Authentication, Firmware, Information Security and Passwords

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Netgear addresses severe security flaws in 20 of its products

Security Affairs

SEPTEMBER 6, 2021

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. GC108PP fixed in firmware version 1.0.8.2

Firmware

Firmware Authentication Passwords Hacking

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited.” “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94

Hacking

Hacking Firmware Authentication DNS

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. ” The flaw could allow unauthorized third-party access to the router with admin privileges without proper authentication. .” ” continues the post. ” the expert concludes.

Passwords

Passwords Advertising Firmware Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance

Surveillance Manufacturing Passwords Internet

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Security Affairs

AUGUST 1, 2023

The information stored in a Canon printer depends on the specific model, however, almost any model stores the network SSID, the password, network type (WPA3, WEP, etc.), Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access.

Wireless

Wireless Firmware Passwords Authentication

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable.

Firmware

Firmware Encryption Authentication Passwords

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware

Firmware Authentication Passwords Manufacturing

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0

Authentication

Authentication Firmware Hacking Passwords

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. ” states the report published by Eye security.

Firmware

Firmware Passwords Authentication Wireless

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. Avoid reusing passwords for multiple accounts. Focus on cyber security awareness and training.

Ransomware

Ransomware DDOS Passwords Backups

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Use multifactor authentication with strong pass phrases where possible.

Ransomware

Ransomware Passwords Backups Firmware

Trend Micro fixes 3 flaws in Home Network Security Devices

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication.

Network Security

Network Security Authentication Firmware Passwords

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5) CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5) CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2) CVE-2023-3263: Authentication Bypass by Alternate Name (Auth Bypass; CVSS 7.5)

Hacking

Hacking Firmware Authentication Software

An educational robot security research

SecureList

FEBRUARY 27, 2024

However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. This was the first security-related issue we discovered. This was the first security-related issue we discovered. In fact, a valid token is returned even if we provide incorrect credentials.

Education

Education Manufacturing Firmware Internet

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

In order to compromise the target network, the attackers conducted a brute-force password guessing attack against an un-enrolled and inactive account. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner. Require all accounts with password logins (e.g.,

Accountability

Accountability Passwords Authentication Firmware

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” continues the analysis.

Hacking

Hacking Firmware Media Authentication

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” reads the security advisory. While the user’s shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds.”. The unencrypted key is also stored inside the FortiSIEM image.

Advertising

Advertising Firmware Authentication Passwords

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible. Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes.

Education

Education Ransomware Phishing Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Regularly back up data, air gap, and password-protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Antivirus Passwords Malware

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use double authentication when logging into accounts or services.

Ransomware

Ransomware Firmware Antivirus Accountability

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Security Affairs

JUNE 14, 2019

The security advisory published by the company states that the issue impacts YubiKey series devices running versions 4.4.2 of the firmware. The weakness impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP. there is no released firmware version 4.4.3)

Firmware

Firmware Advertising Authentication Passwords

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware

Malware Firmware Advertising Manufacturing

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the alert, when one of the DiskCryptor files are detected, in order to attempt to recover the files without paying the ransom, it is possible to determine if the myConf.txt is still accessible and then recover the password. Install updates/patch operating systems, software, and firmware as soon as they are released. •

Ransomware

Ransomware Encryption Passwords Malware

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware

Ransomware Backups Media Malware

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

But the sector is only as secure as the technology it relies on, so our food supply requires secure IoT devices and Cloud services for food and agriculture too. The FBI notice includes the following recommendations: Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Ransomware

Ransomware Manufacturing Passwords Internet

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

Attackers replaced binaries on compromised EdgeRouters with trojanized OpenSSH server binaries allowing remote attackers to bypass authentication. Upgrade to the latest firmware version. Change any default usernames and passwords.

Energy and Utilities

Energy and Utilities Government Firewall Malware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups.

Passwords

Passwords Architecture Backups Cyber Attacks

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

Regularly back up data, air gap, and password protect backup copies offline. Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. •

Passwords

Passwords Government Firmware Accountability

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

“The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with Zeppelin actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file” concludes the alert.

Ransomware

Ransomware Encryption Firmware Backups

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

The report includes MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services (IIS) servers and a list of commands used by ransomware operators observed by the researchers. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Accountability Firmware Antivirus

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

“One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently.” At the time of publishing this article, the Maze ransomware operators have released three screenshots as proof of the data breach. ” continues Cyble.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

“The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [ T1098 ] for ESXi servers in the environment. Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. ” reads the alert.

Ransomware

Ransomware VPN Cybercrime Accountability

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. Poor credentials. What does this mean? Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Below is a list of recommended mitigations from the FBI, which it issued along with an alert on Conti ransomware late last week: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Implement network segmentation.

Healthcare

Healthcare Ransomware Encryption Passwords

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. “Prima Systems FlexAir, Versions 2.3.38

Backups

Backups Authentication Advertising Firmware

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

The Security Ledger

MARCH 13, 2019

» Related Stories Podcast Episode 129: Repair Eye on the CES Guy and Sensor Insecurity EU calls for End to Default Passwords on Internet of Things Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise. Forget about Congress’s latest attempt to regulate IoT security.

IoT

IoT Cybersecurity Internet Internet

Cloud Security: The Shared Responsibility Model

eSecurity Planet

OCTOBER 20, 2022

Drivers, Firmware, Software : Cloud providers bear responsibility to secure, test, and update the software and code that supports the firmware and the basic software infrastructure of the cloud. Access security controls. This responsibility does not extend to software that customers install on cloud devices.

Backups

Backups Firewall Encryption Software

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Equipped with this password we then could authenticate successfully.

Firmware

Firmware Manufacturing Passwords Penetration Testing

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. The CoP includes the following recommendations for manufacturers: No default passwords.

IoT

IoT Firmware Mobile Manufacturing

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Netgear addresses severe security flaws in 20 of its products

Webinars

Trending Sources

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Webinars

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

TP-Link Archer routers allow remote takeover without passwords

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

3.5m IP cameras exposed, with US in the lead

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Expert found multiple critical issues in MoFi routers

Avoslocker ransomware gang targets US critical infrastructure

FBI warns of ransomware attacks targeting the food and agriculture sector

Trend Micro fixes 3 flaws in Home Network Security Devices

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

An educational robot security research

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

USBAnywhere BMC flaws expose Supermicro servers to hack

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

FBI warns of increase in PYSA ransomware attacks targeting education

BlackCat Ransomware gang breached over 60 orgs worldwide

Ranzy Locker ransomware hit tens of US companies in 2021

Yubico is replacing for free YubiKey FIPS devices due to security weakness

QSnatch malware infected over 62,000 QNAP NAS Devices

FBI published a flash alert on Mamba Ransomware attacks

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

FBI warns of ransomware threat to food and agriculture

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Maze ransomware operators claim to have breached LG Electronics

Daixin Team targets health organizations with ransomware, US agencies warn

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

CISA warns of critical flaws in Prima FlexAir access control system

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

Cloud Security: The Shared Responsibility Model

Experts found backdoors in a popular Auerswald VoIP appliance

IoT Secure Development Guide

Stay Connected