Advertising, Firmware and Internet - Cyber Security Informer

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT

IoT DDOS Internet Internet

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on July 21, 2017.

Firmware

Firmware Advertising Malware Internet

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low.

IoT

IoT Firewall Manufacturing Computers and Electronics

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. and printers (or print servers). . Pierluigi Paganini.

Internet

Internet Internet Firmware Advertising

Tails OS version 4.5 supports the Secure Boot

Security Affairs

APRIL 10, 2020

The Tails OS allows to use the Internet anonymously and circumvent censorship by using the Tor Network, it leaves no trace on the computer users are using and uses the state-of-the-art cryptographic tools to encrypt files, emails and instant messaging. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Encryption Internet

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers.

Firmware

Firmware Internet Internet Advertising

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. WHO’S BEHIND SOCKSESCORT?

Malware

Malware VPN Internet Internet

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients). The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The most severe issue is the presence of Telnet backdoor accounts hardcoded in the firmware.

Firmware

Firmware Accountability Advertising Manufacturing

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

. “Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.” ” continues the report. Pierluigi Paganini.

Firmware

Firmware Authentication Wireless Advertising

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Flashing Firmware: Flashing BUSSide firmware inside the NodeMCU is quick and easy: # apt-get install esptool # git clone [link] # esptool --port /dev/ttyUSB0 write_flash 0x00000 BUSSide/FirmwareImages/*.bin. his majesty, the Firmware). In a couple of minutes you should get extracted the firmware. What do you do?

IoT

IoT Hacking Firmware InfoSec

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” It has a CVSSv3 base score of 8.6 , since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.”

Firmware

Firmware Surveillance IoT Passwords

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware

Firmware Surveillance Manufacturing Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack. “We recommend that Tenda router users check their firmware and make necessary update.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Internet Internet

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? For the record, KrebsOnSecurity has long advised buyers of IoT devices to avoid those advertise P2P capabilities for just this reason. A rendering of Xiongmai’s center in Hangzhou, China.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Shell DNSChanger is written in the Shell programming language and combines 25 Shell scripts that allow the malware to carry out brute-force attacks on routers or firmware packages from 21 different manufacturers. Js DNSChanger is written in JavaScript and includes 10 attack scripts designed to infect 6 routers or firmware packages.

DNS

DNS Malware Firmware Phishing

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Advertising Firewall Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. The two agencies urge organizations to ensure their devices have not been previously infected, they recommend a full factory reset of the device before performing the firmware upgrade.

Malware

Malware Firmware Advertising Manufacturing

Security Affairs newsletter Round 268

Security Affairs

JUNE 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Ransomware Hacking

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” concludes Eclypsium.

Hacking

Hacking Firmware Media Authentication

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

The list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies. ” reported ZDNet. Pierluigi Paganini.

VPN

VPN Passwords Banking Advertising

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

“Have as few internet facing devices as possible,” NERC urged in its report.” ” The flaw allowed the attackers to trigger a DoS condition in the internet-facing firewalls that were all perimeter devices used to implement the outer security layer. The case offered a stark demonstration of the risks U.S.

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them. There are no workarounds that address this vulnerability.”.

Small Business

Small Business Firmware Advertising VPN

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. The company released firmware p atches for the device in January. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking IoT Wireless Firmware

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

“One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

The Russian Government obliges national ISPs to purchase and install the probes used by SORM system that allows the Federal Security Service (FSB) to monitor Internet traffic including online communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the post published by Meduza.io

Surveillance

Surveillance Firmware Advertising Mobile

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

The security firm reported the zero-day vulnerability to Sangfor on April 3, the vendor confirmed that Sangfor VPN servers running firmware versions M6.3R1 and M6.1 The group exploited two vulnerabilities patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. are vulnerable. Pierluigi Paganini.

VPN

VPN Government Advertising Firmware

FBI warns about high-impact Ransomware attacks on U.S. Organizations

Security Affairs

OCTOBER 3, 2019

Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) warns organizations about high-impact ransomware attacks. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks. ” reads the public service announcement published by the IC3.

Ransomware

Ransomware Advertising Firmware Internet

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

“There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Authentication Advertising

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

FEBRUARY 11, 2019

“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 “Exposing your NAS on the internet (allowing remote access) is always a high risk thing to do (at least without a properly deployed remote access VPN and/or 2FA on all existing user accounts)!”

Antivirus

Antivirus Firmware Advertising Manufacturing

Initial fixes for Cisco RV320 and RV325 routers were incomplete

Security Affairs

MARCH 30, 2019

After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them. Firmware updates that address this vulnerability are not currently available. There are no workarounds that address this vulnerability.”.

Small Business

Small Business Firmware Advertising Engineering

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. The researchers reported the issue to Zyxel at the end of June, the vendor released hotfixes and firmware updates at the end of August. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

Security Affairs

OCTOBER 8, 2020

Recently QNAP published a security advisory urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The application is updated. Pierluigi Paganini.

