2023, Authentication, Firmware and Information Security

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware

Firmware Firewall Authentication VPN

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Zyxel addressed three RCEs in end-of-life NAS devices

Security Affairs

JUNE 5, 2024

CVE-2024-29975 : This improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 and NAS542 devices could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. The vulnerabilities affect NAS326 running firmware versions 5.21(AAZF.16)C0

Firmware

Firmware Authentication Manufacturing Hacking

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. The details of the remaining CVEs will be shared in our December 2023 public bulletin.”

Firmware

Firmware Surveillance Authentication Manufacturing

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks.” for the RAX30 router family. We are in the final!

Hacking

Hacking Firmware Authentication DNS

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware

Firmware Authentication Software Hacking

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting SPA112 2-Port phone adapters. “An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. The company product has reached end-of-life (EoL).

Firmware

Firmware Education Media Authentication

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

The researchers presented their findings at the DEFCON security conference today. The nine vulnerabilities have received CVE between CVE-2023-3259 through CVE-2023-3267. Below is the list of flaws discovered by the researchers: CyberPower PowerPanel Enterprise: CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7)

Hacking

Hacking Firmware Authentication Software

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Security Affairs

MARCH 3, 2023

“An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing access to sensitive data. In some cases, the attacker can also overwrite protected data in the TPM firmware. ” The first issue, tracked as CVE-2023-1017, is an out-of-bounds write. . ” states Quarkslab.

Firmware

Firmware IoT Authentication Hacking

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. Attackers replaced binaries on compromised EdgeRouters with trojanized OpenSSH server binaries allowing remote attackers to bypass authentication.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom. The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. Previously we already described the BG pkeys leak impact.

Data breaches

Data breaches Ransomware Firmware Manufacturing

An educational robot security research

SecureList

FEBRUARY 27, 2024

However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. This was the first security-related issue we discovered. ADB Activation We analyzed the configuration files contained in the firmware memory chip and found a setting called “ENABLE_ADB=N.”

Education

Education Manufacturing Firmware Internet

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Unauthenticated vulnerability scans should be conducted to view the systems from the perspective of an external hacker and authenticated vulnerability scans should be conducted to view systems from the perspective of a hacker with stolen credentials. Broader is always better to control risks, but can be more costly.] Policy Version Version 1.0

Penetration Testing

Penetration Testing Risk Firmware Software

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. through 5.35.

Firewall

Firewall Firmware Cyber Attacks VPN

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Cyber Security Informer

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Trending Sources

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Zyxel addressed three RCEs in end-of-life NAS devices

Chipmaker Qualcomm warns of three actively exploited zero-days

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

D-Link fixes two critical flaws in D-View 8 network management suite

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Money Message gang leaked private code signing keys from MSI data breach

An educational robot security research

Vulnerability Management Policy Template

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Stay Connected