2019 and Firmware - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Tech consultancy IDC tells us that global spending on security hardware, software and services is on course to top $103 billion in 2019, up 9.4

Firmware

Firmware Hacking Software Surveillance

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Measuring the Security of IoT Devices

Schneier on Security

OCTOBER 3, 2019

Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. They look at the actual firmware. It represents a wide range of either found in the home, enterprise or government deployments.

IoT

IoT Firmware Data collection Architecture

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked as PSV-2019-0076 , affects Netgear Nighthawk X4S Smart Wi-Fi Router (R7800) family.

Firmware

Firmware Wireless Advertising Authentication

Trending CVEs for the Week of January 28th, 2019

NopSec

JANUARY 30, 2019

This week’s most talked about vulnerability is CVE-2019-1653. It was discovered and privately disclosed to Cisco by a German security firm RedTeam Pentesting, along with a remote command injection flaw – CVE-2019-1652. for CVE-2019-1653 and CVE-2019-1652, respectively. and 1.4.2.17. and 1.4.2.17. through 1.4.2.19.

Small Business

Small Business Firmware VPN Authentication

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

The Hacker News

JULY 15, 2021

x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being

VPN

VPN Ransomware Firmware Mobile

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Attack Against PC Thunderbolt Port

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data.

Firmware

Firmware Manufacturing Encryption Hacking

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Security Affairs

NOVEMBER 7, 2019

Bug hunters have earned a total of $195,000 for finding flaws in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest. Pwn2Own Tokyo 2019 contest offers over $750,000 in rewards for working exploits targeting one of the devices in a list of 17 systems. SecurityAffairs – Pwn2Own Tokyo 2019, hacking).

Hacking

Hacking Advertising Firmware Information Security

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11),

Firmware

Firmware Hacking Cybercrime Information Security

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR

Threatpost

AUGUST 11, 2019

Session shows how researchers found multiple vulnerability in Canon firmware that can be used in a malware attack.

Firmware

Firmware Hacking Malware IoT

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 181024 CVE-2019-19824 TOTOLINK Realtek SDK based routers, this affects A3002RU through 2.0.0, Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Firmware

Firmware Ransomware Wireless Encryption

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware DNS Advertising

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware

Firmware VPN Accountability Advertising

Western Digital: Disconnect My Book Live drives immediately

SC Magazine

JUNE 25, 2021

Hackers appeared to be taking advantage of a vulnerability first published in 2019. Western Digital stopped supporting My Live drives in 2015, and have not updated their firmware since. Hackers appeared to be taking advantage of a vulnerability first published in 2019. AnneElizH/CC BY-SA 4.0/[link].

Firmware

Firmware Media Internet Internet

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Weitere Informationen von unseren Kollegen bei @CERTFI : [link] — CERT-Bund (@certbund) October 31, 2019. Webshell functionality for remote access. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. reads the advisory. 830) and Germany (789).

VPN

VPN Passwords Banking Advertising

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

” Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Below the timeline of the vulnerability: Dec 2, 2019: Email sent to Fortinet PSIRT with vulnerability details. Dec 3, 2019: Automated reply from PSIRT that email was received. Jan 3, 2019: Public Release.

Authentication

Authentication Firmware Advertising Firewall

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC). The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

Firmware

Firmware Advertising Authentication Hacking

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

IoT

IoT Firmware Marketing Authentication

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

According to the Chinese security firm Qihoo 360’s Netlab team, operators of several botnets , including Chalubo , FBot , and Moobot , targeting LILIN DVRs at least since August 30, 2019. The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. The malware leverages the firmware update process to achieve persistence. “Cyclops Blink persists on reboot and throughout the legitimate firmware update process.

Malware

Malware Firmware Architecture Firewall

Operation Triangulation: The last (hardware) mystery

SecureList

DECEMBER 27, 2023

If we try to describe this feature and how the attackers took advantage of it, it all comes down to this: they are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware.

Firmware

Firmware Engineering Spyware Retail

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

The flaws were discovered by Hugues Anguelkov during his internship at Quarkslab are tracked as CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503. Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips.

Hacking

Hacking Firmware Wireless Advertising

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

Ranzy Locker Ransomware warning issued by FBI

CyberSecurity Insiders

OCTOBER 28, 2021

Note- In November 2019, FBI issued a press update notifying companies not to pay a ransom to hackers, if in case, their data is compromised by malware as it encourages crime and also doesn’t guaranty a decryption key in return as soon as the ransom is paid.

