Blog, Cybersecurity, Firmware and Information Security

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. and having IPsec enabled.

Firmware

Firmware Education Media Hacking

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units.” ” reads a statement published by the company.

Ransomware

Ransomware Firmware Hacking Manufacturing

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

“Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user assumes all risk and liability for use thereof.

Firmware

Firmware Authentication Software Hacking

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. They ask to keep the information confidential until the patch has been released.

Firmware

Firmware Passwords Hacking Cybersecurity

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. To nominate, please visit:?

Malware

Malware Wireless Firmware Mobile

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The vulnerabilities affecting the Lenovo UEFI result from the use of two UEFI firmware drivers, named SecureBackDoor and SecureBackDoorPeim respectively. ” reads the advisory published by Lenovo.

Firmware

Firmware Manufacturing Hacking Cybersecurity

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. ” reads the advisory published by the security firm. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Hacking

Hacking Firmware Authentication DNS

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. ” reads the advisory.

Firmware

Firmware Penetration Testing Manufacturing Authentication

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” The foundation of Silicon Valley was set, and today comparable technology development pieces are being laid in Maryland on the cybersecurity front.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 If possible, enable automatic firmware updates. Commands are executed as the nobody user.” ” reads the report published by Rapid7. through ZLD V5.21

Firewall

Firewall Firmware VPN Wireless

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event.

DDOS

DDOS Engineering Firmware Architecture

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Spyware

Spyware Firmware Ransomware Scams

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. They ask to keep the information confidential until the patch has been released.

Firmware

Firmware Passwords Hacking Cybersecurity

Synology and QNAP warn of critical Netatalk flaws in some of their products

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 Synology products affected by the flaw are: Product Severity Fixed Release Availability DSM 7.1 Critical Upgrade to 7.1-42661-1 42661-1 or above. Critical Ongoing DSM 6.2 Critical Ongoing SRM 1.2 Critical Ongoing. To nominate, please visit:?

Firmware

Firmware Hacking Cybersecurity Internet

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Below is the list of vulnerable products and related patches: AFFECTED MODEL AFFECTED FIRMWARE VERSION PATCH AVAILABILITY USG FLEX 100(W), 200, 500, 700 ZLD V5.00 through ZLD V5.21

Firewall

Firewall VPN Firmware Internet

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Security Affairs

MAY 28, 2021

Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices. The flaw impacts SIMATIC S7-1200 and S7-1500 CPUs, the vendor has already released firmware updates for the impacted systems. ” concludes Claroty. Pierluigi Paganini.

Hacking

Hacking Firmware Cybersecurity Engineering

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers. ” continues the report.

Malware

Malware Firmware Government Education

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. The malware leverages the firmware update process to achieve persistence. Cyclops Blink is sophisticated malware with a modular structure.

Firmware

Firmware Malware Cybersecurity Hacking

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs

APRIL 24, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Cyber Insurance

Cyber Insurance Spyware Firmware Insurance

Kali Linux 2024.1 Release (Micro Mirror)

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. For anyone interested in Internet infrastructure, we encourage you to read it, that’s a well-written blog post right there, waiting for you.

Software

Software Firmware VPN Internet

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. Ransomware operators are also offering for sale the QNAP the master decryption key for 50 BTC which could allow all the victims of this ransomware family to decrypt their files.

Ransomware

Ransomware Internet Internet Firmware

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches

Data breaches Cybercrime Ransomware Passwords

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

“The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S.

Government

Government VPN Firmware Energy and Utilities

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

Energy and Utilities

Energy and Utilities Government Firewall Malware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022. link] .

Passwords

Passwords Architecture Backups Cyber Attacks

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. Now the ransomware gang has leaked the company’s private code signing keys on their darkweb leaksite. Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. We are in the final!

Data breaches

Data breaches Ransomware Firmware Manufacturing

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

eSecurity Planet

MAY 20, 2024

The problem: Researcher Patrick Peng discovered and wrote a blog post about a vulnerability in the llama_cpp_python dependency. Note that some DIR-600 devices are end of life, so D-Link won’t release any firmware updates for these. Llama is a Python package designed to support large language models.

