Architecture, Firmware, Hacking and Information Security

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system.

Firmware

Firmware DNS Advertising Architecture

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0. .

Firmware

Firmware Technology Advertising Authentication

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence. SecurityAffairs – hacking, CISA).

Malware

Malware Firmware Architecture Firewall

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware VPN Firewall

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices. Pierluigi Paganini.

Architecture

Architecture DDOS Advertising Firmware

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. For example, a new firmware version will not physically remove shared memory from a chip or adjust for arbitrary jitter in a serial protocol. ” concludes the paper.

Wireless

Wireless Firmware Mobile Passwords

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event.

DDOS

DDOS Engineering Firmware Architecture

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. “The continuous evolution and rapid addition of new capabilities in the latest Zerobot version underscores the urgency of implementing comprehensive security measures.”

IoT

IoT DDOS Malware Firmware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager

Security Affairs

MARCH 18, 2022

In fact, Ericsson Network Manager is an Operations support system (‘OSS’ according to network jargon) , which allows the management of all the devices interconnected to it, ensuring the management of configurations, firmware updates and all automation and maintenance operations of an advanced mobile radio network. Pierluigi Paganini.

Mobile

Mobile Firmware Architecture Technology

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Security Affairs

JUNE 18, 2019

.” The RCE flaw affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered. The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered.

Architecture

Architecture Firmware Advertising IoT

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities. Threat actors compromised third-party software or the installation of malware-laced firmware. The experts speculate the attack vector employed by the Lemon Group is a supply chain attack.

Mobile

Mobile Advertising Malware Cybercrime

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

The only way to recover infected devices is to manually reinstall the device’s firmware. The IoT malware is targeting any Unix-like system with default login credentials, according to Cashdollar it leverages a Bash shell version to target any architecture running a Unix like OS. SecurityAffairs – Silex malware, hacking).

IoT

IoT Malware Advertising Firmware

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

Security Affairs

AUGUST 17, 2022

Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak ( CVE-2022-21233 ) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs.

Architecture

Architecture Firmware Software Information Security

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

The IP addresses used for fetching the payloads in Figure 9 (above) were generally the open directories where malicious payloads for different architectures were hosted by the attacker (see Figure 10). Keep systems and firmware updated with the latest releases and patches. SecurityAffairs – hacking, Mirai). executes the payload.

Malware

Malware DDOS IoT Firmware

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

In order to determine what miner to deliver, the bot collects system information, such as manufacturer, hardware details, and processor architecture. The script for a. sh reveals shows that the attackers can choose from three different miners. The bot also attempts to lock out other threats by modifying /etc/hosts.

Cryptocurrency

Cryptocurrency Malware Advertising Firmware

The Hacker Mind Podcast: The Hacker Revolution Will Be Televised

ForAllSecure

FEBRUARY 22, 2023

He’s played in ten final DEF CON CTFs, was a part of DARPA’s Cyber Grand Challenge, and recently he’s moderated the live broadcast of the annual Hack-A-Sat competition. It’s about challenging our expectations about people who hack for a living. VAMOSI: I am not a gamer. So I started in my career as a network.

Engineering

Engineering Hacking Wireless Marketing

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

Unique Considerations for Infusion Pump Hacking. Designed for Safety Rather than Security. Due to the potential critical impact and the state of medical device security, many previous projects didn’t need to dig very deep to find security issues or concerns. Figure 2: System Architecture. Initial Access.

Computers and Electronics

Computers and Electronics Authentication Software Risk

Kali Linux 2023.3 Release (Internal Infrastructure & Kali Autopilot)

Kali Linux

AUGUST 22, 2023

Internal Infrastructure With the release of Debian 12 which came out this summer, we took this opportunity to re-work, re-design, and re-architecture our infrastructure. Build-Logs - Output of our images/platform as well as packages being created on each supported architecture. The highlights of the changelog since the 2023.2

Architecture

Architecture Firmware Firewall Software

What is Incident Response? Ultimate Guide + Templates

eSecurity Planet

JULY 25, 2023

Remote access trojans (RATs): RATs can be used to remotely gain control of a machine, placing the user’s privacy and security at risk. Once attackers have access, they may steal sensitive data, install malicious software or use the hacked machine as a launchpad for further cyber attacks on systems within the network.

Software

Software Data breaches DDOS Ransomware

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

. “ Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful login attempts. Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 are vulnerable to this pre-authentication command injection vulnerability.

DDOS

DDOS Authentication Advertising Firmware

Cyber Security Roundup for March 2021

Security Boulevard

FEBRUARY 28, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. From IoT devices to internet-based services, the security of countless devices and web-based services' are dependant upon a secure Linux account privilege model.

Energy and Utilities

Energy and Utilities Ransomware DDOS Accountability

Cyber Security Informer

Android devices shipped with backdoored firmware as part of the BADBOX network

Western Digital customers have to update their My Cloud devices to latest firmware version

Trending Sources

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Second-ever UEFI rootkit used in North Korea-themed attacks

AMD is going to patch UEFI SMM callout privilege escalation flaw

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

US and UK link new Cyclops Blink malware to Russian state hackers?

Multiple DDoS botnets were observed targeting Zyxel devices

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

A new Mirai botnet variant targets TP-Link Archer A21

A new Zerobot variant spreads by exploiting Apache flaws

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager

Mozi Botnet is responsible for most of the IoT Traffic

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Silex malware bricks thousands of IoT devices in a few hours

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

Mirai code re-use in Gafgyt

Android Botnet leverages ADB ports and SSH to spread

The Hacker Mind Podcast: The Hacker Revolution Will Be Televised

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Kali Linux 2023.3 Release (Internal Infrastructure & Kali Autopilot)

What is Incident Response? Ultimate Guide + Templates

Mukashi, the new Mirai variant that targets Zyxel NAS

Cyber Security Roundup for March 2021

Stay Connected