2018, Firewall, Firmware and Hacking - Cyber Security Informer

2018

Firewall

Firmware

Hacking

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. percent from 2018.

Firmware

Firmware Hacking Software Surveillance

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Example of available open printers on a single IoT search engine (Shodan.io): As we can see, many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. Use a firewall.

Hacking

Hacking IoT Firmware Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

Cyclops Blink is believed to be a replacement for the VPNFilter botnet, which was first exposed in 2018 and at the time was composed of more than 500,000 compromised routers and network-attached storage (NAS) devices. According to WatchGuard , Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances.

Malware

Malware Firmware Architecture Firewall

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The “P2P Cloud” feature bypasses firewalls and effectively allows remote connections into private networks.

Surveillance

Surveillance Hacking Firmware Manufacturing

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software. 2017, an EAS station in Indiana also was hacked, with the intruders playing the same “zombies and dead bodies” audio from the 2013 incidents. and Marquette, Mich.

Firmware

Firmware Manufacturing Passwords Software

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

. “Obviously, these counts only represent devices that are not firewalled and allow direct querying over the IPv4 Internet.” This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. . SecurityAffairs – hacking, printers). ” continues the report.

Internet

Internet Internet Firmware Advertising

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Security Affairs

NOVEMBER 1, 2018

The BLEEDINGBIT vulnerabilities affect several Texas Instruments chips, the CVE-2018-16986 flaw affects CC2640 and CC2650 chips running BLE-STACK 2.2.1 “The security vulnerability for CVE-2018-16986 is present in these TI chips when scanning is used (e.g. to address the CVE-2018-16986 flaw. or earlier.

Firmware

Firmware Manufacturing IoT Mobile

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

“The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet.” The malware leverages the firmware update process to achieve persistence. SecurityAffairs – hacking, Russia). ” reads the DoJ.

Malware

Malware Government Firmware Firewall

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices. Keeping firmware up to date is essential for security.

Encryption

Encryption Firmware Surveillance Technology

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Security Affairs

AUGUST 14, 2018

The researchers found Bleichenbacher oracles in the IKEv1 implementations of Cisco (CVE-2018-0131), Huawei (CVE2017-17305), Clavister (CVE-2018-8753), and ZyXEL (CVE-2018-9129). According to the Huawei’s advisory , its firewall products are affected by the flaw. Securi ty Affairs – IPsec, hacking).

Encryption

Encryption Authentication Internet Internet

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

In September 2016, source code of one of the most popular botnets named Mirai was leaked and uploaded to one of the hacking community forums, and later uploaded to GitHub with detailed information on the botnet, its infrastructure, configuration and how to build it. Install security and firmware upgrades from vendors, as soon as possible.

Malware

Malware IoT Authentication Antivirus

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

Announced in 2018 by the Wi-Fi Alliance, WPA3 simplifies the process of configuring devices with little to no display interface — such as IoT devices— by introducing Wi-Fi Easy Connect. Update your router firmware from your router’s manufacturer and install them to ensure your router is up to date and secure.

Wireless

Wireless Encryption Authentication IoT

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

Both the vulnerabilities (dubbed CVE-2018-18472 and CVE-2018-18471) remain unpatched at the time of this publication. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware

Firmware IoT VPN Authentication

Top 9 Cybersecurity Challenges SMEs Currently Face

Responsible Cyber

APRIL 8, 2020

Small and mid-sized enterprises (SMEs) are increasingly at risk of cyber-attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco’s 2018 SMB Cybersecurity Report. Eventually, a basic level of knowledge and awareness could mean the difference between being hacked or avoiding the risk altogether.

Cybersecurity

Cybersecurity DDOS Small Business Phishing

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

” In April 2018, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. In December 2018 the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

Cyber Attacks

Cyber Attacks Advertising Firmware Data collection

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests. Educational institutions are recommended to use anti-DDoS solutions and strong firewall settings, and partner up with ISPs. Gaming platforms didn’t escape cybercriminal attention either.

DDOS

DDOS Cryptocurrency Marketing Internet

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Webinars

Trending Sources

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Webinars

US and UK link new Cyclops Blink malware to Russian state hackers?

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Sounding the Alarm on Emergency Alert System Flaws

A daily average of 80,000 printers exposed online via IPP

BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

US dismantled the Russia-linked Cyclops Blink botnet

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

BotenaGo strikes again – malware source code uploaded to GitHub

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Top 9 Cybersecurity Challenges SMEs Currently Face

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

DDoS attacks in Q4 2020

Stay Connected