Architecture, Authentication, Firmware and Hacking

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0. .

Firmware

Firmware Technology Advertising Authentication

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

The Security Ledger

APRIL 11, 2019

Supply chain hacks like ME Docs and ASUS aren't inevitable. Supply chain hacks like ME Docs and ASUS aren’t inevitable. Software supply chain hacks are a growing problem. The attackers distributed a malicious file that masqueraded as an authentic software update, signed with legitimate ASUS digital certificates.

Hacking

Hacking Architecture IoT Software

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

eSecurity Planet

NOVEMBER 4, 2021

The unranked list contains 12 entries that categorize data found in hardware programming, design, and architecture. CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. The most popular firmware is BIOS and UEFI.

Software

Software Firmware Computers and Electronics Risk

Zero Trust: Can It Be Implemented Outside the Cloud?

eSecurity Planet

MAY 11, 2023

government and others, we are still no closer to seeing zero trust architecture widely adopted. I am very surprised that the cyber insurance industry has not required zero trust architecture already, but perhaps the $1.4 All resource authentication and authorization are dynamic and strictly enforced before access is allowed.

Insurance

Insurance Cyber Insurance Architecture Authentication

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk

Risk VPN Internet Internet

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 are vulnerable to this pre-authentication command injection vulnerability. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. The vendor advisory is also available. reads the advisory published by CERT/CC.

DDOS

DDOS Authentication Advertising Firmware

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

7fe8e2efba37466b5c8cd28ae6af2504484e1925187edffbcc63a60d2e4e1bd8 and 25461130a268f3728a0465722135e78fd00369f4bccdede4dd61e0c374d88eb8 ) also contained multiple exploits, like the RCE exploit in Huawei Routers and the authentication bypass exploit in GPON Home Routers (see Figure 6, 7, 8). SecurityAffairs – hacking, Mirai).

Malware

Malware DDOS IoT Firmware

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

In September 2016, source code of one of the most popular botnets named Mirai was leaked and uploaded to one of the hacking community forums, and later uploaded to GitHub with detailed information on the botnet, its infrastructure, configuration and how to build it. Install security and firmware upgrades from vendors, as soon as possible.

Malware

Malware IoT Authentication Antivirus

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

JULY 19, 2023

The connection to the remote SMB server sends the user’s Net-NTLMv2 hash in a negotiation message, which the threat actor can use to either: Relay for authentication against other systems that support NTLMv2 authentication. Perform offline cracking to extract the password.

Firmware

Firmware Internet Internet Government

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported.” In order to determine what miner to deliver, the bot collects system information, such as manufacturer, hardware details, and processor architecture. The script for a.

Cryptocurrency

Cryptocurrency Malware Advertising Firmware

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2). Unique Considerations for Infusion Pump Hacking. Lastly, the pump runs its own custom Real Time Operating System (RTOS) and firmware on a M32C microcontroller.

Computers and Electronics

Computers and Electronics Authentication Software Risk

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

It’s more than someone hacking into your smart light bulbs and turning on all the lights in your home. Staying current with firmware patches and updates is also key to enabling robust security. . Implement identity management best practices through authentication and authorization methods. Don’t Forget the Application Layer.

Internet

Internet Internet IoT Software

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Another type of service sold on the dark web is IoT hacking. Cameras may be hacked for their CPU power only, to mine crypto, or to install DDoS utilities.

IoT

IoT DDOS Passwords Malware

Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Webinars

Trending Sources

Second-ever UEFI rootkit used in North Korea-themed attacks

Webinars

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

Zero Trust: Can It Be Implemented Outside the Cloud?

CISA Order Highlights Persistent Risk at Network Edge

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Mukashi, the new Mirai variant that targets Zyxel NAS

Mirai code re-use in Gafgyt

BotenaGo strikes again – malware source code uploaded to GitHub

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

Android Botnet leverages ADB ports and SSH to spread

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

The Internet of Things Is Everywhere. Are You Secure?

Overview of IoT threats in 2023

Stay Connected