2022, DNS and Firmware - Cyber Security Informer

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

In our APT predictions for 2022 , we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools. In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. an evil maid attack scenario).

Firmware

Firmware DNS Malware Technology

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019).

Phishing

Phishing Spyware Firmware Malware

Update now! Many HP printers affected by three critical security vulnerabilities

Malwarebytes

MARCH 24, 2022

CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. CVE-2022-24291 (CVSS 7.5 out of 10).

Firmware

Firmware DNS Software

Unfixed vulnerability in popular library puts IoT products at risk

Malwarebytes

MAY 4, 2022

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. Similar to other C standard libraries, uClibc provides an extensive DNS client interface that allows programs to readily perform lookups and other DNS-related requests.

IoT

IoT DNS Risk Internet

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks.” ” reads the advisory published by NETGEAR.

Hacking

Hacking Firmware Authentication DNS

Massive Surge in DDoS Attacks Reported in First Quarter of 2023

CyberSecurity Insiders

APRIL 12, 2023

E-commerce confronted significant challenges, withstanding 22% of attacks and a 51% increase compared to Q1 2022. targeting the DNS, and the remaining 3.7% in Q1 2022 to 6.4% Keep software, firmware, and security patches up to date to minimize vulnerabilities that could be exploited by attackers.

DDOS

DDOS Telecommunications Data breaches DNS

Memory Safe Languages in Android 13

Google Security

DECEMBER 1, 2022

From 2019 to 2022 the annual number of memory safety vulnerabilities dropped from 223 down to 85. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities. So, what gives?

DNS

DNS Accountability Firmware Risk

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

How it started In 2022, we came across two unexpected detections within the WININIT.EXE process of an older code which was earlier observed in Equation malware. During our analysis, the file was last updated on February 24, 2022, and the number of initial infections stood at 160,000 victims as of June 2022.

Malware

Malware DNS Encryption Cryptocurrency

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

The platform provides real-time monitoring and control, it also supports advanced features such as device management, software and firmware updates, GPS tracking, and data visualization. The compromised industrial devices may also be used to launch attacks against other devices or networks.” ” reads the advisory from CISA.

Hacking

Hacking Internet Internet Manufacturing

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network.

Hacking

Hacking Internet Internet Manufacturing

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

DeadBolt, which affected thousands of QNAP NAS devices in 2022, is a prominent example of IoT ransomware. The attack took advantage of CVE-2022-27593 , a vulnerability that allowed bad actors to modify system files on the box. DNS changer Malicious actors may use IoT devices to target users who connect to them.

IoT

IoT DDOS Passwords Malware

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking

Banking Malware Computers and Electronics Mobile

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

50,000 DDoS attacks on public domain name service (DNS) resolvers. 553% increase in DNS Flood attacks from 1H 2020 to 2H 2023. DDoS attacks on single networks or websites render them unavailable, but DDoS attacks on DNS resolvers bring down all networks and websites using that DNS resource.

Cybersecurity

Cybersecurity DDOS Penetration Testing Ransomware

Remotely Accessing Secure Kali Pi

Kali Linux

NOVEMBER 27, 2022

In Secure Kali Pi (2022) , the first blog post in the Raspberry Pi series, we set up a Raspberry Pi 4 with full disk encryption. author: Broadcom Corporation firmware: brcm/brcmfmac*-sdio.*.bin bin firmware: brcm/brcmfmac*-sdio.*.txt We mentioned that we can leave it somewhere as a drop box. wireless LAN fullmac driver.

Firmware

Firmware Wireless Passwords VPN

APT trends report Q1 2022

SecureList

APRIL 27, 2022

This is our latest installment, focusing on activities that we observed during Q1 2022. In late February 2022, we identified two archives submitted from network addresses in Ukraine to an online multi-scanner service. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology.

Malware

Malware Firmware Government Phishing

Cyber Security Informer

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

IT threat evolution Q1 2022

Trending Sources

Update now! Many HP printers affected by three critical security vulnerabilities

Unfixed vulnerability in popular library puts IoT products at risk

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Massive Surge in DDoS Attacks Reported in First Quarter of 2023

Memory Safe Languages in Android 13

StripedFly: Perennially flying under the radar

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Overview of IoT threats in 2023

IT threat evolution Q1 2024

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Remotely Accessing Secure Kali Pi

APT trends report Q1 2022

Stay Connected