Accountability, Firmware and Information Security

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev.

Firmware

Firmware Authentication Passwords Hacking

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. Patch1 in Dec. patch 0).

Firewall

Firewall VPN Firmware Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.

Firmware

Firmware Passwords Accountability VPN

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. and having IPsec enabled.

Firmware

Firmware Education Media Hacking

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data.

Firmware

Firmware Accountability Advertising Manufacturing

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

“It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. The CVE–2022–36158 flaw is a hidden system command web page that was discovered performing reverse engineering of the firmware used by the device. ” reads the advisory published by Contec. ” continues the researchers.

Wireless

Wireless Firmware Passwords Engineering

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. The company states that devices running the Nebula cloud management mode are not impacted.

VPN

VPN Firewall Firmware Authentication

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. Several websites and multiple social media accounts exist all touting their password “crackers.””

Passwords

Passwords Software Firmware Malware

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

On February 10, 2020, the Taiwanese manufacturer DrayTek issued a security bulletin to address the vulnerability with the release of the firmware program 1.5.1. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later. .”

Firmware

Firmware VPN Accountability Advertising

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware DDOS Passwords Backups

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Firmware Antivirus Accountability

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

One of the members of the group, Tillie Kottmann, revealed that they have gained access to these surveillance cameras using a super admin account for the surveillance company Verkada. Once Verkada became aware of the hack, it has disabled all internal administrator accounts to prevent any unauthorised access.

Surveillance

Surveillance Hacking Banking Firmware

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. ransomware and phishing scams).

Ransomware

Ransomware Passwords Backups Firmware

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. “We chose the simplest approach, reading /etc/shadow and using hashcat cracking the root account password (which turned out to be root:root). ” reads an advisory published by Claroty.

Firmware

Firmware Authentication Passwords Manufacturing

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability

Accountability Passwords Authentication Firmware

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Anonymous: Operation Russia after 100 days of war GitLab addressed critical account take over via SCIM email change LuoYu APT delivers WinDealer malware via man-on-the-side attacks Clipminer Botnet already allowed operators to make at least $1.7 If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Firmware Ransomware Scams

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

Soliton addressed both flaws in FileZen solutions with the release of firmware versions V4.2.8 The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. and V5.0.3.

System Administration

System Administration Firmware Government Hacking

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

The alert also includes the following recommended mitigations to prevent ransomware attacks: Ensure backups are secure and are disconnected from the network at the conclusion of each backup session. Audit user accounts regularly, particularly Remote Monitoring and Management accounts that are publicly accessible.

Ransomware

Ransomware Backups Firmware Accountability

Security Affairs newsletter Round 376 by Pierluigi Paganini

Security Affairs

JULY 31, 2022

Security Affairs newsletter Round 375 by Pierluigi Paganini A database containing data of 5.4 million Twitter accounts available for sale. The post Security Affairs newsletter Round 376 by Pierluigi Paganini appeared first on Security Affairs. and Blackmatter ransomware U.S. Pierluigi Paganini.

Firmware

Firmware Surveillance Malware DDOS

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Ransomware

Ransomware Firmware Advertising Insurance

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

APT28 group deployed Python scripts on compromised EdgeRouters to collect and validate stolen webmail account credentials. The webmail account credentials were collected via cross-site scripting and browser-in-the-browser spear-phishing campaigns. Upgrade to the latest firmware version. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

The researchers analyzed the firmware and set up a 2G base station in order to intercept and analyze the devices’ communications. Itel it2160 – The device was spotted transferring some info to the domain asv.transsion.com (Country, Model, Firmware version, Language. Inoi 101 – Clean. What to do?

Mobile

Mobile Malware Firmware Manufacturing

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

“In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.” Install Security Counselor and run with Intermediate Security Policy (or above). Install a firewall.

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Accountability Firmware Antivirus

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The FBI is seeking any information that can be shared related to the operations of the BlackCat ransomware operation. Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. hard drive, storage device, the cloud).

Ransomware

Ransomware Antivirus Passwords Malware

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5) of PowerPanel Enterprise software and version 1.44.08042023 of the Dataprobe iBoot PDU firmware. Each should be reachable only from within your organization’s secure intranet. CVE-2023-3261: Buffer Overflow (DOS; CVSS 7.5)

Hacking

Hacking Firmware Authentication Software

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

“The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [ T1098 ] for ESXi servers in the environment. Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. administrative?accounts,

Ransomware

Ransomware VPN Cybercrime Accountability

An educational robot security research

SecureList

FEBRUARY 27, 2024

Possible attack vectors Parents app The robot needs to be linked to a parent’s account before it can be used. From a security researcher’s perspective, this application is particularly interesting because it allows calling to the robot, and monitoring the child’s activities and learning progress.

Education

Education Manufacturing Firmware Internet

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware

Ransomware Encryption Passwords Internet

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes. Use multi-factor authentication wherever possible. Consider installing and using a VPN.

Education

Education Ransomware Phishing Passwords

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event.

DDOS

DDOS Engineering Firmware Architecture

Security Affairs newsletter Round 347

Security Affairs

JANUARY 2, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber stories of 2021 PulseTV discloses potential credit card breach The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched How to implant a malware in hidden (..)

Banking

Banking Firmware Malware Ransomware

Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web

Security Affairs

JUNE 15, 2021

Dark Web actors are actively leveraging such tools known as ‘anti-detect’ which enables account takeover (ATO) – to access compromised consumer accounts of various online-services and e-mail providers, also granting the ability to perform fraudulent transactions without being flagged by the current anti-fraud solutions.

Mobile

Mobile Authentication Accountability Cyber threats

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

This document assumes that organizations that fail to meet the update standard due to lack of resources will not hold their IT Department accountable when overworked or overloaded. Broader is always better to control risks, but can be more costly.] Vulnerability Management Policy & Procedure A. Appendix I.

Penetration Testing

Penetration Testing Risk Firmware Software

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

. • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. • Only use secure networks and avoid using public Wi-Fi networks. .

Ransomware

Ransomware Encryption Passwords Malware

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Manufacturing Passwords Internet

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Android devices shipped with backdoored firmware as part of the BADBOX network

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

Expert found a secret backdoor in Zyxel firewall and VPN

Webinars

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

HP would take up to 90 days to fix a critical bug in some business-grade printers

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Interview With a Crypto Scam Investment Spammer

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Hackers target zero-day flaws in enterprise Draytek network devices

MSI confirms security breach after Money Message ransomware attack

Avoslocker ransomware gang targets US critical infrastructure

Ranzy Locker ransomware hit tens of US companies in 2021

White hat hackers gained access more than 150,000 surveillance cameras

FBI warns of ransomware attacks targeting the food and agriculture sector

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs newsletter Round 368 by Pierluigi Paganini

Hackers are targeting Soliton FileZen file-sharing servers

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs newsletter Round 376 by Pierluigi Paganini

Security Affairs newsletter Round 284

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Dovecat crypto-miner is targeting QNAP NAS devices

BlackByte ransomware breached at least 3 US critical infrastructure organizations

BlackCat Ransomware gang breached over 60 orgs worldwide

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Daixin Team targets health organizations with ransomware, US agencies warn

An educational robot security research

New Checkmate ransomware target QNAP NAS devices

FBI warns of increase in PYSA ransomware attacks targeting education

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs newsletter Round 347

Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web

Vulnerability Management Policy Template

FBI published a flash alert on Mamba Ransomware attacks

FBI warns of ransomware threat to food and agriculture

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Stay Connected