2022, Blog, Firmware and Hacking - Cyber Security Informer

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall

Firewall VPN Firmware Internet

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

Firmware

Firmware Education Media Hacking

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” 13 Sep 2022: Details sent to ZyXEL.

Firmware

Firmware Passwords Hacking Cybersecurity

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

The platform provides real-time monitoring and control, it also supports advanced features such as device management, software and firmware updates, GPS tracking, and data visualization. ” reads the advisory from CISA.

Hacking

Hacking Internet Internet Manufacturing

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile

Mobile Hacking Firmware Surveillance

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware

Firmware Penetration Testing Manufacturing Authentication

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

The vulnerabilities were reported to the company on December 23, 2022 through Trend Micro’s Zero Day Initiative (ZDI). “Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. ” We are in the final!

Firmware

Firmware Authentication Software Hacking

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) Zyxel silently addressed the flaw by releasing security updates on April 28, 2022, Rapid7 pointed out that this choice leaves defenders in the dark and only advantage the attackers. If possible, enable automatic firmware updates.

Firewall

Firewall Firmware VPN Wireless

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. SecurityAffairs – hacking, domain name system). Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Ransomware

Ransomware Firmware Hacking Manufacturing

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” 13 Sep 2022: Details sent to ZyXEL.

Firmware

Firmware Passwords Hacking Cybersecurity

Synology and QNAP warn of critical Netatalk flaws in some of their products

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology also warns customers of other three flaws, tracked as CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 that could allow remote attackers to run arbitrary code on affected devices. SecurityAffairs – hacking, Synology). Critical Upgrade to 7.1-42661-1 42661-1 or above.

Firmware

Firmware Hacking Cybersecurity Internet

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event. In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. A remote attacker can trigger the issue to inject commands that should be executed on the device.

DDOS

DDOS Engineering Firmware Architecture

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The vulnerabilities affecting the Lenovo UEFI result from the use of two UEFI firmware drivers, named SecureBackDoor and SecureBackDoorPeim respectively. SecurityAffairs – hacking, Lenove).

Firmware

Firmware Manufacturing Hacking Cybersecurity

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. “At its peak on January 26th, 2022, Censys observed 4,988 Deadbolt-infected services out of the 130,000 QNAP devices currently on the internet. Pierluigi Paganini.

Ransomware

Ransomware Firmware Internet Internet

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs

APRIL 24, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Cyber Insurance

Cyber Insurance Spyware Firmware Insurance

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

The first campaign was spotted in November 2022, the exploit chains discovered by TAG researchers were affecting Android and iOS and were delivered via bit.ly The initial landing page was observed hosting the exploits for a WebKit remote code execution zero-day ( CVE-2022-42856 ) and a sandbox escape ( CVE-2021-30900 ) issue.

Spyware

Spyware Surveillance Firmware Internet

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. Upgrade to the latest firmware version.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? SecurityAffairs – hacking, newsletter).

Spyware

Spyware Firmware Ransomware Scams

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. To nominate, please visit:?

Firmware

Firmware Malware Cybersecurity Hacking

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches Cybercrime Ransomware Passwords

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. SecurityAffairs – hacking, NAS). In February, storage solutions provider Asustor warned its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices.

Ransomware

Ransomware Internet Internet Firmware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly.

Data breaches

Data breaches Ransomware Firmware Manufacturing

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. SecurityAffairs – hacking, BlackCat ransomware). hard drive, storage device, the cloud). To nominate, please visit:?

Ransomware

Ransomware Antivirus Passwords Malware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. It includes discovery of other devices on the network by querying the Address Resolution Protocol (ARP) table to obtain MAC addresses. ” continues the report.

Malware

Malware Firmware Government Education

Critical fixed critical flaws in Cisco Small Business Switches

Security Affairs

MAY 18, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Small Business

Small Business Firmware Hacking Cybersecurity

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

“The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. SecurityAffairs – hacking, Russia).

Malware

Malware Government Firmware Firewall

Secure Kali Pi (2022)

Kali Linux

AUGUST 1, 2022

This is the first part of a 3 part series of blog posts surrounding Kali usage on Raspberry Pi devices. This might sound like a lot, but it’s rather straightforward even if there are a fair few steps. The /boot/cmdline.txt file on a RPi device is used to pass the kernel command line options.

Encryption

Encryption Passwords Backups Firmware

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. SOCKS tunneling — Relay communication between different clients.

