Security Affairs

JANUARY 17, 2025

ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

Firmware 110

Firmware Technology Software Manufacturing 110

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 136

Firmware Mobile Technology Hacking 136

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. A previously unknown UEFI application, named bootkit.efi, was uploaded to VirusTotal in November 2024. reads the advisory published by ESET. Vulnerable models include IdeaPad, Legion, and Yoga series.

Firmware 108

Firmware Manufacturing Malware Authentication 108

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 126

Firmware Spyware Hacking Information Security 126

Security Affairs

FEBRUARY 4, 2025

Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). AMD released a microcode and SEV firmware update to address the issue, requiring a BIOS update and reboot for attestation verification.

Encryption 99

Encryption Firmware Hacking Information Security 99

Security Affairs

JANUARY 7, 2025

Below are the descriptions for both vulnerabilities: CVE-2024-9138 (CVSS 4.0 CVE-2024-9140 : (CVSS 4.0 CVE-2024-9140 : (CVSS 4.0 Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected devices include various EDR, NAT, and OnCell series on firmware 3.13.1

Firmware 71

Firmware Risk Authentication Network Security 71

Security Affairs

JANUARY 19, 2025

” The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service. CVE-2024-48871 (CVSS score: 9.8) – Stack-based buffer overflow lets unauthenticated attackers execute remote code via malicious HTTP requests. ” concludes the report. .

Firmware 71

Firmware IoT Wireless Surveillance 71

Security Affairs

DECEMBER 19, 2024

Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024. Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December 11, 2024. ” read the report published by Juniper Networks.

DDOS 67

DDOS Firmware Firewall Passwords 67

Security Affairs

SEPTEMBER 4, 2024

Google addressed a high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), in its Android operating system that is under active exploitation in the wild. The vulnerability CVE-2024-32896 is a privilege escalation in the Android Framework component. ” reads the Bulletin for September 2024.

Firmware 126

Firmware Mobile Hacking Information Security 126

Security Affairs

FEBRUARY 18, 2025

The vulnerabilities are: CVE-2024-12511: SMB / FTP pass-back vulnerability CVE-2024-12510: LDAP pass-back vulnerability The vulnerabilities impact Xerox Versalink MFPs and Firmware Version: 57.69.91 ” Organizations using Xerox VersaLink C7025 Multifunction printers should update to the latest firmware. and earlier.

Firmware 67

Firmware Authentication Accountability Passwords 67

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14

Firewall 84

Firewall VPN Accountability Firmware 84

Security Affairs

MAY 1, 2025

SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475 , in its SMA100 Secure Mobile Access appliances. CVE-2024-38475 (CVSS score: 9.8) – Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier.

Firmware 69

Firmware Mobile Authentication VPN 69

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. TheMiraivariant incorporates ChaCha20 and XOR decryption algorithms.

Manufacturing 90

Manufacturing Malware Firmware IoT 90

Security Affairs

DECEMBER 30, 2024

Cybersecurity firm VulnCheck warns that a high-severity flaw, tracked as CVE-2024-12856 (CVSS score: 7.2), in Four-Faith routers is actively exploited in the wild. “At least firmware version 2.0 “At least firmware version 2.0 ” reads the advisory. ” reads the report published by VulnCheck.

Firmware 66

Firmware Authentication Hacking Cybersecurity 66

Security Affairs

MAY 2, 2025

CVE-2024-38475 (CVSS score: 9.8) During further analysis, SonicWall and trusted security partners identified an additional exploitation technique using CVE-2024-38475, through which unauthorized access to certain files could enable session hijacking. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv

Firmware 71

Firmware Authentication VPN Mobile 71

Security Affairs

FEBRUARY 12, 2025

CVE-2024-40891 is very similar to CVE-2024-40890 ( observed authentication attempts , observed command injection attempts ), with the main difference being that the former is telnet-based while the latter is HTTP-based. reads the advisory published by GreyNoise. 4)C0_20170615. reads the advisory.

Authentication 73

Authentication Firmware Cybersecurity Hacking 73

Security Affairs

JANUARY 29, 2025

The bot targets the command injection vulnerability CVE-2024-41710 that impacts Mitel models. ” The malware targets the flaw CVE-2024-41710 that affects Mitel 6800, 6900, and 6900w series SIP phones, including the 6970 Conference Unit through R6.4.0.HF1 Named after the Aqua filename, it was first reported in November 2023.

