Bleeping Computer

SEPTEMBER 11, 2022

A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July 2021. [.].

Firmware 98

Firmware 98

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons.

Firmware 114

Firmware Technology Authentication IoT 114

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 142

IoT Firmware Authentication Wireless 142

SC Magazine

FEBRUARY 3, 2021

x firmware. x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. . SonicWall’s firmware update to version 10.2.0.5-29sv The post SonicWall issues firmware patch after attackers exploited critical bugs appeared first on SC Media. SonicWall). 31 and Feb.

Firmware 95

Firmware Mobile InfoSec Passwords 95

Security Boulevard

APRIL 16, 2022

The post BSides Budapest 2021: Daniel Nussko’s ‘Large-scale Security Analysis of IoT Firmware’ appeared first on Security Boulevard. Our thanks to BSides Budapest IT Security Conference for publishing their superb security videos on the organization’s’ YouTube channel.

Firmware 40

Firmware IoT Education InfoSec 40

Bleeping Computer

JUNE 8, 2021

Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel's Security Library and the BIOS firmware for Intel processors. [.].

Firmware 96

Firmware 96

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. Early February, SonicWall released the first firmware updates (version 10.2.0.5-29sv)

Firmware 64

Firmware Mobile Hacking Information Security 64

Security Affairs

DECEMBER 8, 2021

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

Firmware 120

Firmware DDOS Malware IoT 120

Security Boulevard

NOVEMBER 19, 2021

As you might expect, that company “strongly recommends that you download the latest firmware as soon as possible”. That sounds normal until you consider the totality of vulnerable products versus the ones getting updates (those models under active … Continue reading NETGEAR meltdown: CVE-2021-34991 “Pre-Authentication Buffer Overflow” ?.

Authentication 83

Authentication Firmware Network Security 83

SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Distribution of router vulnerabilities by priority, 2021 ( download ). Router-targeting malware.

DDOS 88

DDOS Passwords IoT Firmware 88

Security Boulevard

AUGUST 2, 2021

Leading enterprise firmware security company recognized as Baby Black Unicorn, having potential of being valued at $1b in near future. The post Eclypsium Named Finalist in Black Unicorn Awards for 2021 appeared first on Security Boulevard.

Firmware 81

Firmware 81

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. R6700v3 – 1.0.4.106 R6900 – 1.0.2.16 R7900 – 1.0.4.38

DNS 127

DNS Firmware VPN Risk 127

eSecurity Planet

APRIL 28, 2022

cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. The advisory entails the top 15 Common Vulnerabilities and Exposures (CVEs) that were routinely exploited by malicious cyber actors in 2021, plus another 21 frequently exploited CVEs.

Cybersecurity 110

Cybersecurity Software Firmware Internet 110

Security Affairs

OCTOBER 30, 2021

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. Pierluigi Paganini.

Firmware 140

Firmware Manufacturing Education Engineering 140

Security Affairs

SEPTEMBER 24, 2021

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware 84

Firmware Mobile Hacking Information Security 84

Security Affairs

AUGUST 20, 2021

During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. The company reported that during the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors.

Firmware 104

Firmware Ransomware Manufacturing Software 104

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 351

Firmware Passwords Internet Internet 351

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. The post Ranzy Locker ransomware hit tens of US companies in 2021 appeared first on Security Affairs.

Ransomware 127

Ransomware Firmware Antivirus Accountability 127

Security Affairs

JANUARY 14, 2024

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230.

Firmware 115

Firmware Hacking Information Security 115

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware 117

Firmware Wireless Passwords Internet 117

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. Vendor supplies information.

Firmware 122

Firmware Encryption Authentication Passwords 122

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 90

Malware Banking Healthcare Penetration Testing 90

Security Affairs

DECEMBER 9, 2021

Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.”

Firmware 142

Firmware Architecture Malware Hacking 142

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. Netgear has addressed three vulnerabilities tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145 that received a CVSS score between 7.4 ” explained Coldwind.

Firmware 103

Firmware Authentication Passwords Hacking 103

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 133

Firmware Authentication Hacking Software 133

Security Affairs

SEPTEMBER 14, 2021

A high severity vulnerability, tracked as CVE-2021-3437 , in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. It can potentially be used to attack device firmware or perform legacy PCI access by accessing ports 0xCF8 / 0xCFC. ” continues the analysis.

Software 115

Software Firmware Hacking Information Security 115

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. that dates back to 2009. .

Firmware 100

Firmware Manufacturing Hacking Software 100

Bleeping Computer

MARCH 24, 2022

Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution. [.].

Firmware 109

Firmware Hacking 109

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall 139

Firewall VPN Firmware Passwords 139

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware 134

Firmware Surveillance Marketing VPN 134

Security Affairs

SEPTEMBER 18, 2021

The flaws, tracked by the networking device vendor PSV-2021-0140, PSV-2021-0144, and PSV-2021-0145, impact the following models: GC108P GC108PP GS108Tv3 GS110TPP GS110TPv3 GS110TUP GS308T GS310TP GS710TUP GS716TP GS716TPP GS724TPP GS724TPv2 GS728TPPv2 GS728TPv2 GS750E GS752TPP GS752TPv2 MS510TXM MS510TXUP. Pierluigi Paganini.

Firmware 87

Firmware Engineering Passwords Hacking 87

Malwarebytes

AUGUST 9, 2021

On August 3, 2021 a vulnerability that was discovered by Tenable was made public. The vulnerability is listed as CVE-2021-20090. Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02

Firmware 129

Firmware DDOS Internet Internet 129

Malwarebytes

AUGUST 23, 2022

In September 2021 we told you about insecure Hikvision security cameras that were ready to be taken over remotely. The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. One possible exploit of this vulnerability was published by packet storm in October 2021.

Firmware 81

Firmware VPN Internet Internet 81

Security Affairs

OCTOBER 15, 2021

RDP accesses); Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions. The three new incidents included in the advisory are: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 92

Ransomware Cyber threats Firmware Backups 92

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Hacking 114

Hacking Firmware Internet Internet 114

The Hacker News

OCTOBER 10, 2022

The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021. In a statement shared with

Firmware 98

Firmware 98

The Hacker News

OCTOBER 3, 2022

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary.

Firmware 95

Firmware 95