Encryption

Encryption Firmware Advertising Ransomware

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

JANUARY 16, 2023

Milisic discovered pre-loaded malware into its firmware. Milisic purchased the T95 Android TV box to run Pi-hole , which is a Linux network-level advertisement and Internet tracker blocking application. The malicious code embedded in the firmware of the device acts like the Android CopyCat malware.

Malware

Malware DNS Firmware Internet

Using iPhones and AirTags to sneak data out of air-gapped networks

Malwarebytes

MAY 13, 2021

A researcher has found out that it is possible to upload arbitrary data from non-internet-connected devices by sending Bluetooth Low Energy (BLE) broadcasts to nearby Apple devices that will happily upload the data for you. To demonstrate their point, they released an ESP32 firmware that turns the micro-controller into an (upload only) modem.

Internet

Internet Internet Firmware Mobile

Roughly 500,000 Ubiquiti devices may be affected by flaw already exploited in the wild

Security Affairs

FEBRUARY 4, 2019

Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquiti installs exposed online. Ubiquiti is aware of the issue and is currently working on a firmware update that will address it anyway it is trying to downplay it.

DDOS

DDOS Advertising Firmware Hacking

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reads the alert published by Rapid7.

DDOS

DDOS Firmware Firewall VPN

How to Reverse Engineer, Sniff & Bruteforce Vulnerable RF Adult Toys with WHID Elite

Security Affairs

AUGUST 2, 2019

With all these data we can finally compose the packet that is transmitted to trigger the Vibration mode: Now we are ready to give it a try with the Standalone Firmware of WHID Elite and see if it is able to decode them too. Which means, we can easily fuzz and thus exhaust the space between them with the main WHID Elite Firmware.

Engineering

Engineering Firmware InfoSec Advertising

Tenable experts found 15 flaws in wireless presentation systems

Security Affairs

MAY 2, 2019

Tenable started reporting the vulnerabilities to vendors in January, but at the time of the public disclosure, only Extron and Barco have released firmware updates. Waiting for the fix, users have to configure their environments to avoid these systems being exposed to the internet. Pierluigi Paganini.

Wireless

Wireless Firmware Advertising Authentication

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

Rockwell has released firmware updates that address the vulnerability for the affected controllers. Below the recommendations published by Rockwell Automation to minimize the risk of exploitation of this vulnerability: Update to the latest available firmware revision that addresses the associated risk. Pierluigi Paganini.

Firmware

Firmware Social Engineering Advertising Malware

Roughly 500,000 Ubiquity devices may be affected by flaw already exploited in the wild

Security Affairs

FEBRUARY 4, 2019

Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquity installs exposed online. Ubiquity is aware of the issue and is currently working on a firmware update that will address it anyway it is trying to downplay it.

DDOS

DDOS Advertising Firmware Internet

QNAP urges users to update NAS firmware and app to prevent infections

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Trending Sources

Researchers warn of QNAP NAS attacks in the wild

P2P Weakness Exposes Millions of IoT Devices

A daily average of 80,000 printers exposed online via IPP

Tails OS version 4.5 supports the Secure Boot

79 Netgear router models affected by a dangerous Zero-day

Who and What is Behind the Malware Proxy Service SocksEscort?

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Expert found multiple critical issues in MoFi routers

Hacking IoT & RF Devices with BürtleinaBoard

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Guardzilla Security Video System Footage exposed online

Botnet operators target multiple zero-day flaws in LILIN DVRs

New Ttint IoT botnet exploits two zero-days in Tenda routers

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

3.5m IP cameras exposed, with US in the lead

Naming & Shaming Web Polluters: Xiongmai

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Juniper Networks addressed many issues in its products

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs newsletter Round 268

USBAnywhere BMC flaws expose Supermicro servers to hack

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

DoS attack the caused disruption at US power utility exploited a known flaw

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Maze ransomware operators claim to have breached LG Electronics

Expert found Russia’s SORM surveillance equipment leaking user data

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

FBI warns about high-impact Ransomware attacks on U.S. Organizations

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

A mysterious code prevents QNAP NAS devices to be updated

Initial fixes for Cisco RV320 and RV325 routers were incomplete

Some Zyxel devices can be hacked via DNS requests

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

T95 Android TV Box sold on Amazon hides sophisticated malware

Using iPhones and AirTags to sneak data out of air-gapped networks

Roughly 500,000 Ubiquiti devices may be affected by flaw already exploited in the wild

Multiple DDoS botnets were observed targeting Zyxel devices

How to Reverse Engineer, Sniff & Bruteforce Vulnerable RF Adult Toys with WHID Elite

Tenable experts found 15 flaws in wireless presentation systems

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Roughly 500,000 Ubiquity devices may be affected by flaw already exploited in the wild

Stay Connected