2014, Firmware, Hacking and Passwords - Cyber Security Informer

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. encryption keys, passwords) from a running operating system after using a cold reboot to restart the machine. concludes the experts.

Firmware

Firmware Encryption Advertising Passwords

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. An attacker could use these credentials to log on to the APs FTP server and steal the configuration file that includes SSIDs and passwords. “An SecurityAffairs – Zyxel, hacking).

DNS

DNS Hacking Firmware Wireless

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance

Surveillance Hacking Firmware Manufacturing

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . The telnetd service is being deactivated and old and weak passwords are as well being removed or changed. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. SecurityAffairs – hacking, LILIN). Pierluigi Paganini.

Firmware

Firmware Surveillance Manufacturing Advertising

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. ” continues the report.

Firmware

Firmware Wireless Authentication Advertising

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

“ Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in p roduct documentation and compiled lists available on the Internet.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 06 and older. ” continues SonicWall.

DDOS

DDOS Hacking Internet Internet

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

An attacker could chain the issues to steal password theft and possibly remotely compromise the devices, he only needs to know the IP address of the P2P server used by the device. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. ” reported Brian Krebs.

IoT

IoT Hacking Manufacturing Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. Pierluigi Paganini.

Malware

Malware Firmware Advertising Manufacturing

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. The expert also found hardcoded private keys for the SSH daemon in the device’s firmware.

Firmware

Firmware Passwords Advertising IoT

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

“A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” SecurityAffairs – Fortinet, hacking). reads the advisory.

Advertising

Advertising Firmware Authentication Passwords

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’ Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Hacking DNS Authentication

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” It has a CVSSv3 base score of 8.6 , since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.”

Firmware

Firmware Surveillance IoT Passwords

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Security Affairs

JUNE 14, 2019

of the firmware. The weakness impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP. “An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 there is no released firmware version 4.4.3) SecurityAffairs – Yubico, hacking).

Firmware

Firmware Advertising Authentication Passwords

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

Experts analyzed more than 150,000 Android applications, including the top 100,000 apps from the official Google Play, the top 20,000 apps from an alternative store, and 30,000 pre-installed apps extracted from Samsung smartphones’ firmware. censorship keywords , cyber-bulling expressions, and weak passwords).”

Mobile

Mobile Passwords Advertising Firmware

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

DECEMBER 25, 2018

Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. “A flaw exists in these modems that allow remote unauthenticated users to obtain the device’s SSID and WiFi password.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Wireless Firmware Advertising

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The sample spreads via Telnet with weak passwords and some known exploits (see the list below). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Security Affairs

FEBRUARY 5, 2020

More recent firmware versions had Telnet access and debug port (9527/ tcp ) disabled by default, but they had open port 9530/ tcp that could be exploited by attackers to send a special command to start telnet daemon and enable shell access with a static password ([ 1 ], [ 2 ], [ 3 ]). SecurityAffairs – HiSilicon chips, hacking).

Firmware

Firmware Encryption Advertising Passwords

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. Pierluigi Paganini. ( – Cisco Cisco RV325, hacking).

Small Business

Small Business Firmware Advertising VPN

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. GhostDNS scans for the IP addresses used by routers that use weak or no password then accesses them and changes the DNS settings to a rogue DNS server operated by the attackers. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server

Security Affairs

SEPTEMBER 7, 2018

Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall of the operating system. Our research has uncovered vulnerabilities in the way that multiple vendors update their BMC firmware.

Firmware

Firmware Malware Advertising Passwords

Tenable experts found 15 flaws in wireless presentation systems

Security Affairs

MAY 2, 2019

Experts at Tenable discovered 15 vulnerabilities in eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. Others issues can be exploited by a remote, unauthenticated attacker to change admin and moderator passwords and view presentations. Pierluigi Paganini. Pierluigi Paganini.

Wireless

Wireless Firmware Advertising Authentication

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs

JULY 25, 2018

EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware. Many products of the vendor currently run the vulnerable firmware, including DVRs, NVRs, and IP cameras. “So, if I put reboot as password, the AVTech system gets rebooted,” Anubhav explained.

Firmware

Firmware Passwords IoT Advertising

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 “One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues Cyble.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Initial fixes for Cisco RV320 and RV325 routers were incomplete

Security Affairs

MARCH 30, 2019

Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. Firmware updates that address this vulnerability are not currently available. SecurityAffairs – Cisco Cisco RV320, hacking).

