2017, Firmware and Information Security

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Security Affairs

JULY 25, 2022

Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. appeared first on Security Affairs.

Firmware

Firmware Malware Hacking Information Security

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The vulnerability impacts devices running firmware versions 7.3.15.0 Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11),

Firmware

Firmware Hacking Cybercrime Information Security

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0

IoT

IoT Firmware Malware Wireless

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.”

Malware

Malware Firmware Architecture Firewall

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware

Malware Firmware Advertising Manufacturing

Top 6 Rootkit Threats and How to Protect Yourself

eSecurity Planet

NOVEMBER 7, 2022

This type of rootkit was developed as a proof of concept in 2006, but in 2017, researcher Joseph Connelly designed nested virtual machine rootkit CloudSkulk as part of his Masters degree work at Boise State University. Firmware Rootkit. The rootkit is able to remain hidden because firmware is not usually inspected for code integrity.

Firmware

Firmware Malware Antivirus Firewall

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. ” reads the security advisory.

Firmware

Firmware Passwords Advertising IoT

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. The malware leverages the firmware update process to achieve persistence. Cyclops Blink is sophisticated malware with a modular structure.

Firmware

Firmware Malware Cybersecurity Hacking

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

“APT28 has been known to access vulnerable routers by using default and weak SNMP community strings, and by exploiting CVE-2017-6742 (Cisco Bug ID: CSCve54313) as published by Cisco.” “Weak SNMP community strings, including the default “public,” allowed APT28 to gain access to router information.

Malware

Malware Firmware Government Education

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Security Affairs

NOVEMBER 24, 2022

Moreover, those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities.” ” concludes the report. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

IoT

IoT Firmware Software Risk

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Below the attack chain that was visible in the video PoC: The attacker takes control over the smart bulb by exploiting a vulnerability in smart light bulbs in 2017. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

Experts recommend users installing routers update and patched firmware to mitigate the threat. The experts believe that threat actors behind the campaign leveraged EternalBlue (CVE-2017-0144) and EternalRed (CVE-2017-7494) exploits on unpatched Windows and Linux systems, respectively.

Internet

Internet Internet Firmware Hacking

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

Gafgyt also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads, which we will discuss further on. Figure 6: Huawei Exploit inside binary (CVE-2017-17215). Keep systems and firmware updated with the latest releases and patches. Some of the recent Gafgyt variants (e.g.,

Malware

Malware DDOS IoT Firmware

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was not previously reported and can affect both home and business environments.”

Passwords

Passwords Advertising Firmware Authentication

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. The malware leverages the firmware update process to achieve persistence. Cyclops Blink is sophisticated malware with a modular structure. ” reads the DoJ.

Malware

Malware Government Firmware Firewall

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

“Once the attacker gains full access to the device through the botnet, the firmware level can be changed and additional malware can be planted on the device.” This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.”

IoT

IoT DDOS Architecture Passwords

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups. . “INCONTROLLER represents an exceptionally rare and dangerous cyber attack capability.

Passwords

Passwords Architecture Backups Cyber Attacks

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

The only way to recover infected devices is to manually reinstall the device’s firmware. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. It's trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device.

IoT

IoT Malware Advertising Firmware

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

Maryland was one of the very first states to recognize the importance of information security, not only as a critical issue for the nation, but also as a strategic industry for the state,” said Governor Larry Hogan. According to the U.S. This made it the nation’s eighth-largest technology hub.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

From the 1960’s to 2000 infusion pumps were mostly electromechanical devices with some embedded electronics, but the turn of the century delivered “smarter” devices with better safety mechanisms and the possibility to program them, which slowly opened the door to information security challenges.

Computers and Electronics

Computers and Electronics Authentication Software Risk

Cyber Security Informer

Android devices shipped with backdoored firmware as part of the BADBOX network

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Webinars

Trending Sources

Gafgyt botnet is targeting EoL Zyxel routers

Webinars

BotenaGo botnet targets millions of IoT devices using 33 exploits

Second-ever UEFI rootkit used in North Korea-themed attacks

US and UK link new Cyclops Blink malware to Russian state hackers?

Beastmode Mirai botnet now includes exploits for Totolink routers

A new Zerobot variant spreads by exploiting Apache flaws

QSnatch malware infected over 62,000 QNAP NAS Devices

Top 6 Rootkit Threats and How to Protect Yourself

WAGO Industrial Switches affected by multiple flaws

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Mirai code re-use in Gafgyt

TP-Link Archer routers allow remote takeover without passwords

US dismantled the Russia-linked Cyclops Blink botnet

Mozi Botnet is responsible for most of the IoT Traffic

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Silex malware bricks thousands of IoT devices in a few hours

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Stay Connected