2021, Firmware, Information Security and Internet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

Firmware

Firmware DDOS Malware IoT

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root.

DNS

DNS Firmware VPN Risk

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Hacking

Hacking Firmware Internet Internet

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.”

Firmware

Firmware Architecture Malware Hacking

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. ” wrote the expert. Pierluigi Paganini.

Hacking

Hacking Firmware IoT Internet

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws. ” states SAM experts.

IoT

IoT Firmware Internet Internet

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware

Firmware Authentication Hacking Software

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Expert discloses details and PoC code for Netgear Seventh Inferno bug

Security Affairs

SEPTEMBER 18, 2021

The flaws were discovered by Google security engineer Gynvael Coldwind, Netgear addressed then early this month. NETGEAR urge its customers using the following products to download the latest firmware: GC108P fixed in firmware version 1.0.8.2 GC108PP fixed in firmware version 1.0.8.2 Pierluigi Paganini.

Firmware

Firmware Engineering Passwords Hacking

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated. ” continues Armis.

Firmware

Firmware IoT Authentication Backups

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. WHO’S BEHIND SOCKSESCORT?

Malware

Malware VPN Internet Internet

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability VPN

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access.

IoT

IoT DDOS Malware Firmware

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions. ” reads the security advisory published by Nozomi Networks Labs. At the end of the process, the firmware was rewritten to the device’s memory.

Surveillance

Surveillance Hacking Firmware Manufacturing

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. . In order to protect Dahua devices, users have to install the latest firmware version. Pierluigi Paganini.

Authentication

Authentication Firmware Hacking Engineering

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. that were created from different Internet addresses in Vienna, Austria. billion last year.

Scams

Scams DDOS Cryptocurrency Accountability

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

To achieve this, attackers are also leveraging CVE-2021-28799 to deliver the new eCh0raix ransomware variant to QNAP devices.” ” Palo Alto researchers said that some 250,000 QNAP and Synology NAS devices are exposed to Internet, according to data from the Cortex Xpanse platform. .

Ransomware

Ransomware Encryption Firmware Passwords

SonicWall released patch for actively exploited SMA 100 zero-day

Security Affairs

FEBRUARY 4, 2021

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) 29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances.

Firmware

Firmware Mobile Media Internet

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

The flaws affect QNAP NAS firmware versions prior to August 2020. All NAS devices with QNAP firmware released before August 2020 are currently vulnerable to these attacks. QNAP NAS users should check and update their firmware as soon as possible. The flaws fixed by the vendor are rated as medium and high severity security.

Cryptocurrency

Cryptocurrency Firmware Malware Threat Detection

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Passwords Backups Firmware

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Security Affairs

APRIL 2, 2021

Security researchers at SAM Seamless Network discovered a couple of critical unpatched flawsin QNAP small office/home office (SOHO) network-attached storage (NAS) devices that could allow remote attackers to execute arbitrary code on vulnerable devices. February 12, 2021 – Grace period has elapsed.

Firmware

Firmware Internet Internet Authentication

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. This varies from device to device but typically is used for device telemetry, firmware updates, and device control.”

IoT

IoT Hacking Social Engineering Firmware

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware

Ransomware Accountability Firmware Antivirus

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

The vendor released security updates for all these devices and urges customers to update their installs, it also released mitigations to address the flaws. “GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities.

Firmware

Firmware VPN Firewall Risk

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

Recently QNAP addressed a critical authentication bypass issue, tracked as CVE-2021-28799 , in its Hybrid Backup Sync. If you are using a QNAP NAS device update the above apps and its firmware as soon as possible. qlocker @QNAP_nas — Jack Cable (@jackhcable) April 22, 2021. — Jack Cable (@jackhcable) April 22, 2021.

Ransomware

Ransomware Backups Media Malware

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Security Affairs

NOVEMBER 24, 2022

The researchers identified over 1 million internet-exposed Boa server components around the world over the span of a week. “Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files. ” concludes the report.

IoT

IoT Firmware Software Risk

QNAP extends security Updates for some EOL devices

Security Affairs

FEBRUARY 15, 2022

“The support for EOL models will be limited to high or critical security updates until the end of Technical Support and Security Updates date,”. In December 2021, experts also observed ech0raix ransomware attacks targeting QNAP network-attached storage (NAS) devices. Follow me on Twitter: @securityaffairs and Facebook.

Firmware

Firmware Ransomware Encryption Hacking

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

prize pool Zerodium will pay $300K for WordPress RCE exploits Crooks abuse website contact forms to deliver IcedID malware Hackers compromised APKPure client to distribute infected Apps This man was planning to kill 70% of Internet in a bomb attack against AWS.

