2019, Firmware, Hacking and Information Security

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Security Affairs

NOVEMBER 7, 2019

Bug hunters have earned a total of $195,000 for finding flaws in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest. Pwn2Own is the annual hacking contest event organized by Trend Micro’s Zero Day Initiative (ZDI). The security duo exploited a JavaScript out-of-bounds read flaw in the built-in web browser.

Hacking

Hacking Advertising Firmware Information Security

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Security Affairs

MAY 2, 2021

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The duo was planning to present the attack at the PWN2OWN 2020 hacking contest, but since it was moved online due to the COVID19 pandemic they opted to privately report the issues to the carmaker.

Hacking

Hacking Firmware Manufacturing Software

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked as PSV-2019-0076 , affects Netgear Nighthawk X4S Smart Wi-Fi Router (R7800) family.

Firmware

Firmware Wireless Advertising Authentication

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11),

Firmware

Firmware Hacking Cybercrime Information Security

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The first vulnerability, tracked as CVE-2019-10538 is a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel. Pierluigi Paganini.

Hacking

Hacking Firmware Advertising Mobile

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware

Ransomware Firmware Mobile InfoSec

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. ” Check Point reported the issue to Philips and Signify (owner of the Philips Hue brand) in November 2019. The company released firmware p atches for the device in January. Pierluigi Paganini.

Hacking

Hacking IoT Wireless Firmware

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT).

IoT

IoT Firmware DNS Advertising

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The security researcher Benjamin Kunz from Vulnerability-Lab disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack devices without any user interaction. The vulnerabilities have been tracked as CVE-2019-13473 and CVE-2019-13474. . Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 181024 CVE-2019-19824 TOTOLINK Realtek SDK based routers, this affects A3002RU through 2.0.0, Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Weitere Informationen von unseren Kollegen bei @CERTFI : [link] — CERT-Bund (@certbund) October 31, 2019. Webshell functionality for remote access. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Firmware

Firmware Ransomware Wireless Encryption

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware

Firmware VPN Accountability Advertising

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

IoT

IoT Firmware Marketing Authentication

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. ” reads the advisory published by the UK National Cyber Security Centre. The malware leverages the firmware update process to achieve persistence. Pierluigi Paganini.

Malware

Malware Firmware Architecture Firewall

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication

Authentication Firmware Hacking Passwords

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC). The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

Firmware

Firmware Advertising Authentication Hacking

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. ZDI reported the flaws to the vendor in November 2019, January and February 2020.

Authentication

Authentication Firmware Hacking Mobile

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

Now experts found 12 vulnerabilities in the BLE software development kits (SDKs) of seven SoC vendors (Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor) that could be exploited to hack into various smart devices, including devices and environmental tracking or sensing systems.

IoT

IoT Firmware Advertising Hacking

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

Some of the flaws were reported in February 9, 2019, other issues date back to March 2020, but all of them have been publicly disclosed on July 22. The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09

Firmware

Firmware Advertising Authentication Hacking

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. SecurityAffairs – hacking, NAS). Create complex login passwords to make brute-forcing more difficult for attackers.

Ransomware

Ransomware Encryption Firmware Passwords

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. CVE-2019-19781 enabled the actors to execute directory traversal attacks.[ CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government

Government VPN Firmware Energy and Utilities

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Fortinet urges customers to install the patch for CVE-2019-17659 , or restrict the access to FortiSIEM’s “ tunneluser ” port (19999). SecurityAffairs – Fortinet, hacking). reads the advisory. “A

Advertising

Advertising Firmware Authentication Passwords

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. SecurityAffairs – hacking, Mozi botnet). Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even after users attempt to uninstall it. In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Mobile

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems. SecurityAffairs – hacking, Pink botnet). Pierluigi Paganini.

Architecture

Architecture DDOS Advertising Firmware

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

. “The bug affecting the open source software was reported in 2009, yet its presence in the phone’s firmware remained unnoticed until now. 323 software stack is affected (as opposed to the SIP stack that can also be used with these phones), and the Avaya Security Advisory (ASA) can be found here ASA-2019-128. Only the H.323

Firmware

Firmware IoT Advertising Software

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT

IoT DDOS Malware Firmware

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. S0 and 1.1.5.S0, S0, respectively.

Firmware

Firmware Passwords Advertising IoT

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

A group of US hackers recently claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. Once Verkada became aware of the hack, it has disabled all internal administrator accounts to prevent any unauthorised access. ” continues the DoJ.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

Up to date apps and firmware seem not to help either.” The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. SecurityAffairs – hacking, QNAP NAS).

Ransomware

Ransomware Encryption Backups Firmware

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. SecurityAffairs – hacking, Mozi botnet). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. SecurityAffairs – hacking, Fortinet FortiOS).

Passwords

Passwords Government Firmware Accountability

SEC Xtractor – Experts released an open-source hardware analysis tool

Security Affairs

DECEMBER 8, 2019

Both, the firmware and hardware of the tools are completely open-source, this means that researchers can extend their functionalities according to their needs. . The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal.” NAND chips).

Firmware

Firmware Advertising Marketing Hacking

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. SecurityAffairs – hacking, Zeppelin ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Encryption Firmware Backups

Experts found undocumented access feature in Siemens SIMATIC PLCs

Security Affairs

NOVEMBER 17, 2019

The medium-severity flaw was tracked as CVE-2019-13945 and received a CVSS score of 6.8, The Siemens S7 is considered one of the most secure controllers in the industry, it is used in power plants, traffic lights, water pumps, building control, production lines, aviation systems, and many other critical infrastructures. .

Firmware

Firmware Advertising Manufacturing Risk

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

In May, the Department of Energy confirmed that on March 5, 2019, between 9 a.m. “ After seeing no adverse effects, the entity deployed the firmware patch at an operational generation site that night.” SecurityAffairs – power utility, hacking). and 7 p.m., ” continues the document. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Security Affairs

AUGUST 7, 2019

Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with root privileges. Pierluigi Paganini.

Small Business

Small Business Advertising Firmware Authentication

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Intel addresses High-Severity flaws in NUC Firmware and other tools

Trending Sources

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Second-ever UEFI rootkit used in North Korea-themed attacks

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Gafgyt botnet is targeting EoL Zyxel routers

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

HelloKitty ransomware gang targets vulnerable SonicWall devices

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

New Ttint IoT botnet exploits two zero-days in Tenda routers

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

BotenaGo botnet targets millions of IoT devices using 33 exploits

QSnatch malware infected over 62,000 QNAP NAS Devices

Infecting Canon EOS DSLR camera with ransomware over the air

Hackers target zero-day flaws in enterprise Draytek network devices

Flaws in Wyze cam devices allow their complete takeover

US and UK link new Cyclops Blink malware to Russian state hackers?

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

AMD is going to patch UEFI SMM callout privilege escalation flaw

Intel addresses high severity flaw in Processor Diagnostic Tool

Netgear is releasing fixes for ten issues affecting 79 products

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

D-Link addressed 5 flaws on some router models, some of them reached EoL

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

xHelper, the Unkillable Android malware that re-Installs after factory reset

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

10-year-old vulnerability in Avaya VoIP Phones finally fixed

A new Zerobot variant spreads by exploiting Apache flaws

WAGO Industrial Switches affected by multiple flaws

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Mozi Botnet is responsible for most of the IoT Traffic

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

SEC Xtractor – Experts released an open-source hardware analysis tool

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Experts found undocumented access feature in Siemens SIMATIC PLCs

DoS attack the caused disruption at US power utility exploited a known flaw

Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Stay Connected