Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT 141

IoT Firmware Malware Wireless 141

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware 144

Firmware DDOS Malware IoT 144

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet.

IoT 134

IoT Firmware Internet Internet 134

Security Affairs

MARCH 22, 2022

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. If every victim had paid the ransom, this attack would have netted the hackers about $4,484,700.”

Ransomware 102

Ransomware Firmware Internet Internet 102

Malwarebytes

OCTOBER 19, 2022

As a countermeasure, QNAP pushed out an automatic, forced, update with firmware containing the latest security updates to protect against the attackers' DeadBolt ransomware, which annoyed part of its userbase. It is important to file a complaint if you are a victim of a cybercrime. This DeadBolt campaign also targeted Asustor users.

Ransomware 98

Ransomware Firmware VPN Cybercrime 98

Security Affairs

SEPTEMBER 9, 2021

The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week. “A high-ranking source at Yandex told Vedomosti that the largest DDoS attack in the history of the Russian Internet was carried out on the company’s servers last weekend.”

DDOS 138

DDOS Internet Internet Firmware 138

Security Affairs

SEPTEMBER 13, 2024

Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware 141

Malware Firmware Antivirus Manufacturing 141

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. What people will eventually come to realize, the sooner the better, is that we will need to flatten the X factor represented by cybercrime. Backup your data frequently on hard drives that aren’t connected 24/7 to the internet.

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 ” reads the advisory published by NIST.

Firewall 98

Firewall Firmware VPN DDOS 98

Malwarebytes

MAY 13, 2021

We use WiFi to connect to the Internet, but what is it, and what does it stand for? How does it have such a catchy name, and why do we sometimes have a weak Internet connection with a strong WiFi signal and vice versa? What is the difference between WiFi and Internet? Can you have WiFi without Internet?

Wireless 120

Wireless VPN Internet Internet 120

Malwarebytes

OCTOBER 20, 2022

LAPSUS$ is a relative newcomer to the cybercrime scene that first appeared in the summer of 2021. In the case of the Nvidia breach, LAPSUS$ claimed it was mainly after the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware—apparently all to help out gamers and the mining community. Organized crime.

Cybercrime 94

Cybercrime Firmware Encryption Internet 94

Security Affairs

OCTOBER 7, 2021

In order to protect Dahua devices, users have to install the latest firmware version. It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Authentication 145

Authentication Firmware Hacking Engineering 145

Security Affairs

SEPTEMBER 6, 2022

today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet. “We strongly urge that their QNAP NAS should not be directly connected to the Internet. . “QNAP Systems, Inc. ” reads the advisory published by the vendor.

Ransomware 106

Ransomware Internet Internet Encryption 106

Security Affairs

AUGUST 10, 2021

” Palo Alto researchers said that some 250,000 QNAP and Synology NAS devices are exposed to Internet, according to data from the Cortex Xpanse platform. Researchers provided the following recommendations for protecting home offices from ransomware attacks: Update device firmware to keep attacks of this nature at bay.

Ransomware 139

Ransomware Encryption Firmware Passwords 139

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.”

VPN 90

VPN Passwords Firewall Firmware 90

Security Affairs

FEBRUARY 24, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. The New Zeeland CERT published an advisory to warn of attacks on some internet-facing Asustor models, including AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T.

Ransomware 106

Ransomware Encryption Internet Internet 106

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches.

IoT 128

IoT DDOS Malware Firmware 128

Security Affairs

JULY 8, 2022

Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.” ……… “ The vendor recommends not exposing the SMB service to the internet and using VPN to access the NAS and reduce the attack surface.

Ransomware 110

Ransomware Encryption Passwords Internet 110

SecureWorld News

OCTOBER 8, 2023

Turn off the internet connection if you will not be using it for an extended period. Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. Ensure every device—from computers to smartphones—runs an updated OS.

Firmware 110

Firmware IoT Accountability Passwords 110

SecureWorld News

FEBRUARY 2, 2022

The attacks target a Zero-Day vulnerability that was patched in December 2021 which allows the threat actor to run arbitrary code on vulnerable devices exposed to the internet. DeadBolt ransomware was recently used to target customers of QNAP, a Taiwanese company that produces network attached storage (NAS) devices. January 30, 2022.

Ransomware 98

Ransomware Firmware Encryption Internet 98

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. Healthcare and Public Health sector with ransomware.

