2015, Authentication, Firmware and Hacking

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0.

Firmware

Firmware Technology Advertising Authentication

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware

Firmware Advertising Malware Internet

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

” Once the mobile app has discovered the IP address of the lights, it authenticates with them, receives an authentication token and retrieves information about the device. Experts found a flaw in the authentication process, it only authenticates the lights to the app and not visa- versa. . Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. Pierluigi Paganini.

Firmware

Firmware Wireless Authentication Advertising

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” While the user’s shell is limited to running the /opt/phoenix/ phscripts /bin/ tunnelshell script, SSH authentication still succeeds.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Firmware Advertising Firewall

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking

Hacking Firmware Advertising DDOS

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Security Affairs

OCTOBER 3, 2018

A typical attack scenario to gain this information sees attackers to luring an authenticated NAS user by tricking it into visiting a specially crafted malicious website. Lenovo confirmed that firmware versions 4.1.402.34662 and earlier are vulnerable, users have to download firmware version 4.1.404.34716 (or later).

Hacking

Hacking Firmware Advertising Backups

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019.” Pierluigi Paganini.

IoT

IoT DDOS Authentication Advertising

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. states the report published by Fortinet. ” continues the report.

Firewall

Firewall VPN Firmware Internet

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The flaws include reflected Cross-Site Scripting (XSS), buffer overflows, bypassing authentication issues, and arbitrary code execution bugs. The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09

Firmware

Firmware Advertising Authentication Hacking

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.” The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation.

Firmware

Firmware Advertising Authentication Hacking

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Security Affairs

DECEMBER 23, 2018

The flaw was discovered by experts at Tenable that explained that an authenticated remote unprivileged user can change or download the running configuration or replace the appliance firmware where they shouldn’t. In particular, the aaa authentication http console {LOCAL | <aaa-server>} command must be present,” Cisco concludes.

Firmware

Firmware Authentication Software Advertising

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

NGINX zero-day vulnerability: Check if you’re affected

Malwarebytes

APRIL 13, 2022

On April 9, hacking group BlueHornet tweeted about an experimental exploit for NGINX 1.18 Specifically, the NGINX LDAP reference implementation which uses LDAP to authenticate users of applications being proxied by NGINX. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server.

Authentication

Authentication IoT Password Management Firmware

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs

JULY 10, 2019

The experts at the healthcare cybersecurity firm CyberMDX have found some flaws in the firmware of the anesthesia machines, the issues could expose patients to serious risks. ” Experts pointed out that the devices lack authentication allowing anyone of the same network to execute commands supported by the machines. .

Hacking

Hacking Healthcare Advertising Firmware

Security Affairs newsletter Round 268

Security Affairs

JUNE 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – newsletter, hacking). Pierluigi Paganini.

Firmware

Firmware Advertising Ransomware Hacking

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

This unauthenticated remote command injection vulnerability affects Linear eMerge E3 access control systems running firmware versions 1.00-06 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – NSC Linear eMerge E3 , hacking). 06 and older. ” continues SonicWall.

DDOS

DDOS Hacking Internet Internet

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Upon connecting, most clients will immediately attempt to authenticate as an administrative user in plaintext , allowing an attacker to obtain the credentials to the device.” Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Pierluigi Paganini.

IoT

IoT Hacking Manufacturing Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. SecurityAffairs – hacking, QSnatch).

Malware

Malware Firmware Advertising Manufacturing

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” While the user’s shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds.”. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. reads the advisory.

Advertising

Advertising Firmware Authentication Passwords

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Security Affairs

JUNE 14, 2019

of the firmware. The weakness impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP. “An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 there is no released firmware version 4.4.3) SecurityAffairs – Yubico, hacking).

Firmware

Firmware Advertising Authentication Passwords

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant. The engineering received the files from an anonymous hacker who claimed to have hacked the company earlier this year, the experts believe that this leak is just a first lot on a larger collection.

Firmware

Firmware Advertising Engineering Hacking

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. Pierluigi Paganini.

