2014, Firmware and Passwords - Cyber Security Informer

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. encryption keys, passwords) from a running operating system after using a cold reboot to restart the machine. concludes the experts.

Firmware

Firmware Encryption Advertising Passwords

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. The notice mentions the following products along with recommended actions: SRA 4600/1600 (EOL 2019) disconnect immediately and reset passwords.

Ransomware

Ransomware Firmware VPN Firewall

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” It has a CVSSv3 base score of 8.6 , since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.”

Firmware

Firmware Surveillance IoT Passwords

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely reboot the device without having to know the root password. ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019.

Malware

Malware Firmware Advertising Manufacturing

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. The expert also found hardcoded private keys for the SSH daemon in the device’s firmware.

Firmware

Firmware Passwords Advertising IoT

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

Experts analyzed more than 150,000 Android applications, including the top 100,000 apps from the official Google Play, the top 20,000 apps from an alternative store, and 30,000 pre-installed apps extracted from Samsung smartphones’ firmware. censorship keywords , cyber-bulling expressions, and weak passwords).”

Mobile

Mobile Passwords Advertising Firmware

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Security Affairs

JUNE 14, 2019

of the firmware. The weakness impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP. “An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 there is no released firmware version 4.4.3) that was certified at the end of April.

Firmware

Firmware Advertising Authentication Passwords

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

“A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” reads the advisory. Pierluigi Paganini.

Firmware

Firmware Advertising Authentication Passwords

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

An attacker could use these credentials to log on to the APs FTP server and steal the configuration file that includes SSIDs and passwords. “An This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The sample spreads via Telnet with weak passwords and some known exploits (see the list below). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

DECEMBER 25, 2018

Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. “A flaw exists in these modems that allow remote unauthenticated users to obtain the device’s SSID and WiFi password.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Wireless Firmware Advertising

Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server

Security Affairs

SEPTEMBER 7, 2018

Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall of the operating system. Our research has uncovered vulnerabilities in the way that multiple vendors update their BMC firmware.

Firmware

Firmware Malware Advertising Passwords

QSnatch malware already infected thousands of QNAP NAS devices

Security Affairs

NOVEMBER 4, 2019

“The original infection method remains unknown, but during that phase malicious code is injected to the firmware of the target system, and the code is then run as part of normal operations within the device. Gather all usernames and passwords related to the device and sent them to the C2 server. ” reads the report.

Malware

Malware Firmware Advertising Encryption

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 “One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues Cyble.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Security Affairs

FEBRUARY 5, 2020

More recent firmware versions had Telnet access and debug port (9527/ tcp ) disabled by default, but they had open port 9530/ tcp that could be exploited by attackers to send a special command to start telnet daemon and enable shell access with a static password ([ 1 ], [ 2 ], [ 3 ]). Pierluigi Paganini.

Firmware

Firmware Encryption Advertising Passwords

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

GhostDNS scans for the IP addresses used by routers that use weak or no password then accesses them and changes the DNS settings to a rogue DNS server operated by the attackers. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. through 1.4.2.20.

Small Business

Small Business Firmware Advertising VPN

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Unfortunately, the cloud ID is not sufficiently random and complex to make guessing correct cloud IDs hard because the analysis of the Xiongmai firmware revealed it is derived from the device’s MAC address. The experts also discovered an undocumented user with the name “default” and password “tluafed.”. ” continues the analysis.

Surveillance

Surveillance Hacking Firmware Manufacturing

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs

JULY 25, 2018

EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware. Many products of the vendor currently run the vulnerable firmware, including DVRs, NVRs, and IP cameras. “So, if I put reboot as password, the AVTech system gets rebooted,” Anubhav explained.

Firmware

Firmware Passwords IoT Advertising

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . The telnetd service is being deactivated and old and weak passwords are as well being removed or changed. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

Initial fixes for Cisco RV320 and RV325 routers were incomplete

Security Affairs

MARCH 30, 2019

Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. Firmware updates that address this vulnerability are not currently available. Pierluigi Paganini.

Small Business

Small Business Firmware Advertising Engineering

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

“ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials. ” reads a blog post published by Avast. concludes Avast.

DNS

DNS Passwords Advertising Banking

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

“ Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in p roduct documentation and compiled lists available on the Internet.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 06 and older. ” continues SonicWall.