Ransomware 80

Ransomware VPN Cybercrime Accountability 80

SecureList

NOVEMBER 14, 2022

A recent leak has put it in the hands of cybercrime actors and it is very likely that by the end of the year we will see it involved in APT cases too. In both cases, we described new UEFI firmware bootkits that managed to propagate malicious components from the deepest layers of the machine up to Windows’ user-land.

Firmware 127

Firmware Surveillance Mobile Telecommunications 127

Security Affairs

JANUARY 31, 2022

The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. ” continues Akamai.

Internet 98

Internet Internet Firmware Hacking 98

Security Affairs

MARCH 13, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

Data breaches 98

Data breaches Firmware Hacking Ransomware 98

SiteLock

AUGUST 27, 2021

The consequences of which are not only born by companies who are the primary targets of cybercrime. Simply defined, the internet of things (IoT) is a network of Internet-connected objects able to collect and exchange data. VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network.

IoT 98

IoT Spyware VPN Passwords 98

SecureList

JULY 28, 2022

In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). Our two private reports provided technical information on the Windows and SPARC variants respectively. Other interesting discoveries.

Malware 145

Malware Firmware Phishing Cryptocurrency 145

Security Affairs

DECEMBER 13, 2024

The bot conducts ad fraud by accessing websites in the background and operates as a residential proxy, sharing the users internet connection for criminal activities, which can link the user’s IP address illegal activities. BadBox can also download additional payloads, amplifying the risks for the users.

Firmware 57

Firmware Malware Telecommunications Information Security 57

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Artificial Intelligence 98

SecureWorld News

APRIL 7, 2022

The DOJ discusses the operation in a recent statement: "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. The botnet was controlled by a threat actor known as Sandworm, whom the U.S. government has connected to the GRU.

Malware 98

Malware Firmware Manufacturing Firewall 98

Security Affairs

FEBRUARY 14, 2022

The report includes MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services (IIS) servers and a list of commands used by ransomware operators observed by the researchers. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 100

Ransomware Accountability Firmware Encryption 100

SiteLock

AUGUST 27, 2021

Internet of Things (IoT) devices will be a cybercriminal’s “fifth column” in 2020. If a manufacturer hardcodes a master password within the device’s firmware, the device becomes extremely vulnerable from a security perspective, especially if an attacker is able to locate and download the password to access the device.

Cybersecurity 98

Cybersecurity Phishing Data breaches IoT 98

Security Affairs

AUGUST 20, 2021

Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, Mozi botnet).

IoT 108

IoT DNS Manufacturing Firmware 108

SecureList

FEBRUARY 16, 2021

After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests. In 2020, when much of life shifted online, internet resources repeatedly suffered from surges in totally legitimate activity. For his efforts, the perpetrator was sentenced to eight years in prison.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Responsible Cyber

APRIL 8, 2020

The Internet of Things (IoT) is undeniably the future of technology. As cybercrime has become well-funded and increasingly sophisticated, phishing remains one of the most effective methods used by criminals to introduce malware into businesses. IoT Opens Excessive Entry Points. Indeed, it has added convenience to our hectic schedules.

Cybersecurity 98

Cybersecurity DDOS Small Business Phishing 98

SecureList

NOVEMBER 25, 2024

This year, for example, the pro-Palestinian hacktivist group BlackMeta attacked the Internet Archive website, which has nothing to do with the conflict. For instance, several days ago, personal data related to Amazon employees that was allegedly leaked over the course of the MOVEit vulnerability attack was leaked on a cybercrime forum.

IoT 118

IoT Energy and Utilities Phishing Cryptocurrency 118

SecureList

NOVEMBER 26, 2021

The vulnerability is in MSHTML, the Internet Explorer engine. Apart from Trojanized installers, we also observed infections involving use of a UEFI (Unified Extensible Firmware Interface) and MBR (Master Boot Record) bootkit. You can find a more detailed technical description of both vulnerabilities here.

Malware 134

Malware Banking Energy and Utilities Accountability 134

Security Boulevard

MAY 2, 2022

Most firmwares devices focus on the functionality of the component with minimal onboard security protection. With the advancement of the Internet of things and the increase in analytical data analysis, these devices have moved up from the Purdue manufacturing model to a level that opens these devices to external communications.

Cyber Attacks 52

Cyber Attacks IoT Firmware Social Engineering 52