2022, Firmware and Information Security

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. The security firm reported that this vulnerability is being used in attacks against a small set of specific organizations, primarily in South Asia. reads the advisory. MR5 (18.5.5), v19.0

Firmware

Firmware Firewall Internet Internet

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

released in October 2022. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” ” reported Heise Security.

VPN

VPN Passwords Firewall Firmware

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. A remote attacker can trigger these flaws to execute arbitrary code on the vulnerable systems in the early stages of the boot avoiding the detection of security features.

Firmware

Firmware Hacking Technology Information Security

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Between 2020 and 2022, attackers launched multiple campaigns to exploit zero-day vulnerabilities in publicly accessible network appliances, focusing on WAN-facing services. Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices.

Firmware

Firmware Government Firewall Malware

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Security Affairs

JANUARY 17, 2025

ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

Firmware

Firmware Technology Software Manufacturing

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. “On April 15, 2022 , support for prior generations of My Cloud OS, including My Cloud OS 3, will end. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Some firmware bugs in HP business devices are yet to be fixed

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware

Firmware Hacking Information Security

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Security Affairs

MARCH 9, 2022

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. High CVE-2022-23924 BRLY-2021-032 SMM heap buffer overflow (arbitrary code execution) 8.2 ” reads the analysis published by Binarly. .

Firmware

Firmware Hacking Technology Cybersecurity

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. SOCKS tunneling — Relay communication between different clients.

Firmware

Firmware Encryption Government Malware

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall

Firewall VPN Firmware Internet

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. CVE-2022-33265 (CVSS Score 7.3) – the flaw is an Information exposure in Powerline Communication Firmware.

Firmware

Firmware Manufacturing Software Hacking

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Security Affairs

FEBRUARY 1, 2023

On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw.

Internet

Internet Internet Firmware IoT

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. Please contact your device manufacturer for more information on the patch status about specific devices.” ” reads the advisory.

Firmware

Firmware Surveillance Authentication Manufacturing

Lenovo warns of flaws that can be used to bypass security features

Security Affairs

NOVEMBER 9, 2022

Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1

Firmware

Firmware Manufacturing Hacking Software

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall

Firewall Hacking Firmware Internet

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware

Firmware VPN Wireless Passwords

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware

Firmware Penetration Testing Manufacturing Authentication

A flaw in some Acer laptops can be used to bypass security features

Security Affairs

NOVEMBER 28, 2022

The experts explained that the flaw, tracked as CVE-2022-4020 , is similar to the Lenovo vulnerabilities the company disclosed earlier this month. Same as in Lenovo’s case, an attacker can trigger the issue to deactivate the UEFI Secure Boot by creating NVRAM variable directly from OS. Pierluigi Paganini.

Firmware

Firmware Hacking Information Security

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” ” The attack chain starts with the exploitation of the CVE-2022-42475 vulnerability for FortiGate devices. .” reads the advisory published by the security vendor. ” continues the report.

Malware

Malware Firmware VPN Backups

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers.

Firmware

Firmware Passwords Authentication Manufacturing

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” 13 Sep 2022: Details sent to ZyXEL.

Firmware

Firmware Passwords Hacking Cybersecurity

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Security Affairs

SEPTEMBER 19, 2022

The FunJSQ module is used in various Netgear routers and Orbi WiFi systems, the issues affecting it were discovered in May 2022 and are now fixed. “Back in May 2022, we discovered FunJSQ , a third-party gaming speed-improvement service by China-based Xiamen Xunwang Network Technology Co.,

Firmware

Firmware Passwords Technology Hacking

Three critical RCE flaws affect hundreds of HP printer models

Security Affairs

MARCH 22, 2022

HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS score 8.4), that could lead to remote code execution on vulnerable devices. HP already addressed the flaw with the release of firmware security updates for the majority of the affected devices. Pierluigi Paganini.

Firmware

Firmware Hacking Data breaches Information Security

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) Zyxel silently addressed the flaw by releasing security updates on April 28, 2022, Rapid7 pointed out that this choice leaves defenders in the dark and only advantage the attackers. Commands are executed as the nobody user.”

Firewall

Firewall Firmware VPN Wireless

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated.

Firmware

Firmware IoT Authentication Backups

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. “[CVE-2022-36158] – Hidden system command web page. .

Wireless

Wireless Firmware Passwords Engineering

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. 11)C0 and earlier V5.21(AAZF.12)C0

Firewall

Firewall Firmware Authentication VPN

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware

Firmware Wireless DDOS IoT

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos experts investigated an infection of DirectLogic PLCs from Automation Direct, they performed reverse engineering of the password cracking tool and discovered it did not crack the password at all, rather, it exploited a vulnerability in the firmware to retrieve the password on command. ” reads the advisory published by Dragos.

Passwords

Passwords Software Firmware Malware

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. and having IPsec enabled.

Firmware

Firmware Education Media Hacking

QNAP addresses a critical flaw impacting its NAS devices

Security Affairs

JANUARY 30, 2023

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.

Firmware

Firmware Hacking Internet Internet

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

Between February and March 2022, researchers from the FortiGuard Labs team observed Beastmode operators adding five new exploits in a few weeks, with three targeting some TOTOLINK routers. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware Internet Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system. The Go-based botnet spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

The source code of the BlackLotus UEFI Bootkit was leaked on GitHub

Security Affairs

JULY 14, 2023

Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1

Firmware

Firmware Malware Hacking CISO

BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

Security Affairs

MARCH 1, 2023

ESET discovered a stealthy Unified Extensible Firmware Interface (UEFI) bootkit dubbed BlackLotus that is able to bypass the Secure Boot on Windows 11. Researchers from ESET discovered a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11.

Firmware

Firmware Malware Hacking Security Defenses

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

The vulnerabilities were reported to the company on December 23, 2022 through Trend Micro’s Zero Day Initiative (ZDI). “Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. ” We are in the final!

Firmware

Firmware Authentication Software Hacking

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. To nominate, please visit:?

Malware

Malware Wireless Firmware Mobile

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Trending Sources

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Western Digital customers have to update their My Cloud devices to latest firmware version

Some firmware bugs in HP business devices are yet to be fixed

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Chipmaker Qualcomm warns of three actively exploited zero-days

Lenovo warns of flaws that can be used to bypass security features

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

ASUS addressed critical flaws in some router models

HID Mercury Access Controller flaws could allow to unlock Doors

A flaw in some Acer laptops can be used to bypass security features

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Three critical RCE flaws affect hundreds of HP printer models

Zyxel fixed firewall unauthenticated remote command injection issue

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Zyxel addressed a critical RCE flaw in its NAS devices

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

HP would take up to 90 days to fix a critical bug in some business-grade printers

QNAP addresses a critical flaw impacting its NAS devices

Beastmode Mirai botnet now includes exploits for Totolink routers

Over 80,000 Hikvision cameras can be easily hacked

A new Zerobot variant spreads by exploiting Apache flaws

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

The source code of the BlackLotus UEFI Bootkit was leaked on GitHub

BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

D-Link fixes two critical flaws in D-View 8 network management suite

Experts show how to run malware on chips of a turned-off iPhone

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Stay Connected