Authentication, Firmware and Passwords - Cyber Security Informer

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords

Passwords Authentication Firmware Accountability

SonicWall issues firmware patch after attackers exploited critical bugs

SC Magazine

FEBRUARY 3, 2021

x firmware. x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. . SonicWall’s firmware update to version 10.2.0.5-29sv The post SonicWall issues firmware patch after attackers exploited critical bugs appeared first on SC Media. SonicWall). 31 and Feb.

Firmware

Firmware Mobile InfoSec Passwords

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Malwarebytes

AUGUST 25, 2023

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. Multiple high severity vulnerabilities exist which allow for password retrieval and device manipulation, with four issues in total. One vulnerability, with a CVSS score of 7.6

Passwords

Passwords Risk IoT Firmware

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Netgear addresses severe security flaws in 20 of its products

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The flaws affected multiple products including the following smart switches, below is the list of the impacted devices and related firmware fixes: GC108P fixed in firmware version 1.0.8.2

Firmware

Firmware Authentication Passwords Hacking

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. ” The flaw could allow unauthorized third-party access to the router with admin privileges without proper authentication. .” ” continues the post. ” the expert concludes.

Passwords

Passwords Advertising Firmware Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited.” “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94

Hacking

Hacking Firmware Authentication DNS

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance

Surveillance Manufacturing Passwords Internet

Arris router vulnerability could lead to complete takeover

Malwarebytes

FEBRUARY 16, 2023

Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company.

Firmware

Firmware Authentication Passwords Internet

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware

Firmware Authentication Passwords Hacking

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Security Affairs

AUGUST 1, 2023

The information stored in a Canon printer depends on the specific model, however, almost any model stores the network SSID, the password, network type (WPA3, WEP, etc.), Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access.

Wireless

Wireless Firmware Passwords Authentication

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable.

Firmware

Firmware Encryption Authentication Passwords

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware

Firmware Authentication Passwords Manufacturing

'Citrix Bleed' Vulnerability Raises Concerns as Exploits Continue

SecureWorld News

NOVEMBER 2, 2023

Exploiting this flaw allows threat actors to hijack legitimate user sessions, bypassing authentication protocols such as passwords and multi-factor authentication. Attackers are exploiting a known vulnerability and injecting malicious code into the login page to steal the credentials of the users who try to authenticate.

Authentication

Authentication Data breaches Passwords Firmware

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0

Authentication

Authentication Firmware Hacking Passwords

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. ” reads the description of the vulnerability.

Firmware

Firmware Passwords Authentication Wireless

Home routers are being hijacked using vulnerability disclosed just 2 days ago

Malwarebytes

AUGUST 9, 2021

Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.”.

Firmware

Firmware DDOS Internet Internet

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. So, the question of unauthorized backdoors being present on any of its devices gets eliminated.

Mobile

Mobile Firmware Manufacturing Passwords

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. The notice mentions the following products along with recommended actions: SRA 4600/1600 (EOL 2019) disconnect immediately and reset passwords.

Ransomware

Ransomware Firmware VPN Firewall

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

ITHC (IT Health Check) and PSN compliance: an overview and considerations

IT Security Guru

JUNE 22, 2021

Check that your OS, applications and firmware are updated with appropriate patches. Passwords – your first line of defence. PSN Code of Connection (CoCo) compliance requires you to demonstrate that you have systems in place to secure password protected entry points. Stopping password/account sharing. External systems.

Passwords

Passwords Authentication Wireless Government

CISA and FBI issue alert about Zeppelin ransomware

Malwarebytes

AUGUST 16, 2022

Authentication. Require all accounts with password logins to meet the required standards for developing and managing password policies. Require multifactor authentication wherever you can—particularly for webmail, VPNs, and critical systems. Store passwords using industry best practice password hashing functions.

Ransomware

Ransomware Backups Passwords Authentication

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low.

IoT

IoT Firewall Manufacturing Computers and Electronics

Trend Micro fixes 3 flaws in Home Network Security Devices

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication.

Network Security

Network Security Authentication Firmware Passwords

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. IoT firmware should be self-healing.

IoT

IoT Firmware Risk Manufacturing

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5) CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2) CVE-2023-3263: Authentication Bypass by Alternate Name (Auth Bypass; CVSS 7.5) of PowerPanel Enterprise software and version 1.44.08042023 of the Dataprobe iBoot PDU firmware.

