Blog, Firmware and Hacking - Cyber Security Informer

Exploiting embedded APIs by dumping firmware

Security Boulevard

FEBRUARY 14, 2023

Hack the hardware to find the firmware and swipe the source code of APIs under security testing. The post Exploiting embedded APIs by dumping firmware appeared first on Dana Epp's Blog. The post Exploiting embedded APIs by dumping firmware appeared first on Security Boulevard.

Firmware

Firmware Hacking

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Playstation 5 hacked—twice!

Malwarebytes

NOVEMBER 10, 2021

Fa i l0verflow , the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen , a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks. A root key is used to decrypt and reverse engineer the console’s firmware.

Hacking

Hacking Firmware Retail Engineering

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

Hacking Group Has PS5 Root Encryption Keys

Heimadal Security

NOVEMBER 15, 2021

A hacking group dubbed Fail0verflow announced on Twitter that they have got the PS5 root encryption keys. These types of keys are usually used to perform PS5’s firmware decryption. The post Hacking Group Has PS5 Root Encryption Keys appeared first on Heimdal Security Blog.

Encryption

Encryption Hacking Firmware Software

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking

Hacking IoT Firmware Cybersecurity

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

HP would take up to 90 days to fix a critical bug in some business-grade printers

Security Affairs

APRIL 5, 2023

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

Firmware

Firmware Education Media Hacking

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Security Affairs

MAY 28, 2021

Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices. The flaw impacts SIMATIC S7-1200 and S7-1500 CPUs, the vendor has already released firmware updates for the impacted systems. SecurityAffairs – hacking, Siemens PLCs).

Hacking

Hacking Firmware Cybersecurity Engineering

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware

Firmware Education Media Authentication

Experts explained how to hack a building controller widely adopted in Russia

Security Affairs

MARCH 24, 2022

A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. ” wrote the expert.

Hacking

Hacking Firmware Internet Internet

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile

Mobile Hacking Firmware Surveillance

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk,” reads the blog post published by the experts.

Firmware

Firmware Encryption Advertising Passwords

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

The platform provides real-time monitoring and control, it also supports advanced features such as device management, software and firmware updates, GPS tracking, and data visualization. ” reads the advisory from CISA.

Hacking

Hacking Internet Internet Manufacturing

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware

Firmware Spyware Surveillance Hacking

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

MAY 25, 2023

“Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user assumes all risk and liability for use thereof.

Firmware

Firmware Authentication Software Hacking

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

“The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” Owners of impacted devices have to upgrade them with the latest firmware release as soon as possible. A firmware fix has been released. ” wrote the expert.

Firmware

Firmware Passwords Hacking Cybersecurity

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. So, local control of the out of the box device is out, let's move onto updating the firmware and one approach is to literally solder wires to smart lights as part of the firmware flashing process.

Internet

Internet Internet IoT Firmware

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Ransomware

Ransomware Firmware Hacking Manufacturing

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. SecurityAffairs – hacking, domain name system). Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The vulnerabilities affecting the Lenovo UEFI result from the use of two UEFI firmware drivers, named SecureBackDoor and SecureBackDoorPeim respectively. SecurityAffairs – hacking, Lenove).

Firmware

Firmware Manufacturing Hacking Cybersecurity

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. ” reads the advisory.

Firmware

Firmware Penetration Testing Manufacturing Authentication

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” After QNAP forced the firmware security update, the number of infections dropped to less than 300 in March. SecurityAffairs – hacking, QNAP).

Ransomware

Ransomware Firmware Internet Internet

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 If possible, enable automatic firmware updates. SecurityAffairs – hacking, Zyxel). Commands are executed as the nobody user.” through ZLD V5.21 through ZLD V5.21

Firewall

Firewall Firmware VPN Wireless

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

In March, TP-Link released a firmware update to address multiple issues, including this vulnerability. The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event. Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security.

DDOS

DDOS Engineering Firmware Architecture

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? SecurityAffairs – hacking, newsletter). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Spyware

Spyware Firmware Ransomware Scams

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

“The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” Owners of impacted devices have to upgrade them with the latest firmware release as soon as possible. A firmware fix has been released. ” wrote the expert.