Internet

Internet Internet Firmware Advertising

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

OCTOBER 7, 2019

According to the Fortinet, the vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 router families. We rated this as a critical issue since the vulnerability can be triggered remotely without authentication.” “The vulnerability begins with a bad authentication check.

Authentication

Authentication Advertising Firmware Hacking

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Pulse VPN). ” reported ZDNet. Pierluigi Paganini.

VPN

VPN Passwords Banking Advertising

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). Pierluigi Paganini.

Firmware

Firmware Ransomware Wireless Encryption

Critical unfixed flaws affect ABB Safety PLC Gateways

Security Affairs

DECEMBER 18, 2018

Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life. ABB also published separate advisories for the missing authentication and XSS vulnerabilities. Pierluigi Paganini.

Firmware

Firmware Advertising Manufacturing Authentication

Tenable experts found 15 flaws in wireless presentation systems

Security Affairs

MAY 2, 2019

Experts at Tenable discovered 15 vulnerabilities in eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. Experts also found a denial-of-service (DoS) flaw and credentials stored in plain text that could be accessible to authenticated users. Pierluigi Paganini.

Wireless

Wireless Firmware Advertising Authentication

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. “Just like the regular dnschanger , this campaign attempts to guess the password on the router’s web authentication page or bypass the authentication through the dnscfg. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Archer MR200v4: [link].

Passwords

Passwords Advertising Firmware Authentication

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Security Affairs

FEBRUARY 5, 2020

More recent firmware versions had Telnet access and debug port (9527/ tcp ) disabled by default, but they had open port 9530/ tcp that could be exploited by attackers to send a special command to start telnet daemon and enable shell access with a static password ([ 1 ], [ 2 ], [ 3 ]). SecurityAffairs – HiSilicon chips, hacking).

Firmware

Firmware Encryption Advertising Passwords

Cisco addresses critical issues in IP Phones and UCS Director

Security Affairs

APRIL 17, 2020

The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device: IP Phone 7811, 7821, 7841, and 7861 Desktop Phones IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones Unified IP Conference Phone 8831 Wireless IP Phone 8821 and 8821-EX.

Big data

Big data Wireless Advertising Firmware

Thrangrycat flaw could allow compromising millions of Cisco devices

Security Affairs

MAY 14, 2019

. “ A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.” ” reads the advisory published by Cisco.

Firmware

Firmware Authentication Software Advertising

Zyxel addresses Zero-Day vulnerability in NAS devices

Security Affairs

FEBRUARY 25, 2020

. “Multiple ZyXEL network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.” “ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. and earlier.

Authentication

Authentication Advertising Firmware Internet

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. Even if the vulnerability has been patched, many Dahua devices are still running ancient firmware. Pierluigi Paganini.

IoT

IoT Engineering Passwords Firmware

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Webinars

Trending Sources

Intel addresses High-Severity flaws in NUC Firmware and other tools

Webinars

Second-ever UEFI rootkit used in North Korea-themed attacks

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

USBAnywhere BMC flaws expose Supermicro servers to hack

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Researchers warn of QNAP NAS attacks in the wild

Hacking the Twinkly IoT Christmas lights

Expert found multiple critical issues in MoFi routers

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

D-Link addressed 5 flaws on some router models, some of them reached EoL

Intel addresses high severity flaw in Processor Diagnostic Tool

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

NGINX zero-day vulnerability: Check if you’re affected

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs newsletter Round 268

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

QSnatch malware infected over 62,000 QNAP NAS Devices

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Intel investigates security breach after the leak of 20GB of internal documents

A daily average of 80,000 printers exposed online via IPP

D-Link router models affected by remote code execution issue that will not be fixed

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Infecting Canon EOS DSLR camera with ransomware over the air

Critical unfixed flaws affect ABB Safety PLC Gateways

Tenable experts found 15 flaws in wireless presentation systems

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

TP-Link Archer routers allow remote takeover without passwords

Expert released PoC exploit code for unpatched backdoor in HiSilicon chips

Cisco addresses critical issues in IP Phones and UCS Director

Thrangrycat flaw could allow compromising millions of Cisco devices

Zyxel addresses Zero-Day vulnerability in NAS devices

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Stay Connected