Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. The company released firmware p atches for the device in January. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Smart Light Bulbs, hacking).

Hacking 111

Hacking IoT Wireless Firmware 111

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT 115

IoT Firmware Malware Wireless 115

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0.

Firmware 122

Firmware Technology Advertising Authentication 122

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Automatic updates are available via Wi-Fi and can be installed by setting IoT radio devices back to factory settings and downloading the latest firmware version. . SecurityAffairs – IoT radio devices, hacking). .

IoT 82

IoT Hacking Firmware Advertising 82

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. Pierluigi Paganini.

Hacking 83

Hacking Firmware Media Authentication 83

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware 102

Firmware Manufacturing Advertising Hacking 102

Security Affairs

OCTOBER 5, 2020

According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack. “We recommend that Tenda router users check their firmware and make necessary update.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT 133

IoT Firmware DNS Advertising 133

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking 43

Hacking Firmware Advertising DDOS 43

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips.

Hacking 64

Hacking Firmware Advertising Mobile 64

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware 92

Firmware Architecture Advertising Manufacturing 92

Security Affairs

AUGUST 5, 2019

What about hacking Radio Blasting Systems? With all these data we can finally compose the packet that is transmitted to trigger the 1st charge on Area 01: Now we are ready to give it a try with the Standalone Firmware of WHID Elite and see if it is able to decode them too. . SecurityAffairs – Radio Blasting Systems , hacking).

Hacking 75

Hacking Firmware Engineering Advertising 75

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 89

Passwords Hacking Wireless Authentication 89

Security Affairs

OCTOBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 284 appeared first on Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 82

Ransomware Firmware Advertising Insurance 82

Security Affairs

JULY 3, 2023

For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. Experts recommend organizations using FortiGate firewall, or anything else powered by FortiOS, to follow Fortinet’s advisory for this issue and upgrade their firmware immediately.

Firewall 79

Firewall VPN Firmware Internet 79

Security Affairs

JULY 25, 2020

The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09 B09 (and below) will receive no security updates remaining vulnerable. SecurityAffairs – hacking, D-Link). Pierluigi Paganini.

Firmware 96

Firmware Advertising Authentication Hacking 96

Security Affairs

FEBRUARY 4, 2021

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) 29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances.

Firmware 93

Firmware Mobile Media Internet 93

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. SecurityAffairs – hacking, FTTH devices ).

Firmware 91

Firmware Accountability Advertising Manufacturing 91

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” SecurityAffairs – hacking, MoFi routers). Pierluigi Paganini.

Firmware 82

Firmware Wireless Authentication Advertising 82

Security Affairs

JULY 11, 2019

The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation. The flaw has been classified as “medium severity,” it affects firmware versions prior to SCV10150. SecurityAffairs – Patch Tuesday, hacking).

Firmware 74

Firmware Advertising Authentication Hacking 74

Security Affairs

NOVEMBER 7, 2019

Pwn2Own is the annual hacking contest event organized by Trend Micro’s Zero Day Initiative (ZDI). The day started with Amat Cama and Richard Zhu of team Fluoroacetate earning $15,000 for hacking a Sony X800G TV. The security duo exploited a JavaScript out-of-bounds read flaw in the built-in web browser. Pierluigi Paganini.

Hacking 55

Hacking Advertising Firmware Information Security 55

Security Affairs

FEBRUARY 23, 2020

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak. FC Barcelona and the International Olympic Committee Twitter accounts hacked. Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack. DOD DISA US agency discloses a security breach.

Artificial Intelligence 60

Artificial Intelligence eCommerce Firmware Hacking 60

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. ” reads the security advisory.

Firmware 62

Firmware Passwords Advertising IoT 62

Security Affairs

MARCH 28, 2020

On February 10, 2020, the Taiwanese manufacturer DrayTek issued a security bulletin to address the vulnerability with the release of the firmware program 1.5.1. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later. .”

Firmware 79

Firmware VPN Accountability Advertising 79

Security Affairs

JUNE 14, 2020

Every week the best security articles from Security Affairs free for you in your email box. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – newsletter, hacking). Pierluigi Paganini.

Firmware 65

Firmware Advertising Ransomware Hacking 65

Security Affairs

JULY 28, 2020

The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. According to the alert, the malware is relatively sophisticated and attackers demonstrate an awareness of operational security. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware 100

Malware Firmware Advertising Manufacturing 100

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware 116

Malware Firmware Manufacturing Mobile 116

Security Affairs

JULY 31, 2020

This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole , that can be exploited to install a stealthy malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 81

Firmware Advertising Malware Hacking 81

Security Affairs

FEBRUARY 1, 2021

We have confirmed that the Shellshock attack has been mitigated by patches that we released in 2015. We have also tested the shared PoC code and have so far concluded that it is not effective against firmware released after the 2015 patch.” SecurityAffairs – hacking, SonicWall). ” continues the update.

Firmware 99

Firmware Media Mobile Internet 99

Security Affairs

AUGUST 10, 2019

. “We were able to find the presence of a Remote Code Execution (RCE) vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then failed to apply subsequent security patches to.” Avaya addressed the issue with the release of new firmware on June 25. Only the H.323

Firmware 82

Firmware IoT Advertising Software 82

Security Affairs

AUGUST 7, 2020

Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant. The engineering received the files from an anonymous hacker who claimed to have hacked the company earlier this year, the experts believe that this leak is just a first lot on a larger collection.

Firmware 62

Firmware Advertising Engineering Hacking 62

Security Affairs

JUNE 14, 2019

The security advisory published by the company states that the issue impacts YubiKey series devices running versions 4.4.2 of the firmware. “An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 there is no released firmware version 4.4.3) SecurityAffairs – Yubico, hacking).

Firmware 70

Firmware Advertising Authentication Passwords 70

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). Pierluigi Paganini.

Firmware 84

Firmware Ransomware Wireless Encryption 84

Security Affairs

JULY 10, 2020

The company published a list of security advisories to inform its customers of the vulnerabilities in its products. Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. SecurityAffairs – hacking, Juniper). Pierluigi Paganini.

Firmware 79

Firmware Advertising Firewall Internet 79

Security Affairs

APRIL 10, 2020

The secure boot prevents that malware such as a rootkit will replace the boot loader staying completely invisible and undetectable on a target system. The security feature is part of the UEFI 2.3.1 Errata C specification (or higher), when the Secure Boot is enabled the OS is loaded only after all the firmware checks pass.

Firmware 96

Firmware Advertising Encryption Internet 96

Security Affairs

JUNE 18, 2020

A whopping 79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers. Oldest firmware versions have been released as far back as 2007. Pierluigi Paganini.

Firmware 129

Firmware Internet Internet Advertising 129

Security Affairs

JULY 5, 2019

Experts discovered a malicious app on Google Play, named Updates for Samsung , that was downloaded by over ten million users that poses as firmware updates. Over ten million users have installed a fake Samsung app named “ Updates for Samsung ” that poses as firmware updates. com via HTTPS.

Scams 66

Scams Firmware Advertising Software 66

Security Affairs

OCTOBER 8, 2020

Recently QNAP published a security advisory urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, QNAP).

Encryption 98

Encryption Firmware Advertising Ransomware 98