2014, Firmware and Hacking - Cyber Security Informer

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Encryption Ransomware Advertising

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. SecurityAffairs – D-Link DIR-865L, hacking).

Firmware

Firmware Wireless Advertising Risk

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. that dates back to 2009. .

Firmware

Firmware Manufacturing Hacking Software

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Securi ty Affairs – cold boot attacks, hacking).

Firmware

Firmware Encryption Advertising Passwords

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware

Firmware Advertising Manufacturing Malware

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 released June 21, 2014). “QNAP considers these devices discontinued for support; however, the vendor recommends upgrading VioStor firmware on existing devices to the latest available version.

Firmware

Firmware Wireless DDOS IoT

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. The company released firmware p atches for the device in January. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Smart Light Bulbs, hacking).

Hacking

Hacking IoT Wireless Firmware

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

Security Affairs

JANUARY 1, 2019

The group of researchers presented called “ wattet.fail ” firmware, side-channel, microcontroller and supply-chain attacks that impact most popular hardware-based cryptocurrency wallets, including Trezor One, Ledger Nano S, and Ledger Blue. “The Hacking the Supply Chain. Hacking the Bootloader. Side-channel Attacks.

Cryptocurrency

Cryptocurrency Hacking Firmware Advertising

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. Below the details for the flaws: Vulnerabilities in the open source brcmfmac driver: • CVE-2019-9503 : If the brcmfmac driver receives the firmware event frame from the host, the appropriate handler is called.

Hacking

Hacking Firmware Wireless Advertising

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” SecurityAffairs – hacking, CVE-2019-0090).

Firmware

Firmware Technology Advertising Authentication

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

DECEMBER 6, 2018

PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles. The PASTA car hacking tool is contained in an 8 kg portable briefcase, experts highlighted the delay of the automotive industry in developing cyber security for modern cars.

Hacking

Hacking Advertising Firmware Engineering

HP releases firmware updates for two critical RCE flaws in Inkjet Printers

Security Affairs

AUGUST 6, 2018

HP has released firmware updates that address two critical remote code execution vulnerabilities in some models of inkjet printers. HP has released firmware updates to address two critical RCE flaws affecting some Inkjet printers. Go to the Upgrading Printer Firmware page and follow the instructions provided to install the firmware.

Firmware

Firmware Advertising Software Hacking

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware

Firmware Advertising Malware Internet

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware

Firmware Manufacturing Advertising Hacking

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Automatic updates are available via Wi-Fi and can be installed by setting IoT radio devices back to factory settings and downloading the latest firmware version. . SecurityAffairs – IoT radio devices, hacking). .

IoT

IoT Hacking Firmware Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack. “We recommend that Tenda router users check their firmware and make necessary update.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking

Hacking Firmware Advertising DDOS

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips.

Hacking

Hacking Firmware Advertising Mobile

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Security Affairs

OCTOBER 3, 2018

Lenovo confirmed that firmware versions 4.1.402.34662 and earlier are vulnerable, users have to download firmware version 4.1.404.34716 (or later). The company suggests removing any public shares and using the device only on trusted networks in case it is not possible to immediately update the firmware. Pierluigi Paganini.

Hacking

Hacking Firmware Advertising Backups

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

Hacking Radio Blasting Systems for Fun & Explosions

Security Affairs

AUGUST 5, 2019

What about hacking Radio Blasting Systems? With all these data we can finally compose the packet that is transmitted to trigger the 1st charge on Area 01: Now we are ready to give it a try with the Standalone Firmware of WHID Elite and see if it is able to decode them too. . SecurityAffairs – Radio Blasting Systems , hacking).

Hacking

Hacking Firmware Engineering Advertising

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, D-Link). Pierluigi Paganini.

Firmware

Firmware Advertising Authentication Hacking

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. SecurityAffairs – hacking, LILIN). Pierluigi Paganini.

Firmware

Firmware Surveillance Manufacturing Advertising

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Wireless Authentication Advertising

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs

JULY 10, 2019

The experts at the healthcare cybersecurity firm CyberMDX have found some flaws in the firmware of the anesthesia machines, the issues could expose patients to serious risks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Healthcare Advertising Firmware

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. SecurityAffairs – hacking, QSnatch).

Malware

Malware Firmware Advertising Manufacturing

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. Experts recommend organizations using FortiGate firewall, or anything else powered by FortiOS, to follow Fortinet’s advisory for this issue and upgrade their firmware immediately.

Firewall

Firewall VPN Firmware Internet

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Security Affairs

NOVEMBER 7, 2019

Pwn2Own is the annual hacking contest event organized by Trend Micro’s Zero Day Initiative (ZDI). The day started with Amat Cama and Richard Zhu of team Fluoroacetate earning $15,000 for hacking a Sony X800G TV. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Advertising Firmware Information Security

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

This unauthenticated remote command injection vulnerability affects Linear eMerge E3 access control systems running firmware versions 1.00-06 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. 06 and older. Pierluigi Paganini.

DDOS

DDOS Hacking Internet Internet

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation. The flaw has been classified as “medium severity,” it affects firmware versions prior to SCV10150. SecurityAffairs – Patch Tuesday, hacking).

Firmware

Firmware Advertising Authentication Hacking

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, newsletter). Pierluigi Paganini. The post Security Affairs newsletter Round 284 appeared first on Security Affairs.

Ransomware

Ransomware Firmware Advertising Insurance

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

“ Experts found hardcoded credentials in the firmware that are used to connect to a private broker through the Message Queuing Telemetry Transport (MQTT) protocol for exchanging messages with remote IoT boards and sensors. If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’

IoT

IoT Hacking DNS Authentication

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

QNAP urges users to update NAS firmware and app to prevent infections

Trending Sources

Hacking IoT & RF Devices with BürtleinaBoard

Intel addresses High-Severity flaws in NUC Firmware and other tools

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Second-ever UEFI rootkit used in North Korea-themed attacks

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Some Zyxel devices can be hacked via DNS requests

NSA publishes guidance on UEFI Secure Boot customization

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Broadcom WiFi Driver bugs expose devices to hack

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

HP releases firmware updates for two critical RCE flaws in Inkjet Printers

Researchers warn of QNAP NAS attacks in the wild

BadPower attack could burn your device through fast charging

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

New Ttint IoT botnet exploits two zero-days in Tenda routers

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

USBAnywhere BMC flaws expose Supermicro servers to hack

BotenaGo botnet targets millions of IoT devices using 33 exploits

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

AMD is going to patch UEFI SMM callout privilege escalation flaw

Hacking Radio Blasting Systems for Fun & Explosions

D-Link addressed 5 flaws on some router models, some of them reached EoL

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Botnet operators target multiple zero-day flaws in LILIN DVRs

Expert found multiple critical issues in MoFi routers

Severe vulnerabilities allow hacking older GE anesthesia machines

QSnatch malware infected over 62,000 QNAP NAS Devices

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs newsletter Round 284

Hacking the Twinkly IoT Christmas lights

Stay Connected