2015, Firmware and Hacking - Cyber Security Informer

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Encryption Ransomware Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. “We strongly encourage moving to the My Cloud OS5 firmware,” the statement reads.

Firmware

Firmware Passwords Internet Internet

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. SecurityAffairs – D-Link DIR-865L, hacking).

Firmware

Firmware Wireless Advertising Risk

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Securi ty Affairs – cold boot attacks, hacking).

Firmware

Firmware Encryption Advertising Passwords

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware

Firmware Advertising Manufacturing Malware

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

DECEMBER 6, 2018

PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles. The PASTA car hacking tool is contained in an 8 kg portable briefcase, experts highlighted the delay of the automotive industry in developing cyber security for modern cars.

Hacking

Hacking Advertising Firmware Engineering

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. The company released firmware p atches for the device in January. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Smart Light Bulbs, hacking).

Hacking

Hacking IoT Wireless Firmware

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

Security Affairs

JANUARY 1, 2019

The group of researchers presented called “ wattet.fail ” firmware, side-channel, microcontroller and supply-chain attacks that impact most popular hardware-based cryptocurrency wallets, including Trezor One, Ledger Nano S, and Ledger Blue. “The Hacking the Supply Chain. Hacking the Bootloader. Side-channel Attacks.

Cryptocurrency

Cryptocurrency Hacking Firmware Advertising

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. Below the details for the flaws: Vulnerabilities in the open source brcmfmac driver: • CVE-2019-9503 : If the brcmfmac driver receives the firmware event frame from the host, the appropriate handler is called.

Hacking

Hacking Firmware Wireless Advertising

HP releases firmware updates for two critical RCE flaws in Inkjet Printers

Security Affairs

AUGUST 6, 2018

HP has released firmware updates that address two critical remote code execution vulnerabilities in some models of inkjet printers. HP has released firmware updates to address two critical RCE flaws affecting some Inkjet printers. Go to the Upgrading Printer Firmware page and follow the instructions provided to install the firmware.

Firmware

Firmware Advertising Software Hacking

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” SecurityAffairs – hacking, CVE-2019-0090).

Firmware

Firmware Technology Advertising Authentication

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Automatic updates are available via Wi-Fi and can be installed by setting IoT radio devices back to factory settings and downloading the latest firmware version. . SecurityAffairs – IoT radio devices, hacking). .

IoT

IoT Hacking Firmware Advertising

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware

Firmware Manufacturing Advertising Hacking

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware

Firmware Advertising Malware Internet

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips.

Hacking

Hacking Firmware Advertising Mobile

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking

Hacking Firmware Advertising DDOS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack. “We recommend that Tenda router users check their firmware and make necessary update.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Security Affairs

OCTOBER 3, 2018

Lenovo confirmed that firmware versions 4.1.402.34662 and earlier are vulnerable, users have to download firmware version 4.1.404.34716 (or later). The company suggests removing any public shares and using the device only on trusted networks in case it is not possible to immediately update the firmware. Pierluigi Paganini.

Hacking

Hacking Firmware Advertising Backups

Hacking Radio Blasting Systems for Fun & Explosions

Security Affairs

AUGUST 5, 2019

What about hacking Radio Blasting Systems? With all these data we can finally compose the packet that is transmitted to trigger the 1st charge on Area 01: Now we are ready to give it a try with the Standalone Firmware of WHID Elite and see if it is able to decode them too. . SecurityAffairs – Radio Blasting Systems , hacking).

Hacking

Hacking Firmware Engineering Advertising

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. Experts recommend organizations using FortiGate firewall, or anything else powered by FortiOS, to follow Fortinet’s advisory for this issue and upgrade their firmware immediately.

Firewall

Firewall VPN Firmware Internet

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, D-Link). Pierluigi Paganini.

Firmware

Firmware Advertising Authentication Hacking

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware

Firmware Accountability Advertising Manufacturing

SonicWall released patch for actively exploited SMA 100 zero-day

Security Affairs

FEBRUARY 4, 2021

SonicWall this week released firmware updates (version 10.2.0.5-29sv) “SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv We have confirmed that the Shellshock attack has been mitigated by patches that we released in 2015. SecurityAffairs – hacking, SonicWall). Pierluigi Paganini.

Firmware

Firmware Mobile Media Internet

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs

JULY 10, 2019

The experts at the healthcare cybersecurity firm CyberMDX have found some flaws in the firmware of the anesthesia machines, the issues could expose patients to serious risks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – anesthesia machines, hacking). ” reads the alert.

Hacking

Hacking Healthcare Advertising Firmware

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” SecurityAffairs – hacking, MoFi routers). Pierluigi Paganini.

Firmware

Firmware Wireless Authentication Advertising

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

“ Experts found hardcoded credentials in the firmware that are used to connect to a private broker through the Message Queuing Telemetry Transport (MQTT) protocol for exchanging messages with remote IoT boards and sensors. If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’

IoT

IoT Hacking DNS Authentication

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. SecurityAffairs – hacking, LILIN). Pierluigi Paganini.

Firmware

Firmware Surveillance Manufacturing Advertising

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation. The flaw has been classified as “medium severity,” it affects firmware versions prior to SCV10150. SecurityAffairs – Patch Tuesday, hacking).

Firmware

Firmware Advertising Authentication Hacking

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Security Affairs

NOVEMBER 7, 2019

Pwn2Own is the annual hacking contest event organized by Trend Micro’s Zero Day Initiative (ZDI). The day started with Amat Cama and Richard Zhu of team Fluoroacetate earning $15,000 for hacking a Sony X800G TV. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Advertising Firmware Information Security

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. The expert also found hardcoded private keys for the SSH daemon in the device’s firmware.

Firmware

Firmware Passwords Advertising IoT

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

This unauthenticated remote command injection vulnerability affects Linear eMerge E3 access control systems running firmware versions 1.00-06 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – NSC Linear eMerge E3 , hacking). 06 and older. ” continues SonicWall.

DDOS

DDOS Hacking Internet Internet

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws appeared first on Security Affairs.

IoT

IoT Hacking Manufacturing Advertising

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Webinars

Trending Sources

QNAP urges users to update NAS firmware and app to prevent infections

Webinars

Hacking IoT & RF Devices with BürtleinaBoard

Intel addresses High-Severity flaws in NUC Firmware and other tools

Another 0-Day Looms for Many Western Digital Users

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Second-ever UEFI rootkit used in North Korea-themed attacks

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Some Zyxel devices can be hacked via DNS requests

NSA publishes guidance on UEFI Secure Boot customization

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

Broadcom WiFi Driver bugs expose devices to hack

HP releases firmware updates for two critical RCE flaws in Inkjet Printers

BotenaGo botnet targets millions of IoT devices using 33 exploits

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

BadPower attack could burn your device through fast charging

Researchers warn of QNAP NAS attacks in the wild

USBAnywhere BMC flaws expose Supermicro servers to hack

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

New Ttint IoT botnet exploits two zero-days in Tenda routers

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Hacking Radio Blasting Systems for Fun & Explosions

AMD is going to patch UEFI SMM callout privilege escalation flaw

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

D-Link addressed 5 flaws on some router models, some of them reached EoL

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

SonicWall released patch for actively exploited SMA 100 zero-day

Severe vulnerabilities allow hacking older GE anesthesia machines

Expert found multiple critical issues in MoFi routers

Hacking the Twinkly IoT Christmas lights

Botnet operators target multiple zero-day flaws in LILIN DVRs

Intel addresses high severity flaw in Processor Diagnostic Tool

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

WAGO Industrial Switches affected by multiple flaws

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Stay Connected