2022, Firmware, Information Security and Passwords

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. SOCKS tunneling — Relay communication between different clients.

Firmware

Firmware Encryption Government Malware

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. “On April 15, 2022 , support for prior generations of My Cloud OS, including My Cloud OS 3, will end. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords

Passwords Software Firmware Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware

Firmware VPN Wireless Passwords

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. 13 Sep 2022: Details sent to ZyXEL.

Firmware

Firmware Passwords Hacking Cybersecurity

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. “[CVE-2022-36158] – Hidden system command web page.

Wireless

Wireless Firmware Passwords Engineering

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Security Affairs

SEPTEMBER 19, 2022

The FunJSQ module is used in various Netgear routers and Orbi WiFi systems, the issues affecting it were discovered in May 2022 and are now fixed. “Back in May 2022, we discovered FunJSQ , a third-party gaming speed-improvement service by China-based Xiamen Xunwang Network Technology Co.,

Firmware

Firmware Passwords Technology Hacking

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. ” concludes the advisory.

Firmware

Firmware Authentication Passwords Manufacturing

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. 13 Sep 2022: Details sent to ZyXEL.

Firmware

Firmware Passwords Hacking Cybersecurity

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

.” The vulnerabilities, tracked as CVE-2023-27357 , CVE-2023-27367 , CVE-2023-27368 , CVE-2023-27369 , CVE-2023-27370 , were demonstrated by Claroty researchers during the 2022 Pwn2Own Toronto hacking contest as part of an exploit. “NETGEAR is aware of multiple security vulnerabilities on the RAX30. We are in the final!

Hacking

Hacking Firmware Authentication DNS

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system. The Go-based botnet spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. Adopt a comprehensive IoT security solution.

IoT

IoT DDOS Malware Firmware

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. No username or password needed nor any actions need to be initiated by the camera owner. wrote the expert. “.

Hacking

Hacking Firmware Internet Internet

Downfall Intel CPU side-channel attack exposes sensitive data

Security Affairs

AUGUST 9, 2023

Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982. Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

Firmware

Firmware Encryption Software Banking

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The CVE-2022-47391 received a severity rating of 7.5, “The discovery of these vulnerabilities highlights the critical importance of ensuring the security of industrial control systems and underscores the need for continuous monitoring and protection of these environments.” ” reads the advisory published by Microsoft.

Authentication

Authentication Firmware Hacking Passwords

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. Upgrade to the latest firmware version.

Energy and Utilities

Energy and Utilities Government Firewall Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. The FBI is seeking any information that can be shared related to the operations of the BlackCat ransomware operation. Regularly back up data, air gap, and password-protect backup copies offline.

Ransomware

Ransomware Antivirus Passwords Malware

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network.

Hacking

Hacking Internet Internet Passwords

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. “They were clearly reacting and trying to maintain control over components of the botnet,” Adamitis said.

Malware

Malware VPN Internet Internet

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs

JANUARY 25, 2022

This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, The news of the exploitation of the issue in the wild was confirmed by the security firm NCC Group. Experts also warned of some password spraying attacks attempting to compromise devices using default passwords. 37sv, 10.2.1.1-19sv,

Mobile

Mobile Passwords Firmware Firewall

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches

Data breaches Cybercrime Ransomware Passwords

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

Once the ransomware has infected a device, it moves all the files on the NAS into password-protected 7z archives and demands the payment of a $550 ransom. “It seems like a new version of the QLocker ransomware appeared on 06/1/2022. Up to date apps and firmware seem not to help either.”

Ransomware

Ransomware Encryption Backups Firmware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Nominate Pierluigi Paganini and Security Affairs here here: [link] Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. We are in the final !

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. “The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [ T1098 ] for ESXi servers in the environment. If you use Remote Desktop Protocol (RDP), secure and monitor it.

Ransomware

Ransomware VPN Cybercrime Accountability

Report Reveals Top Cyber Threats, Trends of 2023 First Half

SecureWorld News

JUNE 13, 2023

It's estimated LockBit had nearly 1,100 victims in 2022 alone. Two-step phishing attacks involve threat actors using compromised vendors to target potential victims by creating convincing emails that resemble legitimate vendor communications, often related to DocuSign, orders, invoices, or tracking information.

Cyber threats

Cyber threats Malware Phishing Penetration Testing

Cyber Security Roundup for June 2021

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. VULNERABILITIES AND SECURITY UPDATES.

Ransomware

Ransomware Passwords Scams Cyber Attacks

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The researchers first uncovered the operation of the Lemon Group in February 2022. Soon after the security firm published a report on the group, the gang rebranded under the name ‘Durian Cloud SMS’, but maintained the C2 infrastructure. ” The overlap suggests that the two groups likely collaborated at some point.

Mobile

Mobile Advertising Malware Cybercrime

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences.

Hacking

Hacking Energy and Utilities Manufacturing Firmware

Cyber Security Informer

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Western Digital customers have to update their My Cloud devices to latest firmware version

Webinars

Trending Sources

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Webinars

ASUS addressed critical flaws in some router models

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

A new Zerobot variant spreads by exploiting Apache flaws

Over 80,000 Hikvision cameras can be easily hacked

Downfall Intel CPU side-channel attack exposes sensitive data

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

BlackCat Ransomware gang breached over 60 orgs worldwide

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Who and What is Behind the Malware Proxy Service SocksEscort?

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Daixin Team targets health organizations with ransomware, US agencies warn

Report Reveals Top Cyber Threats, Trends of 2023 First Half

Cyber Security Roundup for June 2021

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

The Hacker Mind Podcast: Hacking Industrial Control Systems

Stay Connected