Cybersecurity, Firmware and Internet - Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. These are the carriers that provide Internet access to rural areas all across America. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. These happen to represent two prime examples of cyber attack vectors that continue to get largely overlooked by traditional cybersecurity defenses.

Firmware

Firmware Hacking Software Surveillance

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast.

Firmware

Firmware Hacking Internet Internet

Ransomware threat to SonicWall Customers

CyberSecurity Insiders

JULY 16, 2021

SonicWall that offers next generation firewalls and various Cybersecurity solutions has announced that its customers using certain products are at a risk of being cyber attacked with ransomware. x firmware is going to reach its EOL aka End of Life. x firmware is going to reach its EOL aka End of Life.

Ransomware

Ransomware Firmware Cyber Attacks Firewall

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance. This challenge has not escaped the global cybersecurity community. Related: Leveraging PKI to advance electronic signatures. Today we’re in the throes of digital transformation. Trust is under siege.

Digital transformation

Digital transformation Computers and Electronics Cybersecurity Encryption

Zyxel patches two critical vulnerabilities

Malwarebytes

MAY 26, 2023

Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface. Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware

Firmware VPN Firewall Accountability

Flaws in Dell's over-the-air device recovery and update impacts millions of devices

CSO Magazine

JUNE 24, 2021

The over-the-internet firmware update and OS recovery feature present in 128 Dell computer models suffers from certificate validation and other flaws that could allow man-in-the-middle (MitM) attackers to compromise the devices at the firmware level and deploy malicious implants. Sign up for CSO newsletters. ].

Firmware

Firmware CSO Internet Internet

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. The cybersecurity authorities urged organizations to immediately apply timely patches to their systems and implement a centralized patch management system in order to reduce their attack surface.

Cybersecurity

Cybersecurity Software Firmware Internet

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. Imagine a corporate office where only two employees drive Teslas.

Hacking

Hacking IoT Firmware Cybersecurity

Cybersecurity and its impact on the home

CyberSecurity Insiders

NOVEMBER 23, 2021

This poses a huge cybersecurity risk to the population as a whole, and one that needs to be countenanced against the obvious benefits smart tech provides. As CNBC rightly outlines, the internet is already only semi-accessible when it comes to people living with disability. Facing the challenge. Key principles.

Cybersecurity

Cybersecurity IoT Wireless Risk

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware

Firmware Wireless Passwords Internet

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale. In 2023, the U.S.

IoT

IoT Government Internet Internet

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

Hacker Combat

SEPTEMBER 22, 2022

Researchers from the industrial cybersecurity company Claroty discovered a total of seven flaws with the iBoot-PDU product, including one that might have allowed a remote, unauthenticated attacker to execute arbitrary code. The vendor has released firmware version 1.42.06162022 to address the problem.

Firmware

Firmware Firewall Manufacturing Internet

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

Regrettably, cybersecurity is often an overlooked aspect in the development of many smart devices, and medical devices in particular. Being constantly connected to the internet, they are either protected by basic passwords or, in some cases, have no password protection at all.

Healthcare

Healthcare Manufacturing Internet Internet

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. IoT devices are exposed to cybersecurity vulnerabilities. However, if you know where the dangers lurk, there is a way to minimize the cybersecurity risks. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

Update now! NetGear routers’ default configuration allows remote attacks

Malwarebytes

DECEMBER 8, 2022

NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6. Cybersecurity risks should never spread beyond a headline. No auto-update. Stay safe, everyone!

Firmware

Firmware Small Business Internet Internet

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” reads the advisory published by the security firm. We are in the final!

Hacking

Hacking Firmware Authentication DNS

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Malwarebytes

AUGUST 23, 2022

The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. The Cybersecurity & Infrastructure Security Agency (CISA) added the vulnerability to its list of known exploited vulnerabilities that should be patched by January 24, 2022. The critical bug received a 9.8

Firmware

Firmware VPN Internet Internet

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

The problem: The United States Cybersecurity and Infrastructure Security Agency (CISA) has announced a vulnerability in Microsoft SharePoint that allows a threat actor to escalate their privileges on the network. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update.

Firewall

Firewall Firmware IoT Authentication

Satellites are critical infrastructure and need to be cybersecured

Malwarebytes

MARCH 29, 2022

SpaceX’s Starlink satellite Internet program plans to send more than a thousand new satellites into orbit every year. Commercial satellites, like Starlink, provide us with the ability to have things like Internet access, television, GPS, and scientific information about the weather and other processes in the atmosphere and on the surface.

