Authentication, Firmware, Information Security and Malware

NETGEAR fixes a severe bug in its routers. Patch it asap!

Security Affairs

DECEMBER 30, 2022

The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. “NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability” reads the advisory published by the company.

Firmware

Firmware Wireless Authentication Hacking

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware

Firmware Firewall Authentication VPN

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware

Firmware Authentication Hacking Software

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

. “Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” for the RAX30 router family.

Hacking

Hacking Firmware Authentication DNS

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs. The vulnerabilities discovered by the security duo impacts the Wincor Cineo ATMs with the RM3 and CMD-V5 dispensers. Both issues received a CVSSv3.0

Hacking

Hacking Firmware Encryption Manufacturing

Security Affairs newsletter Round 376 by Pierluigi Paganini

Security Affairs

JULY 31, 2022

increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S. and Blackmatter ransomware U.S. and Blackmatter ransomware U.S.

Firmware

Firmware Surveillance Malware DDOS

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. The flaw could be exploited by an attacker to remotely execute code taking over the device. ” states the advisory.

Firmware

Firmware Authentication Mobile IoT

Security Affairs newsletter Round 387

Security Affairs

OCTOBER 9, 2022

BlackByte Ransomware abuses vulnerable driver to bypass security solutions Unpatched remote code execution flaw in Zimbra Collaboration Suite actively exploited VMware fixed a high-severity bug in vCenter Server Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy Hacker stole $566 million worth (..)

Data breaches

Data breaches Firmware Ransomware Hacking

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws.

IoT

IoT Firmware Internet Internet

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

Threat actors can also compromise a data center by establishing a backdoor and abuse systems and devices spread malware on a large scale. The researchers presented their findings at the DEFCON security conference today. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5)

Hacking

Hacking Firmware Authentication Software

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware

Ransomware Backups Media Malware

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. ” states the report published by Eye security.

Firmware

Firmware Passwords Authentication Wireless

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

“Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” ” reads the security advisory published by CISA. Update the firmware on CompactRIO controllers to v8.5

Firmware

Firmware Manufacturing Software Authentication

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The court order allowed authorities to use the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Disable unused ports.

Ransomware

Ransomware DDOS Passwords Backups

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “ Gafgyt ,”some of them re-used Mirai code. . Gafgyt (also known as Bashlite) is a prominent malware family for *nix systems, which mainly target vulnerable IoT devices like Huawei routers, Realtek routers and ASUS devices.

Malware

Malware DDOS IoT Firmware

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm. Crashes generally trigger a fatal assertion, segmentation faults due to a buffer or heap overflow within the SoC firmware.

Firmware

Firmware Manufacturing IoT Technology

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. ” reads the analysis published by the experts.

Firmware

Firmware Accountability Advertising Manufacturing

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Use multifactor authentication where possible. hard drive, storage device, the cloud).

Ransomware

Ransomware Antivirus Passwords Malware

D-Link addressed 5 flaws on some router models, some of them reached EoL

Security Affairs

JULY 25, 2020

Unfortunately, some of the impacted models have reached their End-of-Support (“EOS”)/ End-of-Life (“EOL”) date, which means they wouldn’t receive security updates to fix the issues. B09 (and below) will receive no security updates remaining vulnerable.

Firmware

Firmware Advertising Authentication Hacking

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers. For some of the targeted devices, threat actors abused an SNMP exploit to deploy the Jaguar Tooth Malware.

Malware

Malware Firmware Government Education

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” continues the analysis.

Hacking

Hacking Firmware Media Authentication

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

. “Our research shows how an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware. The expert was able to access the keys for verifying the authenticity of the firmware and for encrypting it. Pierluigi Paganini.

Firmware

Firmware Ransomware Wireless Encryption

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. Use multifactor authentication with strong pass phrases where possible.

