Blog, Education, Firmware and Information Security

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. and having IPsec enabled.

Firmware

Firmware Education Media Hacking

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event.

DDOS

DDOS Engineering Firmware Architecture

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. It includes discovery of other devices on the network by querying the Address Resolution Protocol (ARP) table to obtain MAC addresses. ” continues the report.

Malware

Malware Firmware Government Education

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

Department of Justice indictment, MSS-affiliated actors have targeted various industries across the United States and other countries—including high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; and defense—in a campaign that lasted over ten years.[

Government

Government VPN Firmware Energy and Utilities

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Upgrade to the latest firmware version. ” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

Maryland was one of the very first states to recognize the importance of information security, not only as a critical issue for the nation, but also as a strategic industry for the state,” said Governor Larry Hogan. According to the U.S.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Cyber Security Roundup for June 2021

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. Is your Home Router a Security Risk?

Ransomware

Ransomware Passwords Scams Cyber Attacks

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

Everybody's got their own little blog where they post stuff. And that's probably a security design of what they're, what they might put out there and encryption keys and things like that. And then you have the smart meters and so the software on the smart meters that's just 100% on its firmware. Here's how I get past it.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

Cyber Security Roundup for March 2021

Security Boulevard

FEBRUARY 28, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. I wrote a blog post about my concerns given Linux is embedded everywhere, yet many of these systems are rarely, and even never updated with security updates.

Energy and Utilities

Energy and Utilities Ransomware DDOS Accountability

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

As Stuart Brand said back in 1984 “information wants to be free.” ” So should analyzing a device’s firmware for security flaws be considered illegal? Roberts: We've got some great so secure repairs I founded in 2019. Or should our right to repair our own devices extend into the digital world?

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

As Stuart Brand said back in 1984 “information wants to be free.” ” So should analyzing a device’s firmware for security flaws be considered illegal? Roberts: We've got some great so secure repairs I founded in 2019. Or should our right to repair our own devices extend into the digital world?

InfoSec

InfoSec Manufacturing Technology Software

Cyber Security Informer

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

HP would take up to 90 days to fix a critical bug in some business-grade printers

Trending Sources

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

MSI confirms security breach after Money Message ransomware attack

A new Mirai botnet variant targets TP-Link Archer A21

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Cyber Security Roundup for June 2021

The Hacker Mind Podcast: Reverse Engineering Smart Meters

Cyber Security Roundup for March 2021

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected