Security Affairs

JULY 25, 2020

The flaws include reflected Cross-Site Scripting (XSS), buffer overflows, bypassing authentication issues, and arbitrary code execution bugs. CVE-2020-15895 :: Link :: DIR-816L :: Reflected XSS vulnerability due to an unescaped value on the device configuration webpage.

Firmware 100

Firmware Advertising Authentication Hacking 100

Security Affairs

DECEMBER 8, 2020

Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The third flaw is an Authenticated Crontab Injection that could allow an authenticated user to inject arbitrary CRON entries that will then be executed as root.

VPN 119

VPN Hacking Firmware Authentication 119

Security Affairs

SEPTEMBER 8, 2020

Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password.

Firmware 88

Firmware Wireless Authentication Advertising 88

Security Affairs

DECEMBER 12, 2020

The flaw, tracked as CVE-2020-25191, affects driver versions prior to 20.5. “Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” Update the firmware on CompactRIO controllers to v8.5

Firmware 88

Firmware Manufacturing Software Authentication 88

Security Affairs

APRIL 25, 2021

Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. “The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface.

Firmware 111

Firmware Passwords Authentication Wireless 111

Security Affairs

DECEMBER 17, 2020

According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020. Patch operating systems, software, firmware, and endpoints. PIN Number 20201210-001.

Ransomware 139

Ransomware Backups Firmware Accountability 139

Security Affairs

JULY 1, 2020

Four of flaws have been rated high severity , they can be exploited by an unauthenticated attacker with network access to the vulnerable Netgear device to execute arbitrary code with admin or root privileges, and to bypass authentication. ZDI reported the flaws to the vendor in November 2019, January and February 2020.

Authentication 130

Authentication Firmware Hacking Mobile 130

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012.

IoT 108

IoT DDOS Authentication Firmware 108

Google Security

NOVEMBER 13, 2020

Posted by Fabian Kaczmarczyck, Software Engineer, Jean-Michel Picod, Software Engineer and Elie Bursztein, Security and Anti-abuse Research Lead Security keys and your phone’s built-in security keys are reshaping the way users authenticate online. So, today we are releasing a new open source security key test suite.

Firmware 75

Firmware Authentication Engineering Technology 75

CyberSecurity Insiders

JANUARY 26, 2022

Figure 4 shows the implementation of CVE-2020-10987. Figure 5 shows the implementation of CVE-2020-10173. Install security and firmware upgrades from vendors, as soon as possible. 2830690: ETPRO EXPLOIT GPON Authentication Bypass Attempt (CVE-2018-10561). 4002119: AV EXPLOIT Comtrend Router ping.cgi RCE (CVE-2020-10173).

Malware 81

Malware IoT Authentication Antivirus 81

Security Affairs

APRIL 17, 2020

The flaw, tracked as CVE-2020-3161, has been rated as a critical severity and received a CVSS score of 9.8. ” The CVE-2020-3161 vulnerability is caused by the improper validation of HTTP requests, an attacker could exploit the issue by sending a crafted HTTP request to the web server of the vulnerable IP Phones.

Big data 97

Big data Wireless Advertising Firmware 97

Security Affairs

OCTOBER 26, 2021

The gang has been active since at least 2020, threat actors hit organizations from various industries. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services. Disable hyperlinks in received emails.

Ransomware 129

Ransomware Firmware Antivirus Accountability 129

Security Affairs

JANUARY 22, 2021

Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses.

Hacking 136

Hacking Authentication Firmware Phishing 136

Security Affairs

AUGUST 5, 2020

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data. UPDATE: [link] — Bank Security (@Bank_Security) August 5, 2020. According to Bank Security , all the Pulse Secure VPN servers included in the list were vulnerable to the CVE-2019-11510 flaw.

VPN 136

VPN Passwords Banking Advertising 136

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom.”

Malware 105

Malware Firmware Advertising Manufacturing 105

eSecurity Planet

APRIL 28, 2022

CVE-2020-1472. CVE-2020-0688. Three of these vulnerabilities — CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 — were also routinely exploited in 2020. CVE-2020-2509. CVE-2021-26084. Atlassian Confluence Server and Data Center. Arbitrary code execution. CVE-2021-21972. VMware vSphere Client. Elevation of privilege.

Cybersecurity 113

Cybersecurity Software Firmware Internet 113

Security Affairs

APRIL 2, 2021

The vulnerabilities affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446 that reached end of life (EOL). “During the inspection, we fuzzed the web server with customized HTTP requests to different cgi pages, with focus on those that do not require prior authentication. ” continues the advisory.

Firmware 74

Firmware Internet Internet Authentication 74

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names.

Internet 98

Internet Internet Firmware Advertising 98

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022.

IoT 76

IoT Firmware Marketing Authentication 76

Security Affairs

JUNE 3, 2021

.” The vulnerabilities impact all embedded and IoT devices that use the Realtek RTL8710C module, they could be exploited only by attackers on the same Wi-Fi network or know the network’s pre-shared key (PSK) used to authenticate wireless clients on local area networks. The latest version of ambz2 SDK (7.1d) addresses the issues.

