2017, Architecture and Firmware - Cyber Security Informer

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Cryptocurrency

Cryptocurrency Malware Firmware Antivirus

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

SecureWorld News

JANUARY 9, 2025

Also of concern is the firmware and ROM found on many components that go into the manufacture of systems, nearly of all which are manufactured today in mainland China. million in 2017 at Hollywood Presbyterian Medical Center to $240 million in 2021 with an attack on MediaMarkt, Europe's largest consumer electronics retailer.

Cybersecurity

Cybersecurity Manufacturing Surveillance Ransomware

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Authentication

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Manufacturing

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.”

Malware

Malware Firmware Architecture Firewall

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Firmware Malware

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware

Malware DNS Encryption Cryptocurrency

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

“The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices. . “The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices.

Backups

Backups Architecture Passwords Cyber Attacks

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

However, there is a difference between the Mirai malware and the new malware variants using Go, including differences in the language in which it is written and the malware architectures. Ax with firmware 1.04b12 and earlier. CVE-2017-6077. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2017-18368.

IoT

IoT Malware Firmware Authentication

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

Gafgyt also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads, which we will discuss further on. Figure 6: Huawei Exploit inside binary (CVE-2017-17215). Keep systems and firmware updated with the latest releases and patches. Some of the recent Gafgyt variants (e.g.,

DDOS

DDOS Malware IoT Firmware

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

The only way to recover infected devices is to manually reinstall the device’s firmware. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. It's trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device.

IoT

IoT Malware Firmware Advertising

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

MARCH 10, 2021

In 2017, Tesla sent an over-the-air update to their Model S and X vehicles to extend maximum battery capacity and driving range, which allowed owners to drive an extra 30 miles outside the evacuation area as Hurricane Irma was bearing down on Florida. Over-the-air (OTA) software and firmware updates must be delivered securely and effectively.

IoT

IoT Firmware Manufacturing Encryption

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

The Mirai botnet targets mostly routers and IoT devices, and it supports different architectures including Linux x64, different ARM versions, MIPS, PowerPC, and more. Install security and firmware upgrades from vendors, as soon as possible. 2027093: ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6077). Recommended actions.

Malware

Malware IoT Authentication Antivirus

Kali Linux 2023.2 Release (Hyper-V & PipeWire)

Kali Linux

MAY 29, 2023

Some background information: PipeWire is a “server for handling audio, video streams, and hardware on Linux” It was initially released in 2017, is actively developed, and is poised to become the de-facto sound server in pretty much every Linux distribution out there, therefore replacing PulseAudio. " VERSION_ID="2023.2"

Firmware

Firmware Phishing Architecture Authentication

APT trends report Q1 2022

SecureList

APRIL 27, 2022

While we were unable to obtain the same results by analyzing the CERT-UA samples, we subsequently identified a different WhiteBlackCrypt sample matching the WhisperKill architecture and sharing similar code. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology.

Malware

Malware Firmware Government Phishing

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

Braun Infusomat system were released in 2017. Lastly, the pump runs its own custom Real Time Operating System (RTOS) and firmware on a M32C microcontroller. An architecture diagram below helps demonstrates the system layout and design when a pump is present in the docking station. Figure 2: System Architecture.

Computers and Electronics

Computers and Electronics Authentication Software Firmware

Kali Linux 2024.4 Release (Python 3.12, Goodbye i386, Raspberry Pi Imager & Kali NetHunter)

Kali Linux

DECEMBER 15, 2024

History lesson: i386 is a 32-bit CPU architecture, maybe more widely known by the name x86. It was the CPU architecture of the first generations of Intel Pentium, AMD K6, and Athlon. Starting in 2003, a 64-bit version of the x86 architecture appeared, usually named x86-64 (or amd64 in Debian-based Linux distributions).

Architecture

Architecture Passwords Software Firmware

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

The Security Ledger

APRIL 11, 2019

In this Spotlight Podcast, sponsored by Trusted Computing Group, I speak with Dennis Mattoon, a Principal Researcher at Microsoft Research and the Chairman of the Trusted Computing Group's DICE Architectures Working Group* about how strong device identities for IoT endpoints can stop. Read the whole entry. »

Hacking

Hacking Architecture IoT Software

NIST Cybersecurity Framework: IoT and PKI Security

Thales Cloud Protection & Licensing

NOVEMBER 7, 2017

They are often delivered with default admin credentials that do not have to be changed, offer limited or no authentication support and may not have the means to update firmware – a critical need if a vulnerability is discovered that needs to be patched. In addition, IoT devices rarely follow the principles of security by design.

IoT

IoT Cybersecurity Manufacturing Digital transformation

Cyber Security Informer

New Triada Trojan comes preinstalled on Android devices

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

Trending Sources

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Android devices shipped with backdoored firmware as part of the BADBOX network

Second-ever UEFI rootkit used in North Korea-themed attacks

US and UK link new Cyclops Blink malware to Russian state hackers?

A new Zerobot variant spreads by exploiting Apache flaws

Mozi Botnet is responsible for most of the IoT Traffic

StripedFly: Perennially flying under the radar

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Mirai code re-use in Gafgyt

Silex malware bricks thousands of IoT devices in a few hours

Top SD-WAN Solutions for Enterprise Security

Guest Blog: TalkingTrust. What’s driving the security of IoT?

BotenaGo strikes again – malware source code uploaded to GitHub

Kali Linux 2023.2 Release (Hyper-V & PipeWire)

APT trends report Q1 2022

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Kali Linux 2024.4 Release (Python 3.12, Goodbye i386, Raspberry Pi Imager & Kali NetHunter)

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

NIST Cybersecurity Framework: IoT and PKI Security

Stay Connected