2023, Authentication, Blog and Firmware

2023

Authentication

Blog

Firmware

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software

Software Education Firmware Ransomware

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

” The vulnerabilities, tracked as CVE-2023-27357 , CVE-2023-27367 , CVE-2023-27368 , CVE-2023-27369 , CVE-2023-27370 , were demonstrated by Claroty researchers during the 2022 Pwn2Own Toronto hacking contest as part of an exploit. The remaining ones are authentication bypass and command injection flaws.

Hacking

Hacking Firmware Authentication DNS

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”

Security Boulevard

MARCH 14, 2024

Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed while searching for the FortiNAC firmware. Earlier this year, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets.

Wireless

Wireless Firmware Authentication

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting SPA112 2-Port phone adapters. “An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. The company product has reached end-of-life (EoL).

Firmware

Firmware Education Media Authentication

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware

Firmware Authentication Software Hacking

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. Attackers replaced binaries on compromised EdgeRouters with trojanized OpenSSH server binaries allowing remote attackers to bypass authentication.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom. The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. Previously we already described the BG pkeys leak impact.

Data breaches

Data breaches Ransomware Firmware Manufacturing

Malware targeting SonicWall devices could survive firmware updates

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware

Firmware Malware Encryption Authentication

Kali Linux 2023.2 Release (Hyper-V & PipeWire)

Kali Linux

MAY 29, 2023

Plus, we are now including additional firmware on all ARM images. Kali Team Discord Chat Session The next Kali Discord session will happen a week after the release, Wednesday, 7th June 2023 16:00 -> 17:00 UTC/+0 GMT. 1kali1 (2023-05-12) ┌──(kali㉿kali)-[~] └─$ uname -r 6.1.0-kali9-amd64 The version of u-boot has been bumped.

Firmware

Firmware Phishing Architecture Authentication

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

In this blog post, we’ll discuss the results of a vulnerability research study focused on a popular model of smart pet feeder. The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process.

Firmware

Firmware Passwords Manufacturing Mobile

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Webinars

Trending Sources

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Webinars

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

D-Link fixes two critical flaws in D-View 8 network management suite

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Money Message gang leaked private code signing keys from MSI data breach

Malware targeting SonicWall devices could survive firmware updates

Kali Linux 2023.2 Release (Hyper-V & PipeWire)

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Advanced threat predictions for 2023

Stay Connected