2015, Firmware, Hacking and Internet - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. These are the carriers that provide Internet access to rural areas all across America. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. “We strongly encourage moving to the My Cloud OS5 firmware,” the statement reads.

Firmware

Firmware Passwords Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” concludes Eclypsium.

Hacking

Hacking Firmware Media Authentication

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware

Firmware Advertising Malware Internet

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. The company released firmware p atches for the device in January. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Smart Light Bulbs, hacking).

Hacking

Hacking IoT Wireless Firmware

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Security Affairs

FEBRUARY 18, 2020

Successfully dumped the smartlock’s firmware. And after having successfully dumped the firmware we can proceed at extracting some valuable evidences for the forensics case. But it saves my time while hacking (I)IoT targets. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. SecurityAffairs – hacking, printers).

Internet

Internet Internet Firmware Advertising

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS

DDOS Hacking Internet Internet

Hacking Radio Blasting Systems for Fun & Explosions

Security Affairs

AUGUST 5, 2019

What about hacking Radio Blasting Systems? A quick search on the internet returned many products related to the topic. Which means, we can easily bruteforce and thus exhaust the space between them with the main WHID Elite Firmware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Firmware Engineering Advertising

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Automatic updates are available via Wi-Fi and can be installed by setting IoT radio devices back to factory settings and downloading the latest firmware version. . SecurityAffairs – IoT radio devices, hacking). .

IoT

IoT Hacking Firmware Advertising

ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Security Affairs

DECEMBER 1, 2018

The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. Securi ty Affairs – UPnProxy, NSA hacking tools).

Hacking

Hacking Internet Internet Advertising

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE. ” continues the report.

Firmware

Firmware Wireless Authentication Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack. “We recommend that Tenda router users check their firmware and make necessary update.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking

Hacking Firmware Advertising DDOS

SonicWall released patch for actively exploited SMA 100 zero-day

Security Affairs

FEBRUARY 4, 2021

SonicWall this week released firmware updates (version 10.2.0.5-29sv) “SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv We have confirmed that the Shellshock attack has been mitigated by patches that we released in 2015. SecurityAffairs – hacking, SonicWall). Pierluigi Paganini.

Firmware

Firmware Mobile Media Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT

IoT Hacking Internet Internet

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients). The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The most severe issue is the presence of Telnet backdoor accounts hardcoded in the firmware.

Firmware

Firmware Accountability Advertising Manufacturing

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers.

Firmware

Firmware Internet Internet Advertising

Security Affairs newsletter Round 268

Security Affairs

JUNE 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – newsletter, hacking). Pierluigi Paganini.

Firmware

Firmware Advertising Ransomware Hacking

Experts warn of active exploitation of SonicWall zero-day in the wild

Security Affairs

FEBRUARY 1, 2021

We have confirmed that the Shellshock attack has been mitigated by patches that we released in 2015. We have also tested the shared PoC code and have so far concluded that it is not effective against firmware released after the 2015 patch.” SecurityAffairs – hacking, SonicWall). ” continues the update.

Firmware

Firmware Media Mobile Internet

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. SecurityAffairs – hacking, LILIN). Pierluigi Paganini.

Firmware

Firmware Surveillance Manufacturing Advertising

Router Vulnerability and the VPNFilter Botnet

Schneier on Security

JUNE 11, 2018

It can eavesdrop on traffic passing through the router specifically, log-in credentials and SCADA traffic, which is a networking protocol that controls power plants, chemical plants and industrial systems attack other targets on the Internet and destructively "kill" its infected device. Internet of Things malware isn't new.

Malware

Malware Firmware Internet Internet

The Internet of Things: Security Risks Concerns

Spinone

MARCH 17, 2018

The Internet of Things (IoT) is a term used to describe the network of interconnected electronic devices with “smart” technology. billion “things” connected to the Internet , a 30% increase from 2015. billion “things” connected to the Internet , a 30% increase from 2015.

Internet

Internet Internet Risk Computers and Electronics

Tails OS version 4.5 supports the Secure Boot

Security Affairs

APRIL 10, 2020

The Tails OS allows to use the Internet anonymously and circumvent censorship by using the Tor Network, it leaves no trace on the computer users are using and uses the state-of-the-art cryptographic tools to encrypt files, emails and instant messaging. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Encryption Internet

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Juniper). Pierluigi Paganini.