Cyber Attacks

Cyber Attacks Firmware Malware VPN

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Netgear fixes code execution flaw in many SOHO devices

Security Affairs

NOVEMBER 17, 2021

Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear released security patches that fix the vulnerability in multiple devices and announced that it is testing additional firmware fixes. D6220 – 1.0.0.72 D8500 – 1.0.3.60

Firmware

Firmware Authentication Hacking Internet

Hackers exploit 3-years old flaw to wipe Western Digital devices

Security Affairs

JUNE 25, 2021

The vendor pointed out that both My Book Live and My Book Live Duo devices received the last firmware update back in 2015 and are no longer supported. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,” reads the security advisory.

Firmware

Firmware Internet Internet Hacking

Experts warn of active exploitation of SonicWall zero-day in the wild

Security Affairs

FEBRUARY 1, 2021

We have had confirmed receipt from yourselves — Ollie Whitehouse (@ollieatnccgroup) January 31, 2021. The experts reported the vulnerability to the security provider, they also claim to have identified the same zero-day vulnerability exploited by SolarWinds hackers to breach SonicWall’s internal network.

Firmware

Firmware Media Mobile Internet

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

The initial landing page was observed hosting the exploits for a WebKit remote code execution zero-day ( CVE-2022-42856 ) and a sandbox escape ( CVE-2021-30900 ) issue. This was recently highlighted by blog posts from Project Zero and Github Security Lab.” This vulnerability grants the attacker system access.

Spyware

Spyware Surveillance Firmware Internet

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

The nation-state actors gained access to the network by exploiting default MFA protocols and the Windows Print Spooler vulnerability, “PrintNightmare” ( CVE-2021-34527 ), reads the advisory. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner.

Accountability

Accountability Passwords Authentication Firmware

CryptoAgility to take advantage of Quantum Computing

Thales Cloud Protection & Licensing

MAY 4, 2021

Tue, 05/04/2021 - 09:40. The same goes with the advent of Quantum Computing , which is supposed to bring exponential computing power that shall not only bring endless benefits but also raises question marks on the current state of cryptography that is the bedrock of all information security as we know today.

Computers and Electronics

Computers and Electronics Banking IoT Risk

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g.,

Passwords

Passwords Government Firmware Accountability

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

Maryland was one of the very first states to recognize the importance of information security, not only as a critical issue for the nation, but also as a strategic industry for the state,” said Governor Larry Hogan. million unfilled cybersecurity positions globally by 2021 – up from 1 million in 2014. The current number of U.S.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Cyber Security Roundup for June 2021

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. Cyber Security Roundup for May 2021.

Ransomware

Ransomware Passwords Scams Cyber Attacks

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. “Firmware Update 8.2B

Firmware

Firmware Manufacturing Passwords Penetration Testing

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

Though this partnership, our research led us to discover five previously unreported vulnerabilities in the medical system which include: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7). CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). Braun on January 11, 2021.

Computers and Electronics

Computers and Electronics Authentication Software Risk

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Webinars

Trending Sources

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Webinars

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Over 80,000 Hikvision cameras can be easily hacked

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Hikvision cameras could be remotely hacked due to critical flaw

Realtek SDK flaws exploited to deliver Mirai bot variant

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Expert found a secret backdoor in Zyxel firewall and VPN

Expert discloses details and PoC code for Netgear Seventh Inferno bug

3.5m IP cameras exposed, with US in the lead

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Who and What is Behind the Malware Proxy Service SocksEscort?

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

A new Zerobot variant spreads by exploiting Apache flaws

An RCE in Annke video surveillance product allows hacking the device

PoC exploit for 2 flaws in Dahua cameras leaked online

Interview With a Crypto Scam Investment Spammer

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

SonicWall released patch for actively exploited SMA 100 zero-day

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

FBI warns of ransomware attacks targeting the food and agriculture sector

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Kalay cloud platform flaw exposes millions of IoT devices to hack

BlackByte ransomware breached at least 3 US critical infrastructure organizations

CISA is warning of vulnerabilities in GE Power Management Devices

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Threat actors exploit discontinues Boa web servers to target critical infrastructure

QNAP extends security Updates for some EOL devices

Security Affairs newsletter Round 309

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Netgear fixes code execution flaw in many SOHO devices

Hackers exploit 3-years old flaw to wipe Western Digital devices

Experts warn of active exploitation of SonicWall zero-day in the wild

Google TAG shares details about exploit chains used to install commercial spyware

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

CryptoAgility to take advantage of Quantum Computing

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Cyber Security Roundup for June 2021

Experts found backdoors in a popular Auerswald VoIP appliance

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Stay Connected