DDOS

DDOS Hacking Internet Internet

Tenable experts found 15 flaws in wireless presentation systems

Security Affairs

MAY 2, 2019

Others issues can be exploited by a remote, unauthenticated attacker to change admin and moderator passwords and view presentations. Tenable started reporting the vulnerabilities to vendors in January, but at the time of the public disclosure, only Extron and Barco have released firmware updates. Pierluigi Paganini.

Wireless

Wireless Firmware Advertising Authentication

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

An attacker could chain the issues to steal password theft and possibly remotely compromise the devices, he only needs to know the IP address of the P2P server used by the device. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. ” reported Brian Krebs.

IoT

IoT Hacking Manufacturing Advertising

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

Trend Micro recommends to keep devices’ firmware up to date, change the default usernames and passwords on their routers, and also change the router’s default IP address. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

DNS

DNS Advertising Firmware Banking

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Security Affairs

MARCH 29, 2019

Version 1 has no auth, version 2 requires the admin password.” Garrett told TP-Link it should “stop shipping debug daemons on production firmware and if you’re going to have a webform to submit security issues then have someone actually respond to it.” ” wrote Garrett on Twitter.

Advertising

Advertising Firmware Firewall Authentication

ICS-CERT warns of critical flaws in NetComm industrial routers

Security Affairs

AUGUST 13, 2018

The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 The cross-site request forgery condition could be triggered by a remote attacker to change passwords of the device. NetComm has released a firmware update that addresses the security vulnerabilities in mid-May 2018.

Wireless

Wireless Firmware Manufacturing Advertising

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. Poor credentials. What does this mean? Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Security Affairs

NOVEMBER 1, 2018

The flaw can only be exploited if the device using the chip has the over-the-air firmware download (OAD) feature enabled. Experts pointed out that all Aruba access points share the same OAD password, which can be obtained by intercepting a legitimate update or by reverse engineering the device. ” continues the post.

Firmware

Firmware Manufacturing IoT Mobile

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs

JULY 20, 2018

The first bug can only be exploited by an authenticated attacker, but Positive Technologies says all Diqee 360 devices come with a default password of 888888 for the admin account, which very few users change, and which attackers can incorporate into their exploit chain. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Surveillance Authentication Technology

Security Affairs newsletter Round 175 – News of the week

Security Affairs

AUGUST 12, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. Security Affairs – Newsletter ). The post Security Affairs newsletter Round 175 – News of the week appeared first on Security Affairs.

Firmware

Firmware DNS Advertising Surveillance

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

In an amendment to the EU’s 2014 Radio Equipment Directive (RED), the European Commission noted that as wireless devices, from mobile phones to fitness trackers to smart watches, become increasingly embedded into everyday consumer and business life, they also become a greater security risk. It’s never one and done,” Broomhead said.

Wireless

Wireless IoT Manufacturing Mobile

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

“The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.” “To update to the latest firmware, each user should select the “Check for Upgrade” option in the “Centrals” menu in the GUI. ” concludes the CISA advisory.

Backups

Backups Authentication Advertising Firmware

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” ’ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Trending Sources

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

TP-Link Archer routers allow remote takeover without passwords

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Botnet operators target multiple zero-day flaws in LILIN DVRs

SonicWall warns users of “imminent ransomware campaign”

Guardzilla Security Video System Footage exposed online

Expert found multiple critical issues in MoFi routers

QSnatch malware infected over 62,000 QNAP NAS Devices

WAGO Industrial Switches affected by multiple flaws

Experts uncovered hidden behavior in thousands of Android Apps

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Some Zyxel devices can be hacked via DNS requests

Mozi Botnet is responsible for most of the IoT Traffic

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server

QSnatch malware already infected thousands of QNAP NAS devices

Maze ransomware operators claim to have breached LG Electronics

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

USBAnywhere BMC flaws expose Supermicro servers to hack

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Initial fixes for Cisco RV320 and RV325 routers were incomplete

For nearly a year, Brazilian users have been targeted with router attacks

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Tenable experts found 15 flaws in wireless presentation systems

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Novidade, a new Exploit Kit is targeting SOHO Routers

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

ICS-CERT warns of critical flaws in NetComm industrial routers

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Experts discloses dangerous flaws in robotic Dongguan Diqee 360 smart vacuums

Security Affairs newsletter Round 175 – News of the week

EU to Force IoT, Wireless Device Makers to Improve Security

CISA warns of critical flaws in Prima FlexAir access control system

Hacking the Twinkly IoT Christmas lights

Stay Connected