Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.” MR5 (18.5.5), v19.0

Firmware 133

Firmware Firewall Internet Internet 133

Penetration Testing

APRIL 6, 2024

A serious vulnerability has been uncovered in Brocade Fabric OS, the firmware used by popular Fibre Channel switches found in numerous enterprise data centers.

Penetration Testing 138

Penetration Testing Firmware 138

Krebs on Security

JUNE 8, 2023

On May 19, Barracuda identified that the malicious traffic was taking advantage of a previously unknown vulnerability in its ESG appliances, and on May 20 the company pushed a patch for the flaw to all affected appliances ( CVE-2023-2868 ). “That’s not a ransomware actor, that’s a state actor.

Firmware 340

Firmware Malware Software Ransomware 340

The Hacker News

MAY 31, 2023

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023.

Firmware 98

Firmware Cybersecurity 98

eSecurity Planet

MAY 29, 2025

How the attack works The hackers exploited a known security flaw, CVE-2023-39780 a command injection vulnerability to run system commands on the routers. Stored the backdoor in NVRAM, a memory that survives both reboots and firmware updates. Update your routers firmware; ASUS has already released a fix for CVE-2023-39780.

Firmware 62

Firmware Internet Internet Small Business 62

Security Affairs

JANUARY 27, 2023

Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560, that impacts more than 100 printer models.

Hacking 98

Hacking Firmware 98

Security Affairs

MAY 1, 2025

SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475 , in its SMA100 Secure Mobile Access appliances. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv 62sv and higher versions (Fixed on December 4, 2023) CVE-2024-38475 – 10.2.1.14-75sv

Firmware 70

Firmware Mobile VPN Authentication 70

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware 98

Firmware Encryption Government Malware 98

Security Affairs

MARCH 9, 2025

“In 2023, the manufacturer Espressif reported in a statement that one billion units of this chip had been sold worldwide to date.” Through reverse engineering, Targolic researchers discovered hidden commeds (code 0x3F) in the ESP32 Bluetooth firmware. ” continues the researchers.

Manufacturing 129

Manufacturing IoT Firmware Mobile 129

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. In both cases, we described new UEFI firmware bootkits that managed to propagate malicious components from the deepest layers of the machine up to Windows’ user-land.

Firmware 130

Firmware Surveillance Mobile Telecommunications 130

Penetration Testing

JANUARY 14, 2024

Recently, NVIDIA has released a crucial firmware security update for its advanced computing systems, the DGX A100 and H100.

Firmware 96

Firmware Penetration Testing 96

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware checked for the presence of a firmware upgrade every ten seconds. The malware was able to steal user credentials and provide shell access. or higher, which includes hardening enhancements.

Firmware 98

Firmware Malware Encryption Authentication 98

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, in its firewall devices.

Firmware 98

Firmware Firewall Authentication VPN 98

Security Affairs

DECEMBER 26, 2024

. “Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” in newer ones. ” concludes the report.

Manufacturing 91

Manufacturing Malware Firmware IoT 91

Security Affairs

MAY 2, 2025

An attacker can exploit the flaw to map URLs to file system locations that are permitted to be served by the server CVE-2023-44221 (CVSS score: 7.2) SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv The company addressed the flaws with the following releases: CVE-2023-44221 10.2.1.10-62sv and earlier.

Firmware 72

Firmware Authentication VPN Mobile 72

Security Affairs

JUNE 25, 2024

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware 127

Firmware Hacking Cybercrime Information Security 127

Security Boulevard

JUNE 3, 2025

The attack, dubbed ViciousTrap, exploits CVE-2023-39780a command injection vulnerabilityto deploy malware that persists even after reboots and firmware updates. Cybersecurity Dive) The post ASUS Router Hijackings Highlight Urgent Need for Advanced Threat Detection and Response appeared first on Seceon Inc.

Threat Detection 52

Threat Detection Firmware Malware Cybersecurity 52

CyberSecurity Insiders

APRIL 12, 2023

StormWall , a premier cybersecurity firm specializing in the defense of websites, networks, and online services from Distributed Denial of Service (DDoS) attacks, has published an in-depth report on the DDoS landscape during the first quarter of 2023.

DDOS 129

DDOS Telecommunications Data breaches DNS 129

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT 139

IoT DDOS Passwords Malware 139

SecureList

JANUARY 17, 2025

Firmware The MMB runs on Linux, and its filesystems are located on the eMMC. Custom IPC Inside the head unit, firmware services use custom IPC protocols for communication between their own threads, other services and other ECUs. For seamless and stable investigation, we created a script that continuously sent this message in a loop.

Backups 124

Backups Architecture Firmware Software 124

Security Affairs

JANUARY 24, 2025

In March 2023, Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540 , deployed custom malware on a SonicWall SMA appliance.The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. ” concludes the advisory.

Firmware 75

Firmware Malware Authentication Mobile 75

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. The details of the remaining CVEs will be shared in our December 2023 public bulletin.”

Firmware 128

Firmware Surveillance Authentication Manufacturing 128

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. ” states CERT/CC. . ” states CERT/CC. . ” states CERT/CC.

Firmware 134

Firmware DNS Advertising Architecture 134

Security Affairs

JANUARY 14, 2025

” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14 ” In June 2023, Fortinet addressed a critical flaw, tracked as CVE-2023-27997,in FortiOS and FortiProxy that was exploited in a limited number of attacks. The threat actors used a workstation hostname ofkali.

Firewall 85

Firewall VPN Accountability Firmware 85

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. Here are five specific trends for 2023 that you need to be aware of: The business of cybercrime will be further professionalized. For more information, visit www.netwrix.com.

Cybersecurity 116

Cybersecurity Cybercrime Social Engineering Risk 116

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 112

Software Ransomware Education Firmware 112

Security Affairs

JANUARY 15, 2024

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. The vulnerability was reported to the vendor in August 2023 and was addressed by the vendor in November 2023.

Firmware 136

Firmware IoT Hacking Information Security 136

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices.

Spyware 98

Spyware Surveillance Firmware Hacking 98

Security Affairs

SEPTEMBER 6, 2023

The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_iperf3_svr.cgi API has a format string vulnerability. This function does not properly verify the input format string.

Firmware 145

Firmware Hacking Internet Internet 145

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall 144

Firewall Hacking Firmware Internet 144

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The experts reported the two vulnerabilities to the respective vendors, but they plan to release the fixes in December 2023. and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware 140

Firmware Wireless DDOS IoT 140

Security Affairs

JANUARY 29, 2025

Named after the Aqua filename, it was first reported in November 2023. In mid-July 2024, Mitel addressed the vulnerability with the release of firmware updates. Akamai researchers spotted a new variant of the Mirai -based botnet Aquabot that is targeting vulnerable Mitel SIP phones. ” reads the report published by Akamai.

DDOS 70

DDOS Firmware Malware Firewall 70

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy.

Firewall 98

Firewall VPN Firmware Manufacturing 98

Security Affairs

FEBRUARY 7, 2024

The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances. The vulnerability CVE-2023-40547 is an RCE in http boot support that can lead to Secure Boot bypass “A remote code execution vulnerability was found in Shim. .”

Firmware 141

Firmware Hacking Information Security 141

SecureList

JULY 19, 2023

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 Some samples submitted to VirusTotal in the past were later found to exploit CVE-2023-23397; others were published after the vulnerability was publicly disclosed.

Firmware 98

Firmware Internet Internet Government 98