Authentication, Firmware, Hacking and Internet

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. These are the carriers that provide Internet access to rural areas all across America. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5) CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2) CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5)

Hacking

Hacking Firmware Authentication Software

NETGEAR fixes a severe bug in its routers. Patch it asap!

Security Affairs

DECEMBER 30, 2022

The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. “NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability” reads the advisory published by the company.

Firmware

Firmware Wireless Authentication Hacking

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. A Safer Internet of Things. The post The Internet of Things Is Everywhere.

Internet

Internet Internet IoT Software

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. SecurityAffairs – hacking, Dahua cameras).

Authentication

Authentication Firmware Hacking Engineering

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” concludes Eclypsium.

Hacking

Hacking Firmware Media Authentication

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication

Authentication Firmware Hacking Passwords

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware

Firmware Authentication Hacking Software

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Security Affairs

MARCH 9, 2022

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices.

Firmware

Firmware IoT Authentication Backups

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk

Risk VPN Internet Internet

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 SecurityAffairs – hacking, QNAP NAS). ” reads the report published by 360 Netlab. .

Firmware

Firmware Advertising Malware Internet

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. Pierluigi Paganini.

Firmware

Firmware Wireless Authentication Advertising

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

The National Instruments CompactRIO product , a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications. Pierluigi Paganini.

Firmware

Firmware Manufacturing Software Authentication

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet.

IoT

IoT Firmware Internet Internet

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS

DDOS Hacking Internet Internet

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor.

Firmware

Firmware Passwords Authentication Wireless

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. SecurityAffairs – hacking, printers).

Internet

Internet Internet Firmware Advertising

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. SecurityAffairs – hacking, Medtronic). ” states the advisory. ” states the advisory. . Pierluigi Paganini.

Firmware

Firmware Authentication Mobile IoT

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

” Once the mobile app has discovered the IP address of the lights, it authenticates with them, receives an authentication token and retrieves information about the device. Experts found a flaw in the authentication process, it only authenticates the lights to the app and not visa- versa. . Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking

Hacking Firmware Advertising DDOS

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients). The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The most severe issue is the presence of Telnet backdoor accounts hardcoded in the firmware.

Firmware

Firmware Accountability Advertising Manufacturing

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. “Just like the regular dnschanger , this campaign attempts to guess the password on the router’s web authentication page or bypass the authentication through the dnscfg.

DNS

DNS Malware Firmware Phishing

Router security in 2021

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. Moreover, most of these routers had the name HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD, indicating they had already been compromised.

DDOS

DDOS Passwords IoT Firmware

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs

MARCH 22, 2023

. “An attacker can make an authenticated HTTP request to trigger this vulnerability.” The user needs to authenticate into the mesh system first, meaning they’d need to access an unprotected network or the login credentials of a password-protected network, for this attack to be successful. on January 19, 2023.

Wireless

Wireless Firmware Authentication Passwords

The Internet of Things: Security Risks Concerns

Spinone

MARCH 17, 2018

The Internet of Things (IoT) is a term used to describe the network of interconnected electronic devices with “smart” technology. billion “things” connected to the Internet , a 30% increase from 2015. 75% of Bluetooth Smart door locks have been found to have vulnerabilities that allow them to be easily hacked.

Internet

Internet Internet Risk Computers and Electronics

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012.

IoT

IoT DDOS Authentication Firmware

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Upon connecting, most clients will immediately attempt to authenticate as an administrative user in plaintext , allowing an attacker to obtain the credentials to the device.” Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Pierluigi Paganini.

IoT

IoT Hacking Manufacturing Advertising

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As Duo’s default configuration settings allow for the re-enrollment of a new device for dormant accounts, the actors were able to enroll a new device for this account, complete the authentication requirements, and obtain access to the victim network.” SecurityAffairs – hacking, Russia-linked threats actors). Pierluigi Paganini.

Accountability

Accountability Passwords Authentication Firmware

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates. SecurityAffairs – hacking, QSnatch).

Malware

Malware Firmware Advertising Manufacturing

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data. Likely the threat actors who compiled this list scanned the internet for Pulse Secure VPN servers between June 24 and July 8, 2020, and exploited the CVE-2019-11510 vulnerability to gather server details.

VPN

VPN Passwords Banking Advertising

Tenable experts found 15 flaws in wireless presentation systems

Security Affairs

MAY 2, 2019

Experts at Tenable discovered 15 vulnerabilities in eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. Experts also found a denial-of-service (DoS) flaw and credentials stored in plain text that could be accessible to authenticated users. Pierluigi Paganini.

Wireless

Wireless Firmware Advertising Authentication

Flaws in Wyze cam devices allow their complete takeover

Security Affairs

MARCH 31, 2022

The three flaws reported by the cybersecurity firm are: An authentication bypass tracked CVE-2019-9564 A stack-based buffer overflow, tracked as CVE-2019-12266 , which could lead to remote control execution. The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022.

IoT

IoT Firmware Marketing Authentication

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Security Affairs

APRIL 2, 2021

The vulnerabilities affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446 that reached end of life (EOL). The first vulnerability is an RCE issue that affects any QNAP device exposed to the Internet, it resides in the NAS web server (default TCP port 8080). SecurityAffairs – hacking, SOHO). Pierluigi Paganini.

Firmware

Firmware Internet Internet Authentication

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

The report includes MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services (IIS) servers and a list of commands used by ransomware operators observed by the researchers. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Accountability Firmware Antivirus

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Trending Sources

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

NETGEAR fixes a severe bug in its routers. Patch it asap!

3.5m IP cameras exposed, with US in the lead

An RCE in Annke video surveillance product allows hacking the device

The Internet of Things Is Everywhere. Are You Secure?

PoC exploit for 2 flaws in Dahua cameras leaked online

USBAnywhere BMC flaws expose Supermicro servers to hack

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Dark Mirai botnet spreads targeting RCE on TP-Link routers

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

CISA Order Highlights Persistent Risk at Network Edge

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Researchers warn of QNAP NAS attacks in the wild

Expert found multiple critical issues in MoFi routers

NI CompactRIO controller flaw could allow disrupting production

Realtek SDK flaws exploited to deliver Mirai bot variant

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

IoT Unravelled Part 3: Security

A daily average of 80,000 printers exposed online via IPP

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Hacking the Twinkly IoT Christmas lights

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Router security in 2021

Experts released PoC exploits for severe flaws in Netgear Orbi routers

The Internet of Things: Security Risks Concerns

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

QSnatch malware infected over 62,000 QNAP NAS Devices

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Tenable experts found 15 flaws in wireless presentation systems

Flaws in Wyze cam devices allow their complete takeover

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Stay Connected