2020, Firmware and Information Security

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware

Firmware Malware System Administration Technology

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Security Affairs

MAY 28, 2021

Researchers at industrial cybersecurity firm Claroty have discovered a high-severity vulnerability in Siemens PLCs, tracked as CVE-2020-15782 , that could be exploited by remote and unauthenticated attackers to bypass memory protection. Claroty’s blog post describes the PLC sandbox and the role CVE-2020-15782 could play in an attack.

Hacking

Hacking Firmware Cybersecurity Engineering

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

NOVEMBER 9, 2020

TFC 2020 has come to the end, all these excellent offensive researchers and their burning 0days makes #TFC 2020 a success! pic.twitter.com/MwJLc5M0B4 — TianfuCup (@TianfuCup) November 8, 2020. — TianfuCup (@TianfuCup) November 8, 2020. Thank you all for participating and following! Pierluigi Paganini.

Hacking

Hacking Firmware Software Government

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Risk

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, ” reads the advisory published by NCC Group.”

Firmware

Firmware Authentication Hacking Software

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

In October last year, experts reported a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135 , in SonicWall Network Security Appliance (NSA) appliances. The post SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day appeared first on Security Affairs.

VPN

VPN Firewall Firmware Authentication

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507). Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020.

Cryptocurrency

Cryptocurrency Firmware Malware Threat Detection

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” The IT giant has not addressed the issue because SPA112 2-Port phone adapters reached EoL on June 1, 2020.

Firmware

Firmware Education Media Authentication

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

The vulnerabilities have been reported by the ACE Team at Loginsoft, below the full list included in the security advisory published by the vendor: CVE-2020-15892 :: Link :: DAP 1520 :: Buffer overflow in the `ssi` binary, leading to arbitrary command execution. B09 (and below) will receive no security updates remaining vulnerable.

Firmware

Firmware Advertising Authentication Hacking

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

.” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987. The vulnerability was detailed in July 2020 by the security researchers Sanjana Sarda. “We recommend that Tenda router users check their firmware and make necessary update.”

IoT

IoT Firmware DNS Advertising

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware

Firmware Malware Manufacturing Hacking

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The vulnerabilities ((CVE-2020-25183, CVE-2020-25187, CVE-2020-27252)) could be only exploited by an attacker within the Bluetooth range of the vulnerable product. The third vulnerability, tracked as CVE-2020-27252, is a race condition that could be leveraged to upload and execute unsigned firmware on the Patient Reader.

Firmware

Firmware Authentication Mobile IoT

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

QNAP fixed eight flaws that could allow NAS devices takeover

Security Affairs

DECEMBER 8, 2020

The high-severity vulnerabilities tracked as CVE-2020-2495, CVE-2020-2496, CVE-2020-2497, and CVE-2020-2498 are cross-side-scripting flaws that could allow remote attackers to inject malicious code in File Station, to inject malicious code in System Connection Logs, and to inject malicious code in certificate configuration.

Firmware

Firmware Malware Ransomware Hacking

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw. The flaw, tracked as CVE-2020-25191, affects driver versions prior to 20.5. ” reads the security advisory published by CISA. Update the firmware on CompactRIO controllers to v8.5

Firmware

Firmware Manufacturing Software Authentication

Dell Wyse ThinOS flaws allow hacking think clients

Security Affairs

DECEMBER 21, 2020

Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several Dell Wyse thin client models that could be exploited by a remote attacker to execute malicious code and gain access to arbitrary files. Both CVE-2020-29492 and CVE-2020-29491 reside in the ThinOS operating system that runs on Dell Wyse thin clients.

Hacking

Hacking Firmware DNS Healthcare

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen , tracked as CVE-2020-5639 and CVE-2021-20655 , to steal sensitive data from businesses and government organizations. Soliton addressed both flaws in FileZen solutions with the release of firmware versions V4.2.8 and V5.0.3.

System Administration

System Administration Firmware Government Hacking

Updates provided by Red Hat for BootHole cause systems to hang

Security Affairs

JULY 31, 2020

This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole , that can be exploited to install a stealthy malware. minimal" version from Binary DVD iso downloaded on 7/29/2020 on system running in EFI mode 2.

Firmware

Firmware Advertising Malware Hacking

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later.

Firmware

Firmware VPN Accountability Advertising

637 flaws in industrial control system (ICS) products were published in H1 2021

Security Affairs

AUGUST 20, 2021

In the previous report published by the company and related 2H 2020 report, the number of vulnerabilities disclosed was 449, affecting 59 vendors. Vulnerabilities exploitable through local attack vectors rose to 31.55%, in the 2H 2020 the percentage was 18.93%. vulnerabilities with remediation, 59.49% require software fixes.

Firmware

Firmware Ransomware Manufacturing Software

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Tracked as CVE-2020-25159 , the flaw is rated 9.8 ” reads the security advisory published by Claroty. The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 Brizinov reported the stack overflow issue to the US agency CISA that published a security advisory. ” continues the report.

Hacking

Hacking Firmware Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Security Affairs

JULY 10, 2022

But the recommended mitigation strategy is to upgrade the vulnerable BCM firmware through Over-the-Air (OTA) Updates if feasible. However, some old vehicles may not support OTA.” ” the experts recommended. Follow me on Twitter: @securityaffairs and Facebook.