DDOS 69

DDOS Firmware Malware Firewall 69

Security Affairs

SEPTEMBER 16, 2024

D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698. DIR-X4860 A1 firmware version 1.00, 1.04

Wireless 132

Wireless Firmware Manufacturing Hacking 132

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. ” The vendor addressed these vulnerabilities with the release of firmware version 5.39 ” reads the advisory published by the vendor.

Firewall 76

Firewall Ransomware VPN Firmware 76

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 135

Firmware Authentication Engineering Hacking 135

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall 66

Firewall Firmware Authentication VPN 66

Security Affairs

JUNE 25, 2024

Researchers at the Shadowserver Foundation warn that a Mirai -based botnet has started exploiting a recently disclosed vulnerability tracked as CVE-2024-29973 (CVSS score 9.8) The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 13)C0 and older.

Firmware 126

Firmware Hacking Cybercrime Information Security 126

Security Affairs

AUGUST 6, 2024

Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting the Android kernel. “There are indications that CVE-2024-36971 may be under limited, targeted exploitation.”

Firmware 132

Firmware Spyware Hacking Technology 132

Security Affairs

FEBRUARY 28, 2025

In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. In May 2024, an international law enforcement operation led by the U.S.

Antivirus 66

Antivirus Firmware Encryption Manufacturing 66

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. ” reads the Android Security Bulletin—April 2024. ” reads the Android Security Bulletin—April 2024. Google addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices.

Spyware 136

Spyware Firmware Hacking Information Security 136

Security Affairs

JUNE 14, 2024

CVE-2024-26169 is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges. CVE-2024-4358 is an authentication bypass vulnerability that an unauthenticated attacker can exploit to gain access to Telerik Report Server restricted functionality.

Firmware 132

Firmware Authentication Hacking Risk 132

Security Affairs

NOVEMBER 27, 2024

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. A previously unknown UEFI application, named bootkit.efi, was uploaded to VirusTotal in November 2024. ” reads the advisory published by ESET.

Firmware 64

Firmware Authentication Malware Hacking 64

Security Affairs

JUNE 5, 2024

Below is the list impacting the Zyxel NAS devices: CVE-2024-29972 : This command injection vulnerability in the CGI program “remote_help-cgi” in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. 13)C0 and older. 13)C0 and older.

Firmware 128

Firmware Authentication Manufacturing Hacking 128

SecureList

OCTOBER 23, 2024

On May 13, 2024, our consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. According to the blog, Microsoft had also been tracking the campaign and associated websites since February 2024.

Engineering 145

Engineering Social Engineering Accountability Cryptocurrency 145

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking 125

Hacking IoT Firmware Cybersecurity 125

Security Affairs

JUNE 19, 2024

” The seller states that the files were stolen in June 2024. The allegedly stolen data includes information on future products, datasheets, employee and customer databases, property files, firmware, source code, and financial documentation.

Data breaches 139

Data breaches Firmware Cybercrime Media 139

Security Affairs

JANUARY 14, 2024

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230.

Firmware 140

Firmware Hacking Information Security 140

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. CISA orders federal agencies to fix these vulnerabilities by June 6, 2024. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, CISA )

Firmware 131

Firmware Authentication Passwords Hacking 131

Security Affairs

JUNE 16, 2024

ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL). score: 9.8), impacting seven router models. impacting multiple devices. impacting multiple devices.

Authentication 132

Authentication Firmware Manufacturing VPN 132

Security Affairs

SEPTEMBER 4, 2024

The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) “D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44341) via the lan(0)_dhcps_staticlist parameter. are two OS command injection issues. ” reads the advisory. 0)_ssid parameter.”

Firmware 124

Firmware IoT Authentication Hacking 124

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. Hack-and-leak is the new black (and bleak) In April, we reported KelvinSecurity, a hacktivist and black hat Spanish-speaking group. Drone hacking!

Hacking 141

Hacking Energy and Utilities Malware Media 141

Security Affairs

AUGUST 26, 2024

SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), in its firewalls. However SonicWall recommends youinstall the latest firmware. .” However SonicWall recommends youinstall the latest firmware. ” reads the advisory published by the vendor.

Firewall 127

Firewall Firmware Malware Internet 127