Ransomware

Ransomware Passwords Backups Firmware

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Four of flaws have been rated high severity , they can be exploited by an unauthenticated attacker with network access to the vulnerable Netgear device to execute arbitrary code with admin or root privileges, and to bypass authentication. Authentication is not required to exploit this vulnerability.” ” states the CERT/CC.

Authentication

Authentication Firmware Hacking Mobile

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible.

Education

Education Ransomware Phishing Passwords

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., ” continues the alert.

Ransomware

Ransomware Encryption Passwords Malware

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses. Experts also published a video PoC of the KindleDRIP exploit chain on a new Kindle 10 running firmware version 5.13.2. Pierluigi Paganini.

Hacking

Hacking Authentication Firmware Phishing

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys.” ” reads the joint advisory.

Ransomware

Ransomware Encryption Firmware Backups

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Rise in malware. As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Manufacturing Passwords Internet

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services. Implement network segmentation, such that all machines on your network are not accessible from every other machine. Disable hyperlinks in received emails.

Ransomware

Ransomware Firmware Antivirus Accountability

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

Patch operating systems, software, firmware, and endpoints. Apply two-factor authentication to user login credentials, receiving responses by text rather than email as actors may be in control of victim email accounts. Audit user accounts regularly, particularly Remote Monitoring and Management accounts that are publicly accessible.

Ransomware

Ransomware Backups Firmware Accountability

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom.

Data breaches

Data breaches Ransomware Firmware Manufacturing

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

Several media outlets independently analyzed the data leak and verified the authenticity of the data. The engineering received the files from an anonymous hacker who claimed to have hacked the company earlier this year, the experts believe that this leak is just a first lot on a larger collection. ” reported ZDNet.

Firmware

Firmware Advertising Engineering Hacking

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

The ADB could be abused by malware to target Android phones through the port 5555. “We observed a new cryptocurrency-mining botnet malware that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. “This botnet malware also tries to block its competitor by modifying /etc/hosts.

Cryptocurrency

Cryptocurrency Malware Advertising Firmware

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

Require multi-factor authentication for remote access to OT and IT networks. Update software , including operating systems, applications, and firmware on IT network assets, in a timely manner. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require multi-factor authentication.

Ransomware

Ransomware Healthcare Phishing Risk

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.

Ransomware

Ransomware VPN Cybercrime Accountability

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. • Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • Use multifactor authentication where possible. hard drive, storage device, the cloud).

Passwords

Passwords Government Firmware Accountability

NETGEAR fixes a severe bug in its routers. Patch it asap!

QSnatch malware infected over 62,000 QNAP NAS Devices

Webinars

Trending Sources

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Webinars

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Second-ever UEFI rootkit used in North Korea-themed attacks

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs newsletter Round 376 by Pierluigi Paganini

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs newsletter Round 387

Realtek SDK flaws exploited to deliver Mirai bot variant

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

NI CompactRIO controller flaw could allow disrupting production

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Avoslocker ransomware gang targets US critical infrastructure

Mirai code re-use in Gafgyt

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Expert found multiple critical issues in MoFi routers

BlackCat Ransomware gang breached over 60 orgs worldwide

D-Link addressed 5 flaws on some router models, some of them reached EoL

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

USBAnywhere BMC flaws expose Supermicro servers to hack

Infecting Canon EOS DSLR camera with ransomware over the air

FBI warns of ransomware attacks targeting the food and agriculture sector

Netgear is releasing fixes for ten issues affecting 79 products

FBI warns of increase in PYSA ransomware attacks targeting education

FBI published a flash alert on Mamba Ransomware attacks

KindleDrip exploit – Hacking a Kindle device with a simple email

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

FBI warns of ransomware threat to food and agriculture

Ranzy Locker ransomware hit tens of US companies in 2021

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Money Message gang leaked private code signing keys from MSI data breach

Intel investigates security breach after the leak of 20GB of internal documents

Android Botnet leverages ADB ports and SSH to spread

US CISA and FBI publish joint alert on DarkSide ransomware

Daixin Team targets health organizations with ransomware, US agencies warn

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Stay Connected