2023, Firmware, Information Security and Internet

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.” MR5 (18.5.5), v19.0

Firmware

Firmware Firewall Internet Internet

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall

Firewall Hacking Firmware Internet

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The experts reported the two vulnerabilities to the respective vendors, but they plan to release the fixes in December 2023. and earlier. The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0

Firmware

Firmware Wireless DDOS IoT

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN DDOS

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS

DDOS Firmware VPN Firewall

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

” reads the advisory published by the security firm. “Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. for the RAX30 router family.

Hacking

Hacking Firmware Authentication DNS

ASUS routers are affected by three critical remote code execution flaws

Security Affairs

SEPTEMBER 6, 2023

The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_iperf3_svr.cgi API has a format string vulnerability. This function does not properly verify the input format string.

Firmware

Firmware Hacking Internet Internet

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware

Firmware VPN Wireless Passwords

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

The researchers presented their findings at the DEFCON security conference today. The nine vulnerabilities have received CVE between CVE-2023-3259 through CVE-2023-3267. Below is the list of flaws discovered by the researchers: CyberPower PowerPanel Enterprise: CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7)

Hacking

Hacking Firmware Authentication Software

QNAP fixed Sudo privilege escalation bug in NAS devices

Security Affairs

MARCH 29, 2023

Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. The vulnerability was discovered by security firm Synacktiv, it is a sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit.

Firmware

Firmware Hacking Internet Internet

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure. Below is the timeline of the attack published on ruexfil.com: Initial access June 2023. Access to 112 Emergency Service.

Malware

Malware Firmware IoT Hacking

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.

Scams

Scams DDOS Cryptocurrency Accountability

An educational robot security research

SecureList

FEBRUARY 27, 2024

” For instance, educational robots that connect to the internet and support video calls. ” Interactive features include gaming and educational applications for children, a voice assistant, internet access and connection to the parent app for smartphones. In other words, this is a “tablet on wheels.”

Education

Education Manufacturing Firmware Internet

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” ” The second campaign was spotted in December 2022 when the researchers discovered an exploit chain targeting the latest version of the Samsung Internet Browser using multiple zero-days and n-days. ” concludes the report.

Spyware

Spyware Surveillance Firmware Internet

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Kali Linux 2024.1 Release (Micro Mirror)

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. For anyone interested in Internet infrastructure, we encourage you to read it, that’s a well-written blog post right there, waiting for you. That was intriguing.

Software

Software Firmware VPN Internet

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Approval Date: 5/12/2023 Description: Initial Policy Drafted [This section can also be made into a Policy Version History with a table of previous versions and approvals.] Broader is always better to control risks, but can be more costly.] Vulnerability Management Policy & Procedure A. Policy Version Version 1.0 Appendix I.

Penetration Testing

Penetration Testing Risk Firmware Software

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. In 2023 attacks observed by Lumen, the bot targeted ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380 router models. The attack only impacted a single ASN.

Malware

Malware Internet Internet Firmware

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. through 5.35.

Firewall

Firewall Firmware Cyber Attacks VPN

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

The Unseen Threats: Anticipating Cybersecurity Risks in 2024

Security Boulevard

JANUARY 18, 2024

I first explored and predicted the impacts several years ago and called out multiple shifts for the 2023 predictions. Research efforts will also scale across applications, operating systems, firmware, and hardware. Aggressive nations have a ripple effect on the entire cybersecurity industry. In 2024: 1. In 2024: 1.

Risk

Risk Cybersecurity CISO Technology

Cyber Security Informer

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Trending Sources

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Widespread exploitation by botnet operators of Zyxel firewall flaw

Multiple DDoS botnets were observed targeting Zyxel devices

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

ASUS routers are affected by three critical remote code execution flaws

ASUS addressed critical flaws in some router models

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

QNAP fixed Sudo privilege escalation bug in NAS devices

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Interview With a Crypto Scam Investment Spammer

An educational robot security research

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Google TAG shares details about exploit chains used to install commercial spyware

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Kali Linux 2024.1 Release (Micro Mirror)

Vulnerability Management Policy Template

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

The Unseen Threats: Anticipating Cybersecurity Risks in 2024

Stay Connected