2019, Firmware and Information Security

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked as PSV-2019-0076 , affects Netgear Nighthawk X4S Smart Wi-Fi Router (R7800) family.

Firmware

Firmware Wireless Advertising Authentication

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11),

Firmware

Firmware Hacking Cybercrime Information Security

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Security Affairs

NOVEMBER 7, 2019

Bug hunters have earned a total of $195,000 for finding flaws in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest. Pwn2Own Tokyo 2019 contest offers over $750,000 in rewards for working exploits targeting one of the devices in a list of 17 systems. SecurityAffairs – Pwn2Own Tokyo 2019, hacking).

Hacking

Hacking Advertising Firmware Information Security

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware

Ransomware Firmware Mobile InfoSec

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 181024 CVE-2019-19824 TOTOLINK Realtek SDK based routers, this affects A3002RU through 2.0.0, Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Firmware

Firmware Ransomware Wireless Encryption

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT).

IoT

IoT Firmware DNS Advertising

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Weitere Informationen von unseren Kollegen bei @CERTFI : [link] — CERT-Bund (@certbund) October 31, 2019. Webshell functionality for remote access. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware

Firmware VPN Accountability Advertising

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

IoT

IoT Firmware Marketing Authentication

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. ” reads the advisory published by the UK National Cyber Security Centre. The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Architecture Firewall

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

JULY 11, 2019

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC). The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

Firmware

Firmware Advertising Authentication Hacking

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even after users attempt to uninstall it. In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Mobile

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

These issues usually occur due to some improper synchronization between user code and the SDK firmware distributed by the SoC vendor, Security Bypass : Vulnerabilities that could be exploited by attackers in radio range to bypass the latest secure pairing mode of BLE. 2.60 (CVE-2019-16336) and NXP KW41Z 3.40 or earlier.

IoT

IoT Firmware Advertising Hacking

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

Some of the flaws were reported in February 9, 2019, other issues date back to March 2020, but all of them have been publicly disclosed on July 22. The vendor pointed out that DAP-1522 and DIR-816L models that have reached their “end of support” phase, this means that these devices running firmware versions v1.42 (and below) and v12.06.B09

Firmware

Firmware Advertising Authentication Hacking

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. CVE-2019-19781 enabled the actors to execute directory traversal attacks.[ CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government

Government VPN Firmware Energy and Utilities

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The first vulnerability, tracked as CVE-2019-10538 is a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel.

Hacking

Hacking Firmware Advertising Mobile

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Fortinet urges customers to install the patch for CVE-2019-17659 , or restrict the access to FortiSIEM’s “ tunneluser ” port (19999). reads the advisory. “A reads the advisory.

Firmware

Firmware Advertising Authentication Passwords

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). ZDI reported the flaws to the vendor in November 2019, January and February 2020.

Authentication

Authentication Firmware Hacking Mobile

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

To overcome the user authentication, we used a known vulnerability, CVE-2019-9013 , which allows us to perform a replay attack against the PLC using the unsecured username and password’s hash that were sent during the sign-in process , allowing us to bypass the user authentication process.” ” continues the report.

Authentication

Authentication Firmware Hacking Passwords

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

. “The bug affecting the open source software was reported in 2009, yet its presence in the phone’s firmware remained unnoticed until now. 323 software stack is affected (as opposed to the SIP stack that can also be used with these phones), and the Avaya Security Advisory (ASA) can be found here ASA-2019-128. Only the H.323

Firmware

Firmware IoT Advertising Software

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. Independent experts observed a surge in eCh0raix ransomware infection reports between April 19 and April 26.

Ransomware

Ransomware Encryption Firmware Passwords

Experts found undocumented access feature in Siemens SIMATIC PLCs

Security Affairs

NOVEMBER 17, 2019

The medium-severity flaw was tracked as CVE-2019-13945 and received a CVSS score of 6.8, The Siemens S7 is considered one of the most secure controllers in the industry, it is used in power plants, traffic lights, water pumps, building control, production lines, aviation systems, and many other critical infrastructures. .

