Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware 98

Firmware Hacking Cybersecurity Internet 98

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. SOCKS tunneling — Relay communication between different clients.

Firmware 98

Firmware Encryption Government Malware 98

SecureList

JULY 28, 2022

This is our latest installment, focusing on activities that we observed during Q2 2022. In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). The most remarkable findings.

Malware 145

Malware Firmware Phishing Cryptocurrency 145

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. ISP customer premise equipment (CPE) often uses this web server, and ISP subscribers will typically get these routers in loan for telephony and Internet access. released June 1, 2022). muhttpd web server. Path traversal. Vulnerabilities.

Firmware 145

Firmware Internet Internet Passwords 145

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall 144

Firewall Hacking Firmware Internet 144

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk 279

Risk VPN Internet Internet 279

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. WHO’S BEHIND SOCKSESCORT?

Malware 244

Malware VPN Internet Internet 244

Hacker Combat

SEPTEMBER 22, 2022

More than 2,000 PDUs were directly exposed to the internet in 2021, and roughly a third of those were iBoot PDUs, according to a Censys research. CVE-2022-3183 through CVE-2022-3189 are the CVE identifiers given to the seven vulnerabilities. The vendor has released firmware version 1.42.06162022 to address the problem.

Firmware 130

Firmware Firewall Manufacturing Internet 130

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware 140

Firmware Wireless DDOS IoT 140

Malwarebytes

DECEMBER 18, 2022

Which brings us to our first example: CVE-2022-34718 , a Windows TCP/IP Remote Code Execution (RCE) vulnerability with a CVSS rating of 9.8. The most accepted definition is: “A zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.”

Software 98

Software Risk Firmware Internet 98

CyberSecurity Insiders

NOVEMBER 1, 2022

Everyone who uses the internet or deals with a digital file or task uses an endpoint device. These ignored, forgotten, and un-updated (OS/firmware) connected devices can become vulnerabilities exploited by cybercriminals to gain access to networks and cloud resources. Are existing endpoint security solutions effective enough?

IoT 120

IoT Antivirus Threat Detection Cyber threats 120

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated. ” continues Armis.

Firmware 100

Firmware IoT Authentication Backups 100

The Last Watchdog

MAY 23, 2022

Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance. This was the main topic of discussion recently at DigiCert Security Summit 2022. Related: Leveraging PKI to advance electronic signatures. Today we’re in the throes of digital transformation.

Cybersecurity 214

Cybersecurity Computers and Electronics Digital transformation Encryption 214

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 126

Hacking Firmware Internet Internet 126

Malwarebytes

MAY 26, 2023

Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface. Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 98

Firmware VPN Firewall Accountability 98

Security Affairs

MAY 13, 2022

Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) Zyxel silently addressed the flaw by releasing security updates on April 28, 2022, Rapid7 pointed out that this choice leaves defenders in the dark and only advantage the attackers. If possible, enable automatic firmware updates.

Firewall 98

Firewall Firmware VPN Wireless 98

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale. I’ll keep watch and keep reporting.

IoT 220

IoT Government Internet Internet 220

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system.

IoT 128

IoT DDOS Malware Firmware 128

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease. CISA catalog.

Firmware 145

Firmware Software Risk Authentication 145

Security Affairs

SEPTEMBER 19, 2022

Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. “[CVE-2022-36158] – Hidden system command web page. .

Wireless 102

Wireless Firmware Passwords Engineering 102

Malwarebytes

AUGUST 23, 2022

The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. A Metasploit module based on the vulnerability was published by packet storm in February of 2022. Hikvision says you should download the latest firmware for your device from the global firmware portal.

Firmware 98

Firmware Internet Internet VPN 98

Security Affairs

MARCH 22, 2022

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. If every victim had paid the ransom, this attack would have netted the hackers about $4,484,700.”

Ransomware 102

Ransomware Firmware Internet Internet 102

DoublePulsar

JANUARY 15, 2025

I have been able to verify this dump is real, as devices in it are listed on Shodan and share the same unique serialnumbers: Dumped config with serial number, and Shodan internet scanning showing the same IP having the same serialnumber The dump is ordered by country. 2022 zero day was used to raid Fortigate firewall configs.

Firewall 81

Firewall VPN Passwords Firmware 81

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Number of router vulnerabilities according to cve.mitre.org, 2010–2022 ( download ). Number of router vulnerabilities according to nvd.nist.gov, 2010–2022 ( download ). Conclusion.

DDOS 133

DDOS Passwords IoT Firmware 133

Security Affairs

SEPTEMBER 19, 2022

The FunJSQ module is used in various Netgear routers and Orbi WiFi systems, the issues affecting it were discovered in May 2022 and are now fixed. “Back in May 2022, we discovered FunJSQ , a third-party gaming speed-improvement service by China-based Xiamen Xunwang Network Technology Co.,

Firmware 114

Firmware Passwords Technology Hacking 114

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” 13 Sep 2022: Details sent to ZyXEL.

Firmware 98

Firmware Passwords Hacking Cybersecurity 98

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” and QTS 4.4.1. “QNAP® Systems, Inc.

Ransomware 112

Ransomware Internet Internet Firmware 112

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. .

Firewall 137

Firewall Firmware Cyber Attacks VPN 137

Security Affairs

SEPTEMBER 6, 2024

The vendor also provided a workaround to minimize potential risks, they recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. Similarly, for SSLVPN, ensure that access is limited to trusted sources or disable SSLVPN access from the Internet. 5035 and older versions.

Firewall 128

Firewall Passwords Internet Internet 128

Security Affairs

MAY 11, 2023

“Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” We are in the final!

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

JANUARY 30, 2023

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.

Firmware 98

Firmware Hacking Internet Internet 98

SecureList

NOVEMBER 14, 2022

But first, let’s examine how they fared with the predictions for 2022. What we predicted in 2022. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors. Mobile devices exposed to wide attacks. Source: Meta.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology also warns customers of other three flaws, tracked as CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 that could allow remote attackers to run arbitrary code on affected devices. Synology products affected by the flaw are: Product Severity Fixed Release Availability DSM 7.1

Firmware 108

Firmware Hacking Cybersecurity Internet 108

Malwarebytes

APRIL 28, 2022

The vulnerabilities most urgently in need of mitigation or a fix are: CVE-2022-0194 , CVE-2022-23121 , CVE-2022-23122 and CVE-2022-23125. In real life this usually means they are used as an external hard-drive that can be accessed over an intranet or the Internet. on April 14, 2022. Version 3.0 Mitigation.

Firmware 98

Firmware Backups Internet Internet 98