Ransomware

Ransomware Firmware Backups Encryption

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. The notice mentions the following products along with recommended actions: SRA 4600/1600 (EOL 2019) disconnect immediately and reset passwords.

Ransomware

Ransomware Firmware VPN Firewall

Apple AirTag can be hacked say security research

CyberSecurity Insiders

MAY 14, 2021

Stack Smashing the hacker who tweeted on May 8th of this year that the microcontroller of the AirTag can be influenced by tech that can thereafter help the threat actor take control of the firmware and operations of the tracking device thereafter. Find MY user interface in the App.

Hacking

Hacking Firmware DDOS Scams

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

These issues usually occur due to some improper synchronization between user code and the SDK firmware distributed by the SoC vendor, Security Bypass : Vulnerabilities that could be exploited by attackers in radio range to bypass the latest secure pairing mode of BLE. 2.60 (CVE-2019-16336) and NXP KW41Z 3.40 SDK (CVE-2019-17519).

IoT

IoT Firmware Advertising Hacking

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

“In reality, enumeration of these prefixes has shown that the number of online devices was ~1,517,260 in March 2019. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. By enumerating all of the other vendor prefixes, that pushes the number toward 2 million.”

IoT

IoT Firewall Manufacturing Computers and Electronics

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even after users attempt to uninstall it. In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Mobile

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

Some of the flaws were reported in February 9, 2019, other issues date back to March 2020, but all of them have been publicly disclosed on July 22. The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09

Firmware

Firmware Advertising Authentication Hacking

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. CVE-2019-19781 enabled the actors to execute directory traversal attacks.[ CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government

Government VPN Firmware Energy and Utilities

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

OCTOBER 7, 2019

Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019. The flaw has received a CVSS v31 base score of 9.8 and a CVSS v20 base score of 10.0.

Authentication

Authentication Advertising Firmware Hacking

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The first vulnerability, tracked as CVE-2019-10538 is a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel.

Hacking

Hacking Firmware Advertising Mobile

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

CVE-2019-11510. Three of these vulnerabilities — CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 — were also routinely exploited in 2020. CVE-2019-19781. CVE-2019-18935. Arbitrary code execution. CVE-2021-21972. VMware vSphere Client. CVE-2020-1472. Microsoft Netlogon Remote Protocol (MS-NRPC). CVE-2020-0688.

Cybersecurity

Cybersecurity Software Firmware Internet

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2019-19824. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

Malware

Malware IoT Firmware Authentication

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Fortinet urges customers to install the patch for CVE-2019-17659 , or restrict the access to FortiSIEM’s “ tunneluser ” port (19999). reads the advisory. “A reads the advisory. Users would upgrade to FortiSIEM version 5.2.7

Advertising

Advertising Firmware Authentication Passwords

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). ZDI reported the flaws to the vendor in November 2019, January and February 2020. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products.

Authentication

Authentication Firmware Hacking Mobile

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Trending Sources

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Intel addresses High-Severity flaws in NUC Firmware and other tools

Measuring the Security of IoT Devices

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Trending CVEs for the Week of January 28th, 2019

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Attack Against PC Thunderbolt Port

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Gafgyt botnet is targeting EoL Zyxel routers

HelloKitty ransomware gang targets vulnerable SonicWall devices

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR

BotenaGo botnet targets millions of IoT devices using 33 exploits

Infecting Canon EOS DSLR camera with ransomware over the air

New Ttint IoT botnet exploits two zero-days in Tenda routers

Hackers target zero-day flaws in enterprise Draytek network devices

Western Digital: Disconnect My Book Live drives immediately

Second-ever UEFI rootkit used in North Korea-themed attacks

QSnatch malware infected over 62,000 QNAP NAS Devices

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Intel addresses high severity flaw in Processor Diagnostic Tool

Flaws in Wyze cam devices allow their complete takeover

Botnet operators target multiple zero-day flaws in LILIN DVRs

US and UK link new Cyclops Blink malware to Russian state hackers?

Operation Triangulation: The last (hardware) mystery

Broadcom WiFi Driver bugs expose devices to hack

AMD is going to patch UEFI SMM callout privilege escalation flaw

Ranzy Locker Ransomware warning issued by FBI

SonicWall warns users of “imminent ransomware campaign”

Apple AirTag can be hacked say security research

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

P2P Weakness Exposes Millions of IoT Devices

xHelper, the Unkillable Android malware that re-Installs after factory reset

D-Link addressed 5 flaws on some router models, some of them reached EoL

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

D-Link router models affected by remote code execution issue that will not be fixed

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Netgear is releasing fixes for ten issues affecting 79 products

Stay Connected