Firmware

Firmware Advertising Manufacturing Risk

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems.

Architecture

Architecture DDOS Advertising DNS

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. S0 and 1.1.5.S0, S0, respectively.

Firmware

Firmware Passwords Advertising IoT

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Security Affairs

MAY 2, 2021

Adding a privilege escalation exploit such as CVE-2021-3347 to TBONE would allow us to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car’s proximity. We did not want to weaponize this exploit into a worm, however.”.

Hacking

Hacking Firmware Manufacturing Software

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. hard drive, storage device, the cloud).

Passwords

Passwords Government Firmware Accountability

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

Up to date apps and firmware seem not to help either.” The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Encryption Backups Firmware

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The security researcher Benjamin Kunz from Vulnerability-Lab disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack devices without any user interaction. The vulnerabilities have been tracked as CVE-2019-13473 and CVE-2019-13474. .

IoT

IoT Hacking Firmware Advertising

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

SEC Xtractor – Experts released an open-source hardware analysis tool

Security Affairs

DECEMBER 8, 2019

Both, the firmware and hardware of the tools are completely open-source, this means that researchers can extend their functionalities according to their needs. . The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal.” NAND chips).

Firmware

Firmware Advertising Marketing Hacking

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. In today’s complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks.”

Hacking

Hacking IoT Wireless Firmware

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

In May, the Department of Energy confirmed that on March 5, 2019, between 9 a.m. “ After seeing no adverse effects, the entity deployed the firmware patch at an operational generation site that night.” and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah.

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, also known as Mespinoza, was first spotted in the wild in October 2019 where it was initially used against large corporate networks. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible.

Education

Education Ransomware Phishing Passwords

Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Security Affairs

AUGUST 7, 2019

Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with root privileges.

Small Business

Small Business Advertising Firmware Authentication

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks.

Ransomware

Ransomware Encryption Firmware Backups

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

The exposed information included the vehicle’s VIN, speed, temperature, version number, whether it was locked or not, tire pressure, and alerts. The data also included other firmware info such as geofense locations, CAN viewers, and configurations. Curry was awarded $10,000 for reporting the flaw to Tesla.

Advertising

Advertising Firmware Mobile Software

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Intel addresses High-Severity flaws in NUC Firmware and other tools

Trending Sources

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Gafgyt botnet is targeting EoL Zyxel routers

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

HelloKitty ransomware gang targets vulnerable SonicWall devices

BotenaGo botnet targets millions of IoT devices using 33 exploits

Infecting Canon EOS DSLR camera with ransomware over the air

New Ttint IoT botnet exploits two zero-days in Tenda routers

Second-ever UEFI rootkit used in North Korea-themed attacks

QSnatch malware infected over 62,000 QNAP NAS Devices

Hackers target zero-day flaws in enterprise Draytek network devices

Flaws in Wyze cam devices allow their complete takeover

US and UK link new Cyclops Blink malware to Russian state hackers?

Intel addresses high severity flaw in Processor Diagnostic Tool

AMD is going to patch UEFI SMM callout privilege escalation flaw

xHelper, the Unkillable Android malware that re-Installs after factory reset

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

D-Link addressed 5 flaws on some router models, some of them reached EoL

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Netgear is releasing fixes for ten issues affecting 79 products

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

10-year-old vulnerability in Avaya VoIP Phones finally fixed

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Experts found undocumented access feature in Siemens SIMATIC PLCs

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

WAGO Industrial Switches affected by multiple flaws

Mozi Botnet is responsible for most of the IoT Traffic

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

A new Zerobot variant spreads by exploiting Apache flaws

SEC Xtractor – Experts released an open-source hardware analysis tool

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

DoS attack the caused disruption at US power utility exploited a known flaw

FBI warns of increase in PYSA ransomware attacks targeting education

Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs - Untitled Article

Stay Connected