Wireless 89

Wireless IoT Encryption Firmware 89

Security Affairs

APRIL 23, 2021

Recently QNAP addressed a critical authentication bypass issue, tracked as CVE-2021-28799 , in its Hybrid Backup Sync. Last week, QNAP addressed a SQL Injection flaw in Multimedia Console and the Media Streaming Add-On tracked as CVE-2020-36195. If anyone's dealing with the QLocker QNAP NAS ransomware, feel free to DM me.

Ransomware 120

Ransomware Backups Media Malware 120

Thales Cloud Protection & Licensing

NOVEMBER 7, 2018

That is not much different from what happens with software and firmware code signing today. Whether it is a software upgrade for a program, a mobile application, or firmware for a device, code is signed, sealed, and delivered, and you are left with the future in your hands! It ensures provenance, authenticity, and integrity.

Software 61

Software Firmware IoT Authentication 61

SecureList

JULY 19, 2023

The connection to the remote SMB server sends the user’s Net-NTLMv2 hash in a negotiation message, which the threat actor can use to either: Relay for authentication against other systems that support NTLMv2 authentication. Perform offline cracking to extract the password.

Firmware 85

Firmware Internet Internet Government 85

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Use multifactor authentication where possible.

Passwords 66

Passwords Government Firmware Accountability 66

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. hard drive, storage device, the cloud).

Ransomware 98

Ransomware Passwords Backups Firmware 98

Malwarebytes

JULY 20, 2022

A part of this ransom was recovered in 2020 from a laundering operation in Ukraine. Keep operating systems, applications, and firmware up to date. Require multi-factor authentication (MFA) for as many services as possible. Due to the difference in Bitcoin prices, the University received a return payment of 500,000 Euro.

Ransomware 94

Ransomware Cryptocurrency Healthcare Firmware 94

SecureList

MAY 23, 2022

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team ( RA PSIRT ) of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment. Since authentication data is encrypted with a preset symmetric key, the attacker could decrypt an intercepted target (device) password.

Architecture 76

Architecture Authentication Passwords Encryption 76

SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Make sure to update the firmware. Conclusion.

DDOS 89

DDOS Passwords IoT Firmware 89

Malwarebytes

SEPTEMBER 3, 2021

As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020. Use multi-factor authentication with strong pass phrases where possible.

Ransomware 141

Ransomware Manufacturing Passwords Internet 141

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. Require multi-factor authentication for remote access to OT and IT networks. 3 ],[ 4 ]” reads the joint alert.

Ransomware 111

Ransomware Healthcare Phishing Risk 111

Security Affairs

AUGUST 3, 2019

The WPA Wireless security standard was designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and to establish secure connections that hackers cannot spy on. More worrisome, we found that the Wi-Fi firmware of Cypress chips only executes 8 iterations at minimum to prevent side-channel leaks.

Passwords 94

Passwords Hacking Wireless Authentication 94

eSecurity Planet

NOVEMBER 1, 2021

percent over the same period in 2020, with 313.2 New vulnerabilities are created every day by cybercriminals, leading to many IoT devices being installed with out-of-date firmware and other exploitable vulnerabilities.”. In the coming years, it will expand more than 26 percent a year, the analysts said. IoT market growth.

Wireless 108

Wireless IoT Manufacturing Mobile 108

Malwarebytes

MAY 17, 2022

2020 saw people rewriting key-fob firmware via Bluetooth. ” The authentication challenge is beamed out into the void. The device in their hand relays the fob’s authentication confirmation to the car and the door unlocks. In 2016, we had a brakes and doors issue. They then repeat this process a second time.

Wireless 98

Wireless Firmware Authentication Hacking 98

Security Boulevard

MAY 30, 2022

For example, in October 2020, CISA, FBI, and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory which described the tactics used by cybercriminals against targets in the healthcare sector to infect systems with ransomware for financial gain.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

Security Affairs

FEBRUARY 25, 2020

Zyxel has released security patches to address a critical remote code execution vulnerability, tracked as CVE-2020-9054, that affects several NAS devices. “ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. ” reads the advisory published by CERT/CC. and earlier.

Authentication 70

Authentication Advertising Firmware Internet 70

Security Boulevard

JULY 11, 2022

In 2020 alone, 560 healthcare facilities in the U.S. Lack of authentication creates man-in-the-middle risks. As the Kaspersky researchers point out, authentication isn’t required, and encryption is sparse, making devices with MQTT exposed to man-in-the-middle attacks and data theft. To learn more, contact one of our experts.

Healthcare 52

Healthcare IoT Authentication Internet 52

Malwarebytes

OCTOBER 28, 2021

Ranzy Locker ransomware emerged in late 2020, when the variant began to target victims in the United States. Install security updates for software, operating systems, and firmware as soon as they are released. Use double authentication when logging into accounts or services. Disable hyperlinks in received emails.

Ransomware 107

Ransomware Backups Encryption Firmware 107