificial Intelligence 82

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware 112

Firmware Passwords Accountability VPN 112

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The “P2P Cloud” feature bypasses firewalls and effectively allows remote connections into private networks.

Surveillance 83

Surveillance Hacking Firmware Manufacturing 83

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 358

IoT Firmware Risk Manufacturing 358

Security Affairs

JANUARY 8, 2022

SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. x firmware in MySonicWall downloads section for TZ, NSA and SOHO platforms. Junk Store 7.6.9

Firewall 97

Firewall Engineering Firmware Malware 97

Security Affairs

FEBRUARY 23, 2022

According to WatchGuard , Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” Pierluigi Paganini.

Malware 92

Malware Firmware Architecture Firewall 92

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT 139

IoT Firmware DNS Advertising 139

Security Affairs

SEPTEMBER 9, 2019

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. and 7 p.m., power grid ( Energywire , April 30). .

Energy and Utilities 83

Energy and Utilities Firewall Firmware Advertising 83

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The operation reversibly modified the routers’ firewall rules to block remote management access to the devices.

Energy and Utilities 98

Energy and Utilities Government Firewall Malware 98

Security Affairs

MARCH 17, 2023

The devices halted displaying the following error message: “System enters error-mode due to FIPS error: Firmware Integrity self-test failed” The failure of the integrity test blocks the reboot of the device to protect the integrity of the network. ” reads the report published by Mandiant. ” concludes Mandiant.

Firewall 84

Firewall Manufacturing Government Firmware 84

Security Affairs

JANUARY 21, 2021

“In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.” Install a firewall. SecurityAffairs – hacking, QNAP). . “If such processes are running on recent FW (4.4.x),

Cryptocurrency 115

Cryptocurrency Firmware Malware Passwords 115

Security Affairs

FEBRUARY 3, 2020

“ SonicWall Capture Labs Threat Research team observe huge hits on our firewalls that attempt to exploit the command injection vulnerability with the below HTTP request.” This unauthenticated remote command injection vulnerability affects Linear eMerge E3 access control systems running firmware versions 1.00-06

DDOS 78

DDOS Hacking Internet Internet 78

Security Affairs

JUNE 23, 2021

“A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. SecurityAffairs – hacking, ransomware). This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v

VPN 86

VPN Firewall Firmware Authentication 86

Security Affairs

JANUARY 20, 2020

. “A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” SecurityAffairs – FortiSIEM, hacking).

Authentication 145

Authentication Firmware Advertising Firewall 145

Security Affairs

JANUARY 10, 2020

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number.”

Firmware 65

Firmware DNS Manufacturing Advertising 65

Security Affairs

JULY 10, 2020

Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. SecurityAffairs – hacking, Juniper).

Firmware 84

Firmware Advertising Firewall Internet 84

Security Affairs

JUNE 23, 2020

. “Obviously, these counts only represent devices that are not firewalled and allow direct querying over the IPv4 Internet.” This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. . SecurityAffairs – hacking, printers). ” continues the report.

Internet 99

Internet Internet Firmware Advertising 99

Security Affairs

SEPTEMBER 29, 2021

The agencies recommend VPN solutions that implements protections against intrusions, such as the use of signed binaries or firmware images, a secure boot process that verifies boot code before it runs, and integrity validation of runtime processes and files. SecurityAffairs – hacking, VPN solutions). ” concludes the guidance.

VPN 128

VPN Government Firmware Authentication 128

Security Affairs

JUNE 18, 2020

Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers. Oldest firmware versions have been released as far back as 2007. The expert discovered the vulnerability in the web server component that is implemented in vulnerable Netgear router firmware.

Firmware 136

Firmware Internet Internet Advertising 136

Security Affairs

JANUARY 25, 2022

The CVE-2021-20038 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, SecurityAffairs – hacking, SonicWall Secure Mobile Access).

Mobile 89

Mobile Passwords Firmware Firewall 89

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 213

Risk VPN Internet Internet 213

Security Affairs

AUGUST 13, 2022

The group uses multiple attack vectors to gain access to victim networks, including RDP exploitation, SonicWall firewall vulnerabilities exploitation, and phishing attacks. SecurityAffairs – hacking, Zeppelin ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 87

Ransomware Encryption Firmware Backups 87

Pen Test

OCTOBER 12, 2023

What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices. Keeping firmware up to date is essential for security.

Encryption 52

Encryption Firmware Surveillance Technology 52

Security Affairs

MARCH 23, 2021

“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. SecurityAffairs – hacking, CISA).

Firmware 79

Firmware VPN Firewall Risk 79