Firmware

Firmware Marketing Engineering Hacking

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020. Patch operating systems, software, firmware, and endpoints. PIN Number 20201210-001.

Ransomware

Ransomware Backups Firmware Accountability

VMware addresses flaws exploited at recent Tianfu Cup

Security Affairs

NOVEMBER 20, 2020

VMware has released patches for two serious ESXi vulnerabilities that were disclosed during the 2020 Tianfu Cup International PWN Contest. The team named “360 Enterprise Security and Government and (ESG) Vulnerability Research Institute,” which is part of the Chinese tech giant Qihoo 360, won the competition. CVE-2020-4004).”

Hacking

Hacking Firmware Government Software

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

. “CISA has observed these—and other threat actors with varying degrees of skill—routinely using open-source information to plan and execute cyber operations.” Citrix blog post: security updates for Citrix SD-WAN WANOP release 10.2.6 Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1

Government

Government VPN Firmware Energy and Utilities

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” ” continues the report.

Firmware

Firmware Wireless Authentication Advertising

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

Threat actors were exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020. The flaws fixed by the vendor are rated as medium and high severity security.

Ransomware

Ransomware Cryptocurrency Malware Internet

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Apple addresses four vulnerabilities in macOS Google removes 17 Joker -infected apps from the Play Store Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT Mount Locker ransomware operators demand multi-million dollar ransoms Putin proposes new information security collaboration to US, including no-hack pact for election REvil ransomware (..)

Ransomware

Ransomware Firmware Advertising Insurance

GRUB2 boot loader maintainers fixed hundreds of flaws

Security Affairs

MARCH 4, 2021

In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer overflow vulnerability, tracked as CVE-2020-10713 and dubbed BootHole , which can be exploited by attackers to install persistent and stealthy malware. CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize() CWE-787 (CVSS 6.9).

Firmware

Firmware Malware Hacking Cybersecurity

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. ” states the report published by Eye security.

Firmware

Firmware Passwords Authentication Wireless

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Hacking the infotainment system used in Mercedes-Benz cars

Security Affairs

MAY 19, 2021

Anyway, the experts didn’t find a way to compromise the T-Box, they only demonstrated how to send arbitrary CAN messages from T-Box and bypass the code signing mechanism to fash a custom SH2A MCU firmware by utilizing a vulnerability in SH2A firmware on a debug version T-Box.

Hacking

Hacking Firmware Engineering Software

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

.” reads the security advisory published by the vendor. ” Since the end of 2020, several users reported infections ([ 1 ], [ 2 ]) to their devices, they noticed the presence of the “dedpma” and “dovecat” processes that were causing a high processor load and saturating the RAM of the NAS. .

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom.” The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited Microsoft blocked Polonium attacks against Israeli organizations LockBit ransomware attack impacted production in a Mexican Foxconn plant Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks An international police operation dismantled FluBot (..)

Spyware

Spyware Firmware Ransomware Scams

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. Most of the vulnerabilities impact Junos OS, other issues affect Juniper Secure Analytics, Junos Space and Junos Space Security Director. The flaw affects Junos OS 18.1,

Firmware

Firmware Advertising Firewall Internet

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. hard drive, storage device, the cloud). Pierluigi Paganini.

Passwords

Passwords Government Firmware Accountability

Three flaws allow attackers to bypass UEFI Secure Boot feature

Security Affairs

AUGUST 13, 2022

Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1

Firmware

Firmware Hacking Information Security

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Trending Sources

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Expert found a secret backdoor in Zyxel firewall and VPN

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

BotenaGo botnet targets millions of IoT devices using 33 exploits

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

D-Link addressed 5 flaws on some router models, some of them reached EoL

New Ttint IoT botnet exploits two zero-days in Tenda routers

TrickBoot feature allows TrickBot bot to run UEFI attacks

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

AMD is going to patch UEFI SMM callout privilege escalation flaw

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

QNAP fixed eight flaws that could allow NAS devices takeover

NI CompactRIO controller flaw could allow disrupting production

Dell Wyse ThinOS flaws allow hacking think clients

Hackers are targeting Soliton FileZen file-sharing servers

Updates provided by Red Hat for BootHole cause systems to hang

Hackers target zero-day flaws in enterprise Draytek network devices

637 flaws in industrial control system (ICS) products were published in H1 2021

A critical flaw in industrial automation systems opens to remote hack

Interview With a Crypto Scam Investment Spammer

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

VMware addresses flaws exploited at recent Tianfu Cup

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Expert found multiple critical issues in MoFi routers

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs newsletter Round 284

GRUB2 boot loader maintainers fixed hundreds of flaws

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

A new Zerobot variant spreads by exploiting Apache flaws

Hacking the infotainment system used in Mercedes-Benz cars

Dovecat crypto-miner is targeting QNAP NAS devices

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs newsletter Round 368 by Pierluigi Paganini

Juniper Networks addressed many issues in its products

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Three flaws allow attackers to bypass UEFI Secure Boot feature

Stay Connected