Security Affairs

OCTOBER 30, 2021

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

Firmware 141

Firmware Manufacturing Education Engineering 141

Security Affairs

SEPTEMBER 24, 2021

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware 84

Firmware Mobile Hacking Information Security 84

Security Affairs

JANUARY 14, 2024

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230.

Firmware 114

Firmware Hacking Information Security 114

Security Affairs

AUGUST 20, 2021

During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. The company reported that during the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors.

Firmware 104

Firmware Ransomware Manufacturing Software 104

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 127

Ransomware Firmware Antivirus Accountability 127

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. Vendor supplies information.

Firmware 122

Firmware Encryption Authentication Passwords 122

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware 116

Firmware Wireless Passwords Internet 116

Security Affairs

DECEMBER 9, 2021

Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.”

Firmware 143

Firmware Architecture Malware Hacking 143

Security Affairs

SEPTEMBER 6, 2021

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. GC108PP fixed in firmware version 1.0.8.2

Firmware 103

Firmware Authentication Passwords Hacking 103

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 132

Firmware Authentication Hacking Software 132

Security Affairs

SEPTEMBER 14, 2021

A high severity vulnerability, tracked as CVE-2021-3437 , in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. “Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. .”

Software 115

Software Firmware Hacking Information Security 115

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. that dates back to 2009. .

Firmware 100

Firmware Manufacturing Hacking Software 100

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall 138

Firewall VPN Firmware Passwords 138

Security Affairs

SEPTEMBER 18, 2021

The flaws were discovered by Google security engineer Gynvael Coldwind, Netgear addressed then early this month. NETGEAR urge its customers using the following products to download the latest firmware: GC108P fixed in firmware version 1.0.8.2 GC108PP fixed in firmware version 1.0.8.2 Pierluigi Paganini.

Firmware 88

Firmware Engineering Passwords Hacking 88

Security Affairs

OCTOBER 15, 2021

RDP accesses); Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions. The three new incidents included in the advisory are: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 93

Ransomware Cyber threats Firmware Backups 93

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Hacking 113

Hacking Firmware Internet Internet 113

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Two vulnerabilities, tracked as CVE-2021-3971 and CVE-2021-3972 , can be exploited by an attacker to disable the protection for the SPI flash memory chip and turn off the UEFI Secure Boot feature.

Firmware 85

Firmware Manufacturing Hacking Cybersecurity 85

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware 114

Ransomware Firmware Mobile InfoSec 114

Security Affairs

SEPTEMBER 22, 2021

A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. ” wrote the expert. Pierluigi Paganini.

Hacking 111

Hacking Firmware IoT Internet 111

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws. ” states SAM experts.

IoT 120

IoT Firmware Internet Internet 120

Security Affairs

AUGUST 2, 2021

An attacker could also push an insecure firmware upgrade to fully compromise the devices. The CVE-2021-37160 has yet to be addressed. Swisslog has released Nexus Control Panel version 7.2.5.7 that addresses most of the above vulnerabilities.

Healthcare 107

Healthcare Firmware Manufacturing Ransomware 107

Security Affairs

NOVEMBER 10, 2021

CVE-2021-42373 A NULL pointer dereference in man leads to denial of service when a section name is supplied but no page argument is given man 1.33.0-1.33.1 CVE-2021-42374 An out-of-bounds heap read in unlzma leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.

Risk 122

Risk Firmware Software Hacking 122

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware 109

Firmware Passwords Accountability VPN 109

Security Affairs

AUGUST 27, 2021

The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions. ” reads the security advisory published by Nozomi Networks Labs. At the end of the process, the firmware was rewritten to the device’s memory.

Surveillance 99

Surveillance Hacking Firmware Manufacturing 99

Security Affairs

FEBRUARY 4, 2021

The flaws (CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, CVE-2021-1295) have received a CVSS score of 9.8/10. Cisco has addressed the flaw with the release of firmware version 1.0.01.02 ” reads the advisory published by Cisco.

VPN 99

VPN Small Business Wireless Firmware 99

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. link] pic.twitter.com/EpBsc715kI — JAMESWT (@JAMESWT_MHT) June 24, 2021. The company states that devices running the Nebula cloud management mode are not impacted.

VPN 109

VPN Firewall Firmware Authentication 109

Security Affairs

OCTOBER 7, 2021

Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. . In order to protect Dahua devices, users have to install the latest firmware version. Pierluigi Paganini.

Authentication 126

Authentication Firmware Hacking Engineering 126

Security Affairs

DECEMBER 8, 2021

The most severe vulnerabilities addressed by SonicWall are two critical stack-based buffer overflow vulnerabilities tracked as CVE-2021-20038 and CVE-2021-20045 respectively. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, ” reads the advisory for the CVE-2021-20038 flaw.

Authentication 112

Authentication Firmware Hacking Information Security 112

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated.

Firmware 93

Firmware IoT Authentication Backups 93

Security Affairs

JUNE 24, 2021

.” Below the list of vulnerability diclosed by the Eclypsium experts: CVE-2021-21571 – Insecure TLS connection from BIOS to Dell, allows threat actors to impersonate Dell.com and deliver malicious code to the victim’s device. The PC maker released client-side BIOS firmware updates to address the other two flaws.

Firmware 73

Firmware Hacking Technology Ransomware 73

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware 89

Ransomware Firmware Encryption Engineering 89

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS 86

DDOS Firmware Surveillance IoT 86

Security Affairs

MARCH 8, 2021

The flaws affect QNAP NAS firmware versions prior to August 2020. All NAS devices with QNAP firmware released before August 2020 are currently vulnerable to these attacks. QNAP NAS users should check and update their firmware as soon as possible. The flaws fixed by the vendor are rated as medium and high severity security.

Cryptocurrency 105

Cryptocurrency Firmware Malware Threat Detection 105

Security Affairs

MAY 25, 2021

The flaws addressed by the security firm were reported by experts from Cisco Talos. “ TALOS-2021-1230 (CVE-2021-32457) and TALOS-2021-1231 (CVE-2021-32458) are elevation of privilege vulnerabilities that could allow an attacker to obtain elevate permissions on the targeted device.

Network Security 116

Network Security Authentication Firmware Passwords 116

Security Affairs

APRIL 25, 2021

Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen , tracked as CVE-2020-5639 and CVE-2021-20655 , to steal sensitive data from businesses and government organizations. Soliton addressed both flaws in FileZen solutions with the release of firmware versions V4.2.8 and V5.0.3.

System Administration 115

System Administration Firmware Government Hacking 115

Security Affairs

NOVEMBER 4, 2021

US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks.

Firmware 97

Firmware Manufacturing Technology Engineering 97

Security Affairs

SEPTEMBER 2, 2021

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm. Crashes generally trigger a fatal assertion, segmentation faults due to a buffer or heap overflow within the SoC firmware.

Firmware 88

Firmware Manufacturing IoT Technology 88