Firmware

Firmware Advertising Firewall Internet

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

“ Experts found hardcoded credentials in the firmware that are used to connect to a private broker through the Message Queuing Telemetry Transport (MQTT) protocol for exchanging messages with remote IoT boards and sensors. If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’

IoT

IoT Hacking DNS Authentication

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” It has a CVSSv3 base score of 8.6 , since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.”

Firmware

Firmware Surveillance IoT Passwords

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws appeared first on Security Affairs.

IoT

IoT Hacking Manufacturing Advertising

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. SecurityAffairs – hacking, Pulse VPN).

VPN

VPN Passwords Banking Advertising

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Shell DNSChanger is written in the Shell programming language and combines 25 Shell scripts that allow the malware to carry out brute-force attacks on routers or firmware packages from 21 different manufacturers.

DNS

DNS Malware Firmware Phishing

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. The two agencies urge organizations to ensure their devices have not been previously infected, they recommend a full factory reset of the device before performing the firmware upgrade. Pierluigi Paganini.

Malware

Malware Firmware Advertising Manufacturing

How to Reverse Engineer, Sniff & Bruteforce Vulnerable RF Adult Toys with WHID Elite

Security Affairs

AUGUST 2, 2019

Expert Luca Bongiorni was looking for new targets to test WHID Elite’s Radio Hacking capabilities and found an interesting one: Electrocuting C**k Ring. Last week I was looking for new targets to test WHID Elite’s Radio Hacking capabilities and suddenly I found an interesting one: an Electrocuting C**k Ring.

Engineering

Engineering Firmware InfoSec Advertising

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019.” “There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” SecurityAffairs – Symantec Web Gateways, hacking).

IoT

IoT DDOS Authentication Advertising

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them. Pierluigi Paganini. ( – Cisco Cisco RV325, hacking).

Small Business

Small Business Firmware Advertising VPN

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

“Have as few internet facing devices as possible,” NERC urged in its report.” ” The flaw allowed the attackers to trigger a DoS condition in the internet-facing firewalls that were all perimeter devices used to implement the outer security layer. SecurityAffairs – power utility, hacking).

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

Hackers exploit 3-years old flaw to wipe Western Digital devices

Security Affairs

JUNE 25, 2021

The vendor pointed out that both My Book Live and My Book Live Duo devices received the last firmware update back in 2015 and are no longer supported. Western Digital recommends users disconnect their My Book Live and My Book Live Duo from the Internet. SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Internet Internet Hacking

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

QNAP urges users to update NAS firmware and app to prevent infections

Webinars

Trending Sources

Another 0-Day Looms for Many Western Digital Users

Webinars

Hacking IoT & RF Devices with BürtleinaBoard

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Some Zyxel devices can be hacked via DNS requests

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

USBAnywhere BMC flaws expose Supermicro servers to hack

Researchers warn of QNAP NAS attacks in the wild

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

A daily average of 80,000 printers exposed online via IPP

BotenaGo botnet targets millions of IoT devices using 33 exploits

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Hacking Radio Blasting Systems for Fun & Explosions

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Expert found multiple critical issues in MoFi routers

New Ttint IoT botnet exploits two zero-days in Tenda routers

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

SonicWall released patch for actively exploited SMA 100 zero-day

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

79 Netgear router models affected by a dangerous Zero-day

Security Affairs newsletter Round 268

Experts warn of active exploitation of SonicWall zero-day in the wild

Botnet operators target multiple zero-day flaws in LILIN DVRs

Router Vulnerability and the VPNFilter Botnet

The Internet of Things: Security Risks Concerns

Tails OS version 4.5 supports the Secure Boot

Juniper Networks addressed many issues in its products

Hacking the Twinkly IoT Christmas lights

Guardzilla Security Video System Footage exposed online

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

QSnatch malware infected over 62,000 QNAP NAS Devices

How to Reverse Engineer, Sniff & Bruteforce Vulnerable RF Adult Toys with WHID Elite

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

DoS attack the caused disruption at US power utility exploited a known flaw

Hackers exploit 3-years old flaw to wipe Western Digital devices

Stay Connected