Firmware, Hacking, Information Security and Passwords

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. CISA orders federal agencies to fix these vulnerabilities by June 6, 2024.

Firmware

Firmware Authentication Passwords Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords

Passwords Software Firmware Malware

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. No username or password needed nor any actions need to be initiated by the camera owner. ” wrote the expert.

Hacking

Hacking Firmware IoT Internet

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. No username or password needed nor any actions need to be initiated by the camera owner. wrote the expert. “.

Hacking

Hacking Firmware Internet Internet

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Experts warn of backdoor-like behavior within Gigabyte systems

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process. The executable resides in a UEFI firmware volume.

Firmware

Firmware Risk Software Passwords

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

All the affected models have a patched firmware available for download on the vendor’s website.” An attacker can trigger the flaw by supplying carefully crafted username and/or password as base64 encoded strings inside the fields aa and ab of the login page. SecurityAffairs – hacking, DrayTek Vigor).

Hacking

Hacking Internet Internet Passwords

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5) of PowerPanel Enterprise software and version 1.44.08042023 of the Dataprobe iBoot PDU firmware.

Hacking

Hacking Firmware Authentication Software

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

Dell Wyse ThinOS flaws allow hacking think clients

Security Affairs

DECEMBER 21, 2020

The researchers also discovered the update process for the firmware and packages doesn’t rely on digital signature of the code. “Dell advises creating an FTP server using Microsoft IIS (no specific guidance), then giving access to firmware, packages, and INI files accessible through the FTP server. Pierluigi Paganini.

Hacking

Hacking Firmware DNS Healthcare

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware

Firmware VPN Wireless Passwords

Netgear addresses severe security flaws in 20 of its products

Security Affairs

SEPTEMBER 6, 2021

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. GC108PP fixed in firmware version 1.0.8.2

Firmware

Firmware Authentication Passwords Hacking

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government? Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network.

Surveillance

Surveillance Manufacturing Passwords Internet

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” A firmware fix has been released.

Firmware

Firmware Passwords Hacking Cybersecurity

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The website ruexfil.com provided detailed information about the attacks against Moscollector, the hackers also published screenshots of monitoring systems, servers, and databases they claim to have compromised.

Malware

Malware Firmware IoT Hacking

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable. .

Firmware

Firmware Encryption Authentication Passwords

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Security Affairs

SEPTEMBER 18, 2021

In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root).” .” Coldwind explained.

Firmware

Firmware Engineering Passwords Hacking

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here.

Manufacturing

Manufacturing IoT Firmware VPN

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

“It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. There are possibilities of data plagiarism, falsification, system destruction, and malicious program execution if this vulnerability was exploited by malicious attackers who can access to this private webpage (with passwords information).”

Wireless

Wireless Firmware Passwords Engineering

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Security Affairs

AUGUST 1, 2023

The information stored in a Canon printer depends on the specific model, however, almost any model stores the network SSID, the password, network type (WPA3, WEP, etc.), Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access. MAC address, and IP address.

Wireless

Wireless Firmware Passwords Authentication

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Equipped with this password we then could authenticate successfully.

Firmware

Firmware Manufacturing Passwords Penetration Testing

Microsoft found auth bypass, system hijack flaws in Netgear routers

Security Affairs

JULY 1, 2021

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. “In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited.” html) and the firmware image itself (.chk

Firmware

Firmware Authentication Encryption Passwords

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” continues the analysis.

Hacking

Hacking Firmware Media Authentication

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Security Affairs

SEPTEMBER 19, 2022

Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ, which is a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models. present in the majority of NETGEAR firmware images in our corpus.”

Firmware

Firmware Passwords Technology Hacking

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. “We chose the simplest approach, reading /etc/shadow and using hashcat cracking the root account password (which turned out to be root:root). SecurityAffairs – hacking, ABB Totalflow). Pierluigi Paganini.

Firmware

Firmware Authentication Passwords Manufacturing

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication

Authentication Firmware Hacking Passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.” ” states the report published by Eye security. ” reads the description of the vulnerability.

Firmware

Firmware Passwords Authentication Wireless

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

JANUARY 16, 2023

Milisic discovered pre-loaded malware into its firmware. The malicious code embedded in the firmware of the device acts like the Android CopyCat malware. Milisic was not able to test other devices from the same vendor or model to determine if their firmware was infected too. SecurityAffairs – hacking, malware).

Malware

Malware Firmware DNS Internet

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . The telnetd service is being deactivated and old and weak passwords are as well being removed or changed. SecurityAffairs – IoT radio devices, hacking). . ” continues the experts. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

X Master Password Dumper (CVE-2023-32784) Malware RapperBot DDoS Botnet Expands into Cryptojacking Newly identified RA Group compromises companies in U.S. X Master Password Dumper (CVE-2023-32784) Malware RapperBot DDoS Botnet Expands into Cryptojacking Newly identified RA Group compromises companies in U.S.

Data breaches

Data breaches Cybercrime Ransomware Passwords

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. The malware targets QNAP NAS devices exposed online that use weak passwords. ” reads the security advisory published by the vendor. Use stronger admin passwords.

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.

Ransomware

Ransomware DDOS Passwords Backups

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” A firmware fix has been released.

Firmware

Firmware Passwords Hacking Cybersecurity

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. Pierluigi Paganini.

Wireless

Wireless Firmware Mobile Passwords

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Western Digital customers have to update their My Cloud devices to latest firmware version

Webinars

Trending Sources

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Webinars

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Hikvision cameras could be remotely hacked due to critical flaw

Over 80,000 Hikvision cameras can be easily hacked

Expert found a secret backdoor in Zyxel firewall and VPN

Experts warn of backdoor-like behavior within Gigabyte systems

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Dell Wyse ThinOS flaws allow hacking think clients

TP-Link Archer routers allow remote takeover without passwords

ASUS addressed critical flaws in some router models

Netgear addresses severe security flaws in 20 of its products

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

3.5m IP cameras exposed, with US in the lead

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Experts found backdoors in a popular Auerswald VoIP appliance

Microsoft found auth bypass, system hijack flaws in Netgear routers

USBAnywhere BMC flaws expose Supermicro servers to hack

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Over 600k GPS trackers left exposed online with a default password of ‘123456’

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

T95 Android TV Box sold on Amazon hides sophisticated malware

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Dovecat crypto-miner is targeting QNAP NAS devices

Avoslocker ransomware gang targets US critical infrastructure

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Stay Connected