SecureList

JULY 25, 2022

In our APT predictions for 2022 , we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools. In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. an evil maid attack scenario).

Firmware 145

Firmware DNS Malware Technology 145

The Hacker News

DECEMBER 9, 2022

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition.

Firmware 88

Firmware 88

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware 102

Firmware Engineering Ransomware Malware 102

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. “On April 15, 2022 , support for prior generations of My Cloud OS, including My Cloud OS 3, will end. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware 101

Firmware Architecture Internet Internet 101

Schneier on Security

MARCH 8, 2023

These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.

Malware 237

Malware Firmware Software Hacking 237

Bleeping Computer

DECEMBER 12, 2023

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [.]

Firewall 121

Firewall Firmware 121

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. The most severe flaw is an integer overflow to buffer overflow in Automotive tracked as CVE-2022-33219 (CVSS Score 9.3). ” reads the advisory. .” ” reads the advisory.

Firmware 86

Firmware Manufacturing Software Hacking 86

Security Affairs

FEBRUARY 1, 2023

On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw.

Internet 98

Internet Internet Firmware IoT 98

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware 87

Firmware VPN Risk Cybersecurity 87

Security Boulevard

MAY 12, 2022

The Eclypsium research team has detected in-the-wild exploitation of CVE-2022-1388 by multiple threat actors. This CVE impacts all F5 BIG-IP firmware versions released prior to May 4, 2022. . The post Active Exploitation of F5 BIG-IP Devices (CVE-2022-1388) appeared first on Security Boulevard.

Firmware 52

Firmware 52

Krebs on Security

JUNE 8, 2023

More alarmingly, the company said it appears attackers first started exploiting the flaw in October 2022. “One of the goals of malware is to be hard to remove, and this suggests the malware compromised the firmware itself to make it really hard to remove and really stealthy,” Weaver said.

Firmware 313

Firmware Malware Software Ransomware 313

The Hacker News

SEPTEMBER 7, 2022

Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. A format string vulnerability was found in a

Firmware 95

Firmware 95

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall 74

Firewall VPN Firmware Internet 74

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 83

Firmware VPN Wireless Passwords 83

The Hacker News

MARCH 22, 2022

Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI).

Firmware 102

Firmware Software 102

The Hacker News

APRIL 22, 2022

The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. and earlier

Firmware 97

Firmware 97

Malwarebytes

MAY 6, 2022

April 2022 was most notable for the emergence of three new ransomware-as-a-service ( RaaS ) groups— Onyx , Mindware , and Black Basta —as well as the unwelcome return of REvil , one of the world’s most notorious and dangerous ransomware operations. Ransomware attacks in April 2022. Known ransomware attacks in April 2022 by country.

Ransomware 77

Ransomware Encryption Accountability Technology 77

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. Similarly, at the beginning of February 2022, we noticed a huge spike in the amount of activity related to Gamaredon C&C servers. It directly affected satellite modems firmwares , but was still to be understood as of mid-March.

DDOS 136

DDOS Ransomware Government Energy and Utilities 136

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall 126

Firewall Hacking Firmware Internet 126

Malwarebytes

APRIL 11, 2022

In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. The post Ransomware: March 2022 review appeared first on Malwarebytes Labs.

Ransomware 69

Ransomware Firmware Accountability Technology 69

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal).

Ransomware 68

Ransomware Phishing Accountability Technology 68

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. “CVE-2022-22071 was included in our May 2022 public bulletin. ” reads the advisory.

Firmware 99

Firmware Surveillance Authentication Manufacturing 99

Security Affairs

NOVEMBER 9, 2022

Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Firmware 94

Firmware Manufacturing Hacking Software 94

Malwarebytes

DECEMBER 18, 2022

Which brings us to our first example: CVE-2022-34718 , a Windows TCP/IP Remote Code Execution (RCE) vulnerability with a CVSS rating of 9.8. The most accepted definition is: “A zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.”

Software 73

Software Risk Firmware Internet 73

Bleeping Computer

NOVEMBER 7, 2021

Microsoft said that the new Windows Update for Business deployment service for drivers and firmware will be available in Microsoft Endpoint Manager and in Microsoft Graph as a public preview starting with the first half of 2022. [.].

Firmware 137

Firmware 137

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” 13 Sep 2022: Details sent to ZyXEL.

Firmware 98

Firmware Passwords Hacking Cybersecurity 98

Malwarebytes

MARCH 24, 2022

CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 CVE-2022-24291 (CVSS 7.5 out of 10) CVE-2022-24292 (CVSS 9.8 out of 10) CVE-2022-24293 (CVSS 9.8 Link-Local Multicast Name Resolution. This is a set of three vulnerabilities, of which two have been rated as critical and one rated “high”. out of 10).

Firmware 144

Firmware DNS Software 144

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall 94

Firewall Firmware VPN Authentication 94

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” ” The attack chain starts with the exploitation of the CVE-2022-42475 vulnerability for FortiGate devices. .” COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware 107

Malware Firmware VPN Backups 107

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 89

Firmware Authentication Passwords Hacking 89

CyberSecurity Insiders

NOVEMBER 1, 2022

These ignored, forgotten, and un-updated (OS/firmware) connected devices can become vulnerabilities exploited by cybercriminals to gain access to networks and cloud resources. Forrester released its 2022 State of Endpoint Security report in July this year, saying that buyers are seeking better product efficacy and integrated data security.

IoT 120

IoT Antivirus Threat Detection Cyber threats 120

Malwarebytes

MAY 26, 2023

The CVEs patched in these updates are: CVE-2023-33009 : A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25 out of 10.

Firmware 77

Firmware VPN Firewall Accountability 77

The Hacker News

NOVEMBER 29, 2022

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

Firmware 94

Firmware 94

Security Affairs

JULY 14, 2023

Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 reads the analysis published by the experts.

Firmware 97

Firmware Malware CISO Hacking 97

Heimadal Security

APRIL 27, 2023

The flaw in the TP-Link Archer AX21 firmware was discovered back in December 2022, and the company released a patch in March. A TP-Link Archer A21 (AX1800) consumer-grade WiFi router vulnerability has been used by Mirai botnet to launch DDoS attacks against IoT devices.

Firmware 91

Firmware DDOS IoT Cybersecurity 91

eSecurity Planet

JULY 8, 2022

“With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS. The post Best Disaster Recovery Solutions for 2022 appeared first on eSecurityPlanet. Also see the Best Business Continuity Solutions.

Backups 142

Backups Ransomware Technology Marketing 142

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

Firmware 89

Firmware Education Media Hacking 89