Firmware

Firmware Encryption Government Malware

Kali Linux 2022.4 Release (Azure, Social & Kali NetHunter Pro)

Kali Linux

DECEMBER 5, 2022

Before the year is over, we thought it was best to get the final 2022 release out. Instead, we automatically post blog posts thus these accounts are mostly unmonitored! For all those that have a PinePhone or a PinePhone Pro, hop over to our download page and join the brave new world of mobile hacking.

Firmware

Firmware Wireless Mobile Media

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

CVE-2022-4886 (Path Sanitization Bypass): This 8.8-level The problem: VMware Carbon Black researchers detailed the findings in a blog post. Twelve drivers can subvert security mechanisms, while seven enable firmware erasure in SPI flash memory, rendering the system unbootable.

Software

Software Education Ransomware Firmware

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The researchers first uncovered the operation of the Lemon Group in February 2022. Threat actors compromised third-party software or the installation of malware-laced firmware. Please nominate Security Affairs as your favorite blog. ” The overlap suggests that the two groups likely collaborated at some point.

Mobile

Mobile Advertising Malware Cybercrime

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019).

Phishing

Phishing Spyware Firmware Malware

Why Healthcare IoT Requires Strong Machine Identity Management

Security Boulevard

MAY 30, 2022

Mon, 05/30/2022 - 12:04. IoT Business News has also published a list of four types of medical devices that are susceptible to hacking which include: wireless infusion pumps, implanted devices, smartpens, and vital sign monitors. Secure IoT firmware and authenticated devices offer benefits that extend to the entire healthcare ecosystem.

Healthcare

Healthcare IoT Manufacturing Risk

IoT and Machine Identity Management in Financial Services

Security Boulevard

JUNE 28, 2022

Tue, 06/28/2022 - 17:39. IoT has helped mitigate many risks associated with fraud and has helped detect and block hacked accounts. Secure Firmware Updates Are a Necessity for Resilient IoT Deployments. IoT and Machine Identity Management in Financial Services. brooke.crothers. How is IoT changing the financial sector?

Financial Services

Financial Services IoT Banking Retail

Kali Linux 2022.2 Release (GNOME 42, KDE 5.24 & hollywood-activate)

Kali Linux

MAY 15, 2022

Hacking as shown in popular media, has ranged from really fun to completely absurd, so we saw the opportunity to do a tribute to some of our favourite instances (and get a little nostalgic). 1kali1 (2022-04-01) ┌──(kali㉿kali)-[~] └─$ uname -r 5.16.0-kali7-amd64 We have a RSS feeds & newsletter of our blog !

Wireless

Wireless Firmware Architecture Media

Cyber Security Roundup for June 2021

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. report claimed millions of UK people could be at risk of being hacked due to using outdated home routers. a lack of firmware updates, important for security and performance.

Ransomware

Ransomware Passwords Scams Cyber Attacks

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Webinars

Trending Sources

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Webinars

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

HP would take up to 90 days to fix a critical bug in some business-grade printers

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

HID Mercury Access Controller flaws could allow to unlock Doors

D-Link fixes two critical flaws in D-View 8 network management suite

Zyxel fixed firewall unauthenticated remote command injection issue

Experts show how to run malware on chips of a turned-off iPhone

MSI confirms security breach after Money Message ransomware attack

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Synology and QNAP warn of critical Netatalk flaws in some of their products

A new Mirai botnet variant targets TP-Link Archer A21

ESET warns of three flaws that affect over 100 Lenovo notebook models

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs newsletter Round 362 by Pierluigi Paganini

Google TAG shares details about exploit chains used to install commercial spyware

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs newsletter Round 368 by Pierluigi Paganini

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Money Message gang leaked private code signing keys from MSI data breach

BlackCat Ransomware gang breached over 60 orgs worldwide

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Critical fixed critical flaws in Cisco Small Business Switches

US dismantled the Russia-linked Cyclops Blink botnet

Secure Kali Pi (2022)

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Kali Linux 2022.4 Release (Azure, Social & Kali NetHunter Pro)

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

IT threat evolution Q1 2022

Why Healthcare IoT Requires Strong Machine Identity Management

IoT and Machine Identity Management in Financial Services

Kali Linux 2022.2 Release (GNOME 42, KDE 5.24 & hollywood-activate)

Cyber Security Roundup for June 2021

Stay Connected