VPN

VPN Firmware Malware Software

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. hard drive, storage device, the cloud). link] .

Ransomware

Ransomware Antivirus Passwords Malware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates.

Mobile

Mobile Hacking Firmware Surveillance

Experts explained how to hack a building controller widely adopted in Russia

Security Affairs

MARCH 24, 2022

The expert found the default credentials (default credentials are admin:secret ) in manuals firmware and software for its building controller models. The expert published a blog post that describes a step by step procedure to achieve remote code execution with root privileges. ” wrote the expert.

Hacking

Hacking Firmware Internet Internet

Critical fixed critical flaws in Cisco Small Business Switches

Security Affairs

MAY 18, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final!

Small Business

Small Business Firmware Hacking Cybersecurity

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

” In February, US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. The malware leverages the firmware update process to achieve persistence. ” reads the DoJ. link] .

Malware

Malware Government Firmware Firewall

Cyber Security Roundup for March 2021

Security Boulevard

FEBRUARY 28, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. I wrote a blog post about my concerns given Linux is embedded everywhere, yet many of these systems are rarely, and even never updated with security updates.

Energy and Utilities

Energy and Utilities Ransomware DDOS Accountability

Cyber Security Roundup for June 2021

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. UK Smarties Cities Cybersecurity Warning. The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities.

Ransomware

Ransomware Passwords Scams Cyber Attacks

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Intel addresses High-Severity flaws in NUC Firmware and other tools. The Cost of Dealing With a Cybersecurity Attack in These 4 Industries.

Small Business

Small Business Spyware Data breaches Advertising

Topic-specific policy 7/11: backup

Notice Bored

OCTOBER 19, 2021

This is an interesting policy example to have been selected for inclusion in ISO/IEC 27002:2022 , spanning the divide between 'cybersecurity' and 'the business'. before returning to read the remainder of this blog. If not, hopefully this blog series has given you food for thought! Why do data need to be backed up?

Backups

Backups Risk Internet Internet

CryptoAgility to take advantage of Quantum Computing

Thales Cloud Protection & Licensing

MAY 4, 2021

The same goes with the advent of Quantum Computing , which is supposed to bring exponential computing power that shall not only bring endless benefits but also raises question marks on the current state of cryptography that is the bedrock of all information security as we know today. Data security. What can we do to get ready?

Computers and Electronics

Computers and Electronics Banking IoT Risk

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

In this blog, we’ll home in on Conti, the strain identified by some as the successor, cousin or relative of Ryuk ransomware , due to similarities in code use and distribution tactics. Install updates/patch operating systems, software, and firmware as soon as they are released. Focus on cyber security awareness and training.

Healthcare

Healthcare Ransomware Encryption Passwords

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Webinars

Trending Sources

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Webinars

QNAP urges users to update NAS firmware and app to prevent infections

HP would take up to 90 days to fix a critical bug in some business-grade printers

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

MSI confirms security breach after Money Message ransomware attack

D-Link fixes two critical flaws in D-View 8 network management suite

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Experts show how to run malware on chips of a turned-off iPhone

ESET warns of three flaws that affect over 100 Lenovo notebook models

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

HID Mercury Access Controller flaws could allow to unlock Doors

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Zyxel fixed firewall unauthenticated remote command injection issue

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs newsletter Round 368 by Pierluigi Paganini

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Synology and QNAP warn of critical Netatalk flaws in some of their products

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs newsletter Round 362 by Pierluigi Paganini

Kali Linux 2024.1 Release (Micro Mirror)

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Money Message gang leaked private code signing keys from MSI data breach

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Experts explained how to hack a building controller widely adopted in Russia

Critical fixed critical flaws in Cisco Small Business Switches

US dismantled the Russia-linked Cyclops Blink botnet

Cyber Security Roundup for March 2021

Cyber Security Roundup for June 2021

Security Affairs newsletter Round 228

Topic-specific policy 7/11: backup

CryptoAgility to take advantage of Quantum Computing

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Stay Connected