Firmware

Firmware Passwords Hacking Cybersecurity

Synology and QNAP warn of critical Netatalk flaws in some of their products

Security Affairs

MAY 1, 2022

Critical Ongoing VS Firmware 2.3 SecurityAffairs – hacking, Synology). Synology products affected by the flaw are: Product Severity Fixed Release Availability DSM 7.1 Critical Upgrade to 7.1-42661-1 42661-1 or above. Critical Ongoing DSM 6.2 Critical Ongoing SRM 1.2 Critical Ongoing. To nominate, please visit:? Pierluigi Paganini.

Firmware

Firmware Hacking Cybersecurity Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. Sometimes, they don’t even mention it in the initial setup process, with the recommendation being on a blog post instead. Pierluigi Paganini.

Surveillance

Surveillance Manufacturing Passwords Internet

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs

APRIL 24, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice. Pierluigi Paganini.

Cyber Insurance

Cyber Insurance Spyware Firmware Insurance

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches Cybercrime Ransomware Passwords

A week in security (July 19 – August 1)

Malwarebytes

AUGUST 2, 2021

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root. The Olympics : a timeline of scams, hacks, and malware. Source: Microsoft Security blog) Solarmarker malware campaign actors are focusing their energy on credential and residual information theft. Here’s why.

Wireless

Wireless Password Management Firmware Passwords

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

Below is the list of vulnerable products and related patches: AFFECTED MODEL AFFECTED FIRMWARE VERSION PATCH AVAILABILITY USG FLEX 100(W), 200, 500, 700 ZLD V5.00 If possible, enable automatic firmware updates. SecurityAffairs – hacking, domain name system). Commands are executed as the nobody user.” through ZLD V5.21

Firewall

Firewall VPN Firmware Internet

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. One glaring example is Iran, which faced a series of spectacular hacks and sabotages. APT targeting turns toward satellite technologies, producers and operators.

Firmware

Firmware Surveillance Mobile Telecommunications

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly.

Data breaches

Data breaches Ransomware Firmware Manufacturing

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. SecurityAffairs – hacking, NAS). In February, storage solutions provider Asustor warned its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices.

Ransomware

Ransomware Internet Internet Firmware

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. Upgrade to the latest firmware version. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. It includes discovery of other devices on the network by querying the Address Resolution Protocol (ARP) table to obtain MAC addresses. ” continues the report.

Malware

Malware Firmware Government Education

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

Below the list of patches that could be installed to prevent Chinese hackers and other threat actors from exploiting them: Vulnerability Patch Information CVE-2020-5902 F5 Security Advisory: K52145254: TMUI RCE vulnerability CVE-2020-5902 CVE-2019-19781 Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 11.1

Government

Government VPN Firmware Energy and Utilities

Exploiting embedded APIs by dumping firmware

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Webinars

Trending Sources

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Webinars

Playstation 5 hacked—twice!

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

QNAP urges users to update NAS firmware and app to prevent infections

Hacking Group Has PS5 Root Encryption Keys

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

HP would take up to 90 days to fix a critical bug in some business-grade printers

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE

Experts explained how to hack a building controller widely adopted in Russia

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Second-ever UEFI rootkit used in North Korea-themed attacks

D-Link fixes two critical flaws in D-View 8 network management suite

Expert found Backdoor credentials in ZyXEL LTE3301 M209

The Internet of Things is a Complete Mess (and how to Fix it)

IoT Unravelled Part 3: Security

MSI confirms security breach after Money Message ransomware attack

Experts show how to run malware on chips of a turned-off iPhone

ESET warns of three flaws that affect over 100 Lenovo notebook models

HID Mercury Access Controller flaws could allow to unlock Doors

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Zyxel fixed firewall unauthenticated remote command injection issue

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs newsletter Round 368 by Pierluigi Paganini

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Synology and QNAP warn of critical Netatalk flaws in some of their products

3.5m IP cameras exposed, with US in the lead

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

A week in security (July 19 – August 1)

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Advanced threat predictions for 2023

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Stay Connected