SecureWorld News

NOVEMBER 7, 2024

Strong authentication: Each device, no matter how small, should have strong, unique authentication measures to prevent unauthorized access. Firmware integrity checks: Regularly check that each device's firmware is up to date and verified—especially when outdated firmware is one of the most common entry points for attackers.

IoT 112

IoT Firmware Encryption Authentication 112

Schneier on Security

SEPTEMBER 17, 2020

When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.

Authentication 363

Authentication Social Engineering Firmware Encryption 363

Bleeping Computer

AUGUST 7, 2021

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [.].

Authentication 145

Authentication Firmware 145

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. The bootkit hooks UEFI authentication functions to bypass the Secure Boot mechanism and patches GRUB boot loader functions to evade additional integrity verifications.

Firmware 109

Firmware Manufacturing Malware Hacking 109

Security Affairs

NOVEMBER 5, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Organizations using VHD PTZ camera firmware < 6.3.40 reads the analysis published by GreyNoise.

Firmware 128

Firmware Manufacturing Authentication IoT 128

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication 133

Authentication Firmware VPN Manufacturing 133

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords 362

Passwords Authentication Firmware Accountability 362

Schneier on Security

NOVEMBER 15, 2019

In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsecVPN that uses a TPM to generate the digital signatures for authentication. Intel has a firmware update.

Firmware 255

Firmware Authentication Manufacturing 255

The Hacker News

APRIL 19, 2025

An improper authentication control vulnerability exists in certain ASUS router firmware series," ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. out of a maximum of 10.0. "An

Firmware 117

Firmware Authentication 117

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 127

Firmware Technology Authentication IoT 127

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. The botnet uses compromised MikroTik devices as SOCKS proxies, masking malicious traffic origins and enabling other actors to exploit them without authentication, amplifying its scale.

DNS 139

DNS Malware Firmware Authentication 139

Security Affairs

FEBRUARY 18, 2025

Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks via LDAP and SMB/FTP services. ” Organizations using Xerox VersaLink C7025 Multifunction printers should update to the latest firmware. . and earlier. ” reads the report published by Rapid7.

Firmware 68

Firmware Authentication Accountability Passwords 68

Security Affairs

JANUARY 7, 2025

score: 8.6): This vulnerability involves hard-coded credentials, an authenticated user can trigger the vulnerability to escalate privileges and gain root-level access to the system. Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. and earlier EDR-8010 Series Firmware version 3.13.1

Firmware 72

Firmware Risk Authentication Network Security 72

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall 66

Firewall Firmware Authentication VPN 66

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 363

IoT Firmware Risk Encryption 363

Heimadal Security

OCTOBER 10, 2022

On Friday, a Twitter account going by the handle “freak” shared links to what they claimed to be the UEFI firmware source code for Intel Alder Lake, which they claim was made available by 4chan. Intel confirms the source code leak for the UEFI BIOS is authentic. Alder Lake is the name of the company’s […].

Authentication 105

Authentication Firmware Accountability Cybersecurity 105

Security Affairs

JANUARY 19, 2025

Claroty researchers disclosed three vulnerabilities in Planet WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on vulnerable devices. ” The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service.

Firmware 72

Firmware IoT Wireless Surveillance 72

Security Affairs

NOVEMBER 25, 2024

According to the advisory, the attack is only possible if the device is configured to use User-Based-PSK authentication and has a valid user with a username longer than 28 characters. ” The vendor addressed these vulnerabilities with the release of firmware version 5.39 ” reads the advisory published by the vendor.

Firewall 77

Firewall Ransomware VPN Firmware 77

Security Affairs

DECEMBER 30, 2024

“At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi.” ” VulnCheck researchers reported that authenticated attackers exploited default router credentials to execute unauthenticated remote command injections.

Firmware 66

Firmware Authentication Hacking Cybersecurity 66

Tech Republic Security

MARCH 22, 2021

The security key is built on open source hardware and firmware, making it a universal factor authentication device instead of a two-factor authentication device.

Firmware 149

Firmware Authentication Cybersecurity 149

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware 98

Firmware Malware Encryption Authentication 98

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Firmware 144

Firmware Wireless Advertising Authentication 144

Security Affairs

JANUARY 24, 2025

The vulnerability is a Pre-authentication deserialization of untrusted data issue in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) that has been likely exploited in attacks in the wild as a zero-day. ” reads the advisory. and copying them out to the attacker created text file /tmp/syslog.db.

Firmware 75

Firmware Malware Authentication Mobile 75

Bleeping Computer

JUNE 15, 2024

ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. [.]

Authentication 104

Authentication Firmware 104

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 144

Firmware Authentication Hacking Software 144

Bleeping Computer

JUNE 11, 2023

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. [.]

VPN 145

VPN Firmware Authentication 145

The Hacker News

JUNE 26, 2024

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Firmware 141

Firmware Authentication 141

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The flaws affected multiple products including the following smart switches, below is the list of the impacted devices and related firmware fixes: GC108P fixed in firmware version 1.0.8.2

Firmware 130

Firmware Authentication Passwords Hacking 130

eSecurity Planet

MAY 29, 2025

They also used two additional authentication bypass techniques that havent been assigned official CVE numbers yet. Stored the backdoor in NVRAM, a memory that survives both reboots and firmware updates. Once compromised, attackers maintain control regardless of whether the device is rebooted or updated with new firmware.

Firmware 62

Firmware Internet Internet Small Business 62

Security Affairs

JULY 1, 2021

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. “In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited.” html) and the firmware image itself (.chk

Firmware 141

Firmware Authentication Encryption Passwords 141

The Hacker News

JUNE 30, 2021

The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since

Firmware 145

Firmware Authentication Network Security Cybersecurity 145

Security Affairs

MAY 1, 2025

A remote authenticated attacker with administrative privilege can exploit the flaw to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv

Firmware 70

Firmware Mobile VPN Authentication 70

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0.

Firmware 145

Firmware Technology Advertising Authentication 145

SecureList

JUNE 11, 2024

Second, terminals can be connected to other scanners, such as electronic pass readers, or support other authentication methods using built-in hardware. External appearance of the device The device has several physical interfaces, supporting four authentication methods: biometric (facial recognition), password, electronic pass, and QR code.

Firmware 134

Firmware Authentication Passwords Risk 134

Security Affairs

FEBRUARY 12, 2025

CVE-2024-40891 is very similar to CVE-2024-40890 ( observed authentication attempts , observed command injection attempts ), with the main difference being that the former is telnet-based while the latter is HTTP-based. reads the advisory published by GreyNoise. 4)C0_20170615. reads the advisory.

Authentication 74

Authentication Firmware Cybersecurity Hacking 74

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 145

Authentication Firmware Hacking Engineering 145

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145