2017 and Firmware - Cyber Security Informer

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Cryptocurrency

Cryptocurrency Malware Firmware Antivirus

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Security Affairs

JUNE 28, 2025

LapDogs’ ShortLeash malware targets a wide range of hardware and firmware vendors without vendor restrictions. SecurityScorecard researchers found that many devices in the LapDogs network are vulnerable to known flaws like CVE-2015-1548 and CVE-2017-17663 , linked to outdated mini_httpd servers.

IoT

IoT Hacking Firmware Malware

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

SecureWorld News

JANUARY 9, 2025

Also of concern is the firmware and ROM found on many components that go into the manufacture of systems, nearly of all which are manufactured today in mainland China. million in 2017 at Hollywood Presbyterian Medical Center to $240 million in 2021 with an attack on MediaMarkt, Europe's largest consumer electronics retailer.

Cybersecurity

Cybersecurity Manufacturing Surveillance Ransomware

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Zero Day

JUNE 14, 2025

The unsupported models include any MacBook Air, MacBook Pro, or Mac Mini from 2017 or earlier, and iMac and Mac Pro models from 2018 or earlier. Intel's 8th Generation Core CPUs (the Coffee Lake family, released in 2017 and 2018) probably qualify as well.

Password Management

Password Management Small Business Software Artificial Intelligence

Backdoor Built into Android Firmware

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. That meant the malware could directly tamper with every installed app.

Firmware

Firmware Manufacturing Malware Mobile

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

Zero Day

JULY 11, 2025

Technical support, firmware and software updates, and troubleshooting assistance for affected products will also stop on that date. " Wemo says the Wemo app used to control devices will no longer be supported after Jan. If your Wemo product is still under warranty on or after Jan.

Artificial Intelligence

Artificial Intelligence Digital transformation Password Management Software

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Authentication

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Architecture

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Infrastructure.

Firmware

Firmware DNS Malware Internet

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Security Affairs

JULY 25, 2022

Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. ” concludes the report.

Firmware

Firmware Malware Hacking Information Security

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0

IoT

IoT Firmware Malware Wireless

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

SC Magazine

JUNE 2, 2021

ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware. ReFirm was founded in 2017 as an offshoot of the popular open-source Binwalk product. (Photo by Drew Angerer/Getty Images).

Firmware

Firmware IoT Technology Media

CosmicStrand malware targets old Asus and Gigabyte motherboards

CyberSecurity Insiders

JULY 27, 2022

A novel malware named CosmicStrand is said to be targeting the old motherboards offered by Asus and Gigabyte and the crux is that it can survive operating system re-installs and it survives in Unified Extensible Firmware Interface (UEFIs) unlike just the storage drive.

Malware

Malware Firmware Antivirus Marketing

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 on July 21, 2017. ” reads the report published by 360 Netlab. 0,” continues 360 Netlab.

Firmware

Firmware Advertising Malware Internet

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. ” reads the report. ” reads the report.

Hacking

Hacking Firmware Mobile Penetration Testing

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The vulnerability impacts devices running firmware versions 7.3.15.0 Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11),

Firmware

Firmware Hacking Cybercrime Information Security

Cisco says its RV routers will no longer receive updates

Security Affairs

JANUARY 15, 2021

Cisco announced it will no longer release firmware updates to fix 74 vulnerabilities affecting its RV routers, which reached end-of-life (EOL). Cisco will no longer release firmware updates to address 74 vulnerabilities affecting some of its RV routers that reached end-of-life (EOL). ” reads the advisory.

Small Business

Small Business Firmware Hacking Software

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware

Malware Firmware Advertising Manufacturing

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.”

Malware

Malware Firmware Architecture Firewall

Millions of Arris routers are vulnerable to path traversal attacks

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. Unfortunately the Arris firmware is based on the vulnerable version of muhttpd. In 2017 for example, experts discovered easily exploitable flaws in Arris modems distributed by AT&T. muhttpd web server. The muhttpd server 1.1.5

Firmware

Firmware Internet Internet Passwords

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. The expert also found hardcoded private keys for the SSH daemon in the device’s firmware.

Firmware

Firmware Passwords Advertising IoT

Decoding Security 119: Hacking Politics

SiteLock

AUGUST 27, 2021

Food and Drug Administration (FDA) announced an upgrade to the firmware installed on certain vulnerable cardiac devices. Tune in this week on Decoding Security as Security Analysts Jessica Ortega and Ramuel Gall discuss cybersecurity laws including Net Neutrality, Mainstreet Cybersecurity Act of 2017, and GDPR.

Hacking

Hacking Firmware Cybersecurity

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Below the attack chain that was visible in the video PoC: The attacker takes control over the smart bulb by exploiting a vulnerability in smart light bulbs in 2017. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

Security Affairs

JANUARY 1, 2019

The group of researchers presented called “ wattet.fail ” firmware, side-channel, microcontroller and supply-chain attacks that impact most popular hardware-based cryptocurrency wallets, including Trezor One, Ledger Nano S, and Ledger Blue. Experts exploited a vulnerability in the Trezor One that was found in 2017 and patched by the vendor.

Cryptocurrency

Cryptocurrency Hacking Firmware Advertising

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware

Malware DNS Encryption Cryptocurrency

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

Update and patch operating systems, software, and firmware as soon as updates and patches are released. CVE-2017-8464 : The LNK Remote Code Execution Vulnerability is an RCE vulnerability in Microsoft Windows via crafted.LNK files, which attackers can exploit to gain local user rights on a victim’s system.