Small Business

Small Business Firmware Advertising Engineering

QSnatch malware already infected thousands of QNAP NAS devices

Security Affairs

NOVEMBER 4, 2019

“The original infection method remains unknown, but during that phase malicious code is injected to the firmware of the target system, and the code is then run as part of normal operations within the device. Gather all usernames and passwords related to the device and sent them to the C2 server. ” reads the report.

Malware

Malware Firmware Advertising Encryption

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. SecurityAffairs – hacking, IoT). Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Security Affairs

MARCH 29, 2019

Version 1 has no auth, version 2 requires the admin password.” Garrett told TP-Link it should “stop shipping debug daemons on production firmware and if you’re going to have a webform to submit security issues then have someone actually respond to it.” SecurityAffairs – hacking,TP-Link SR20 Router).

Advertising

Advertising Firmware Firewall Authentication

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

Trend Micro recommends to keep devices’ firmware up to date, change the default usernames and passwords on their routers, and also change the router’s default IP address. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

DNS

DNS Advertising Firmware Banking

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

“ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials. ” reads a blog post published by Avast. concludes Avast.

DNS

DNS Passwords Advertising Banking

ICS-CERT warns of critical flaws in NetComm industrial routers

Security Affairs

AUGUST 13, 2018

The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 The cross-site request forgery condition could be triggered by a remote attacker to change passwords of the device. NetComm has released a firmware update that addresses the security vulnerabilities in mid-May 2018.

Wireless

Wireless Firmware Manufacturing Advertising

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Security Affairs

NOVEMBER 1, 2018

The flaw can only be exploited if the device using the chip has the over-the-air firmware download (OAD) feature enabled. Experts pointed out that all Aruba access points share the same OAD password, which can be obtained by intercepting a legitimate update or by reverse engineering the device. ” continues the post.

Firmware

Firmware Manufacturing IoT Mobile

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

The first bug can only be exploited by an authenticated attacker, but Positive Technologies says all Diqee 360 devices come with a default password of 888888 for the admin account, which very few users change, and which attackers can incorporate into their exploit chain. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Surveillance Authentication Technology

Security Affairs newsletter Round 175 – News of the week

Security Affairs

AUGUST 12, 2018

Firmware

Firmware DNS Advertising Surveillance

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

“The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.” “To update to the latest firmware, each user should select the “Check for Upgrade” option in the “Centrals” menu in the GUI. ” concludes the CISA advisory.

Backups

Backups Authentication Advertising Firmware

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

In an amendment to the EU’s 2014 Radio Equipment Directive (RED), the European Commission noted that as wireless devices, from mobile phones to fitness trackers to smart watches, become increasingly embedded into everyday consumer and business life, they also become a greater security risk. It’s never one and done,” Broomhead said.

Wireless

Wireless IoT Manufacturing Mobile

VISA warns of cyber attacks on PoS systems of fuel dispenser merchants

Security Affairs

DECEMBER 13, 2019

Secure remote access with strong passwords, ensure only the necessary individuals have permission for remote access, disable remote access when not in use, and use two-factor authentication for remote sessions. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks Malware Cybercrime Advertising

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Webinars

Trending Sources

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Webinars

TP-Link Archer routers allow remote takeover without passwords

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Some Zyxel devices can be hacked via DNS requests

USBAnywhere BMC flaws expose Supermicro servers to hack

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Botnet operators target multiple zero-day flaws in LILIN DVRs

Expert found multiple critical issues in MoFi routers

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

QSnatch malware infected over 62,000 QNAP NAS Devices

WAGO Industrial Switches affected by multiple flaws

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Hacking the Twinkly IoT Christmas lights

Guardzilla Security Video System Footage exposed online

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Experts uncovered hidden behavior in thousands of Android Apps

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Mozi Botnet is responsible for most of the IoT Traffic

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server

Tenable experts found 15 flaws in wireless presentation systems

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Maze ransomware operators claim to have breached LG Electronics

Initial fixes for Cisco RV320 and RV325 routers were incomplete

QSnatch malware already infected thousands of QNAP NAS devices

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Novidade, a new Exploit Kit is targeting SOHO Routers

For nearly a year, Brazilian users have been targeted with router attacks

ICS-CERT warns of critical flaws in NetComm industrial routers

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs newsletter Round 175 – News of the week

CISA warns of critical flaws in Prima FlexAir access control system

EU to Force IoT, Wireless Device Makers to Improve Security

VISA warns of cyber attacks on PoS systems of fuel dispenser merchants

Stay Connected