2022, Firmware, Hacking and Surveillance

2022

Firmware

Hacking

Surveillance

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. “CVE-2022-22071 was included in our May 2022 public bulletin. ” reads the advisory.

Firmware

Firmware Surveillance Authentication Manufacturing

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. Security updates released this month also addressed a vulnerability, tracked as CVE-2022-22706 , that affects the Arm Mali GPU. In early April, U.S.

Spyware

Spyware Surveillance Firmware Hacking

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile

Mobile Hacking Firmware Surveillance

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

The first campaign was spotted in November 2022, the exploit chains discovered by TAG researchers were affecting Android and iOS and were delivered via bit.ly The initial landing page was observed hosting the exploits for a WebKit remote code execution zero-day ( CVE-2022-42856 ) and a sandbox escape ( CVE-2021-30900 ) issue.

Spyware

Spyware Surveillance Firmware Internet

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, The vulnerabilities were disclosed during the Hardwear.io

Firmware

Firmware Penetration Testing Manufacturing Authentication

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

Between February and March 2022, researchers from the FortiGuard Labs team observed Beastmode operators adding five new exploits in a few weeks, with three targeting some TOTOLINK routers. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices. SecurityAffairs – hacking, Beastmode botnet).

DDOS

DDOS Firmware Surveillance IoT

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

But first, let’s examine how they fared with the predictions for 2022. What we predicted in 2022. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors. Mobile devices exposed to wide attacks. Source: Meta.

Firmware

Firmware Surveillance Mobile Telecommunications

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. SecurityAffairs – hacking, NAS).

Ransomware

Ransomware Internet Internet Firmware

Zero-Click Attacks a Growing Threat

eSecurity Planet

FEBRUARY 22, 2022

Also read: Best Patch Management Software for 2022. Pegasus performs zero-click hacks by exploiting security flaws in popular applications installed by default on iOS and Android, such as WhatsApp, Telegram, Skype, or iMessage. It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation.

Spyware

Spyware Software Government Social Engineering

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

FormBook FormBook is an information stealer advertised in hacking forums. Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. AZORult's developers are constantly updating its capabilities.

Malware

Malware Banking Healthcare Penetration Testing

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

In June, Microsoft published a report on a threat actor named Cadet Blizzard, responsible for WhisperGate and other wipers targeting Ukrainian government agencies early in 2022. To sum up, although we did not see the same volume as we had in 2022, clearly there were some significant attacks. Drone hacking!

Hacking

Hacking Energy and Utilities Media Malware

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Another type of service sold on the dark web is IoT hacking. DeadBolt, which affected thousands of QNAP NAS devices in 2022, is a prominent example of IoT ransomware.

IoT

IoT DDOS Passwords Malware

Cyber Security Informer

Chipmaker Qualcomm warns of three actively exploited zero-days

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Webinars

Trending Sources

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Webinars

Google TAG shares details about exploit chains used to install commercial spyware

HID Mercury Access Controller flaws could allow to unlock Doors

Beastmode Mirai botnet now includes exploits for Totolink routers

Advanced threat predictions for 2023

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Zero-Click Attacks a Growing Threat

Top 10 Malware Strains of 2021

Advanced threat predictions for 2024

Overview of IoT threats in 2023

Stay Connected