Ransomware

Ransomware Encryption Backups Accountability

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. The malware exploits several vulnerabilities, including CVE-2017-17215 in Huawei devices, using hard-coded command and control IPs. reads the advisory published by CISA.

Firmware

Firmware Malware Security Intelligence Authentication

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Example of available open printers on a single IoT search engine (Shodan.io): As we can see, many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. Change the default password.

Hacking

Hacking IoT Firmware Internet

Dell new vulnerability puts over 30 million users at risk

CyberSecurity Insiders

JUNE 25, 2021

Going with the technical terms, the vulnerability was impacting a feature called BIOS Connect that allows users to perform system recovery and update firmware by connecting the device BIOS setup with the backend servers of Dell on a remote node.

Risk

Risk Firmware DNS Cyber Risk

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. CVE-2017-6077. NETGEAR DGN2200 devices with firmware through 10.0.0.50. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

IoT

IoT Malware Firmware Authentication

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

Then in 2017, clever attackers managed to compromise a smart thermometer in a fish tank, thereby gaining access to the high-roller database of a North American casino. The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale.

IoT

IoT Government Manufacturing Internet

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

Three of these vulnerabilities — CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 — were also routinely exploited in 2020. CVE-2017-11882. CVE-2017-0199. Vendor and Product. CVE-2021-42237. Sitecore XP. CVE-2021-35464. ForgeRock OpenAM server. CVE-2021-27104. CVE-2019-18935. Progress Telerik UI for ASP.NET AJAX. CVE-2018-0171.

Cybersecurity

Cybersecurity Software Firmware Internet

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. The malware leverages the firmware update process to achieve persistence. Cyclops Blink is sophisticated malware with a modular structure.

Firmware

Firmware Malware Cybersecurity Hacking

Apple and Samsung fined millions for “planned obsolescence” of old smartphones

Security Affairs

OCTOBER 27, 2018

” Back in December 2017, Apple apologized for slowing down older iPhones, the company introduced features, that impacted the iPhone 6, 6S, 7 and SE, to cope with aging batteries. . ” ” AGCM said in a statement. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Mobile

Mobile Firmware Advertising Software

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

Gafgyt also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads, which we will discuss further on. Figure 6: Huawei Exploit inside binary (CVE-2017-17215). Keep systems and firmware updated with the latest releases and patches. Some of the recent Gafgyt variants (e.g.,

DDOS

DDOS Malware IoT Firmware

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

“Once the attacker gains full access to the device through the botnet, the firmware level can be changed and additional malware can be planted on the device.” This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.”

IoT

IoT DDOS Architecture Passwords

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

Since its first discovery in August 2017, experts observed three variants of the exploit kit, including one involved in the DNSChanger system of a recent GhostDNS campaign. Currently, Novidade is used in different campaigns, experts believe it has been sold to multiple threat actors or its source code leaked.

DNS

DNS Firmware Advertising Banking

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

The only way to recover infected devices is to manually reinstall the device’s firmware. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. It's trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device.

IoT

IoT Malware Firmware Advertising

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

The campaign observed by Akamai in December tracked as EternalSilence, was targeting millions of machines living behind the vulnerable routers by leveraging the EternalBlue and EternalRed (CVE-2017-7494) exploits. allows attackers to cause a denial of service (DoS) • CVE-2017-1000494 , an uninitialized stack variable flaw in MiniUPnPd.

Cyber Attacks

Cyber Attacks Advertising Firmware Data collection

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was not previously reported and can affect both home and business environments.”

Passwords

Passwords Firmware Advertising Authentication

ICS-CERT warns of critical flaws in NetComm industrial routers

Security Affairs

AUGUST 13, 2018

The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 Sood reported the flaws to the ICS-CERT in October 2017. NetComm has released a firmware update that addresses the security vulnerabilities in mid-May 2018.

Wireless

Wireless Firmware Manufacturing Advertising

New Triada Trojan comes preinstalled on Android devices

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Trending Sources

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Backdoor Built into Android Firmware

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Android devices shipped with backdoored firmware as part of the BADBOX network

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

BotenaGo botnet targets millions of IoT devices using 33 exploits

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

CosmicStrand malware targets old Asus and Gigabyte motherboards

Researchers warn of QNAP NAS attacks in the wild

Second-ever UEFI rootkit used in North Korea-themed attacks

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Gafgyt botnet is targeting EoL Zyxel routers

Cisco says its RV routers will no longer receive updates

QSnatch malware infected over 62,000 QNAP NAS Devices

US and UK link new Cyclops Blink malware to Russian state hackers?

Millions of Arris routers are vulnerable to path traversal attacks

WAGO Industrial Switches affected by multiple flaws

Decoding Security 119: Hacking Politics

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Experts show that is easy to hack Hardware-based Cryptocurrency Wallets

StripedFly: Perennially flying under the radar

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

A new Zerobot variant spreads by exploiting Apache flaws

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Dell new vulnerability puts over 30 million users at risk

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Beastmode Mirai botnet now includes exploits for Totolink routers

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Apple and Samsung fined millions for “planned obsolescence” of old smartphones

Mirai code re-use in Gafgyt

Mozi Botnet is responsible for most of the IoT Traffic

Novidade, a new Exploit Kit is targeting SOHO Routers

Silex malware bricks thousands of IoT devices in a few hours

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

TP-Link Archer routers allow remote takeover without passwords

ICS-CERT warns of critical flaws in NetComm industrial routers

Stay Connected