Hacking

Hacking Firmware Authentication Software

NGINX zero-day vulnerability: Check if you’re affected

Malwarebytes

APRIL 13, 2022

Specifically, the NGINX LDAP reference implementation which uses LDAP to authenticate users of applications being proxied by NGINX. Companies store usernames, passwords, email addresses, printer connections, and other static data within directories. It’s written in Python and communicates with a LDAP authentication server.

Authentication

Authentication IoT Password Management Firmware

Cisco Warns of Multiple Flaws in Small Business Series Switches

eSecurity Planet

MAY 18, 2023

“Cisco has not and will not release firmware updates to address the vulnerabilities described in the advisory for these devices,” the company stated. The researchers say the implant’s firmware-agnostic design could allow it to be integrated into other brands of routers as well.

Small Business

Small Business Firmware Ransomware Software

Patch now! Netgear fixes serious smart switch vulnerabilities

Malwarebytes

SEPTEMBER 7, 2021

In a security advisory , NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. The vulnerability can lead to an authentication bypass which would allow the attacker to change the admin’s password (among other things), which would obviously result in a full compromise of the device.

Firmware

Firmware Passwords Authentication Internet

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

eSecurity Planet

NOVEMBER 4, 2021

CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. Hackers may use firmware exploitation to compromise the network, as the firmware links the operating system and the hardware. The most popular firmware is BIOS and UEFI.

Software

Software Firmware Computers and Electronics Risk

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

In order to compromise the target network, the attackers conducted a brute-force password guessing attack against an un-enrolled and inactive account. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner. Require all accounts with password logins (e.g.,

Accountability

Accountability Passwords Authentication Firmware

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking

Hacking Firmware Media Authentication

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Show them these tips: Never use the same password twice. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. This is where a password manager comes in.

Internet

Internet Internet Passwords Password Management

An educational robot security research

SecureList

FEBRUARY 27, 2024

However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. login_user request to get access_token with an incorrect password The next request returns configuration parameters for the specific toy based on its unique identifier, consisting of nine characters.

Education

Education Manufacturing Firmware Internet

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

Being constantly connected to the internet, they are either protected by basic passwords or, in some cases, have no password protection at all. When multiple devices are interconnected into one network, there is often a vulnerable point in this network—typically, a device with less sophisticated and secure software or firmware.

Healthcare

Healthcare Manufacturing Internet Internet

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Even harmless details, such as pet names or birthplaces, can be used by hackers to reset passwords. Additionally, be cautious when adding new friends; verify their authenticity through known offline connections. Use the administrator account only for maintenance, software installation, or firmware updates.

Firmware

Firmware IoT Accountability Passwords

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

MARCH 3, 2023

The typical username and password for Wi-Fi routers is “admin” for both, but you may need to search online or contact your ISP if that doesn’t work. And while you’re in there, update that password to something a little less hackable, possibly saving the new one in a password manager.

Wireless

Wireless Encryption Passwords IoT

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week.

VPN

VPN Accountability Authentication Passwords

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. Avoid reusing passwords for multiple accounts. Disable hyperlinks in received emails.

Ransomware

Ransomware DDOS Passwords Backups

Ubiquiti: Change Your Password, Enable 2FA

SonicWall issues firmware patch after attackers exploited critical bugs

Trending Sources

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Netgear addresses severe security flaws in 20 of its products

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

TP-Link Archer routers allow remote takeover without passwords

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

3.5m IP cameras exposed, with US in the lead

Arris router vulnerability could lead to complete takeover

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

'Citrix Bleed' Vulnerability Raises Concerns as Exploits Continue

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Home routers are being hijacked using vulnerability disclosed just 2 days ago

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Samsung offers Mobile Security protection as below

SonicWall warns users of “imminent ransomware campaign”

Expert found multiple critical issues in MoFi routers

ITHC (IT Health Check) and PSN compliance: an overview and considerations

CISA and FBI issue alert about Zeppelin ransomware

P2P Weakness Exposes Millions of IoT Devices

Trend Micro fixes 3 flaws in Home Network Security Devices

IoT Unravelled Part 3: Security

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

NGINX zero-day vulnerability: Check if you’re affected

Cisco Warns of Multiple Flaws in Small Business Series Switches

Patch now! Netgear fixes serious smart switch vulnerabilities

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

USBAnywhere BMC flaws expose Supermicro servers to hack

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

An educational robot security research

The High-Stakes Game of Ensuring IoMT Device Security

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

How to Configure a Router to Use WPA2 in 7 Easy Steps

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Avoslocker ransomware gang targets US critical infrastructure

Stay Connected