Cybersecurity

Cybersecurity Internet Internet Technology

Millions of home routers on Mirai Botnet Radar

CyberSecurity Insiders

AUGUST 13, 2021

According to a research carried out by Maryland based Cybersecurity firm Tenable, hackers are targeting millions of home routers to add them to the Mirai botnet radar that is used to launch DDoS Cyber attack campaigns. The post Millions of home routers on Mirai Botnet Radar appeared first on Cybersecurity Insiders.

Firmware

Firmware DDOS Malware Manufacturing

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

A joint analysis conducted by industrial cybersecurity firms Claroty and O torio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. The researchers discovered eight vulnerabilities that impact thousands of internet-connected devices worldwide. through 00.07.03.4

Hacking

Hacking Internet Internet Manufacturing

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 The researchers discovered that the issue resides in the CGI program. /httpd/cgi-bin/authLogout.cgi.

Firmware

Firmware Advertising Malware Internet

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

The Last Watchdog

JUNE 26, 2023

Singapore, June 26, 2023 – Hardware cybersecurity solutions pioneer Flexxon today announced the appointment of Erik Nilsen, PhD, as its Chief Technology Strategist. He holds over 14 patents and pending patents for advanced signal processing and cybersecurity applications.

Technology

Technology Marketing Firmware Media

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

Arris router vulnerability could lead to complete takeover

Malwarebytes

FEBRUARY 16, 2023

This is the type of router that ISPs typically provide in loan for customers’ telephony and internet access. According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company.

Firmware

Firmware Authentication Passwords Internet

Cyclops Blink malware: US and UK authorities issue alert

Malwarebytes

FEBRUARY 24, 2022

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group. Cyclops Blink. Mitigation and detection.

Malware

Malware Firewall Firmware DDOS

SiteLock’s Top Five Cybersecurity Predictions For 2020

SiteLock

AUGUST 27, 2021

It’s safe to say that the volume and magnitude of high-profile data breaches and ransomware attacks that punctuated 2019 really kept the cybersecurity industry on its toes. We’ve analyzed the current state of the industry and packaged up our top five cybersecurity predictions for 2020. In comparison to last year, research.

Cybersecurity

Cybersecurity Phishing Data breaches IoT

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

The National Instruments CompactRIO product , a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications.

Firmware

Firmware Manufacturing Software Authentication

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. YouTube Video 1 , YouTube Video 2 ). All servers have been deleted. .

Malware

Malware Firmware IoT Hacking

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” The foundation of Silicon Valley was set, and today comparable technology development pieces are being laid in Maryland on the cybersecurity front.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Security Affairs

DECEMBER 24, 2022

The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. “The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” A firmware fix has been released. ” wrote the expert.

Firmware

Firmware Passwords Hacking Cybersecurity

Reducing your attack surface is more effective than playing patch-a-mole

Malwarebytes

JUNE 21, 2023

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-02. Zyxel warned its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.

Internet

Internet Internet Firmware Cyber Risk

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Korenix has developed another firmware that the organization incorporates in its JetNet industrial switches. Malicious firmware and bootloader uploads are possible too.

Firmware

Firmware Energy and Utilities Cyber Attacks Surveillance

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

. “Successful exploitation of this vulnerability could cause a denial-of-service condition, and a buffer overflow may allow remote code execution,” reads the advisory published by the US cybersecurity and infrastructure agency (CISA). This would leave many running in the wild still today.” ” continues the report.

Hacking

Hacking Firmware Internet Internet

Bad News: AI and 5G Are Expected to Worsen Cybersecurity Risks

Security Affairs

NOVEMBER 10, 2019

Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Here’s a look at how the report frames AI and 5G in cybersecurity. Most Respondents Say AI Will Impact Their Cybersecurity Strategies.

Risk

Risk Cybersecurity Artificial Intelligence Education

Top 9 Cybersecurity Challenges SMEs Currently Face

Responsible Cyber

APRIL 8, 2020

Small and mid-sized enterprises (SMEs) are increasingly at risk of cyber-attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco’s 2018 SMB Cybersecurity Report. Humans remain the biggest and most common cybersecurity threat to businesses of all sizes. Lack of Cybersecurity Knowledge.

Cybersecurity

Cybersecurity DDOS Small Business Phishing

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The experts performed reverse engineering of the firmware to fully unrestricted SSH access. – Source Nozomi.

Surveillance

Surveillance Hacking Firmware Manufacturing

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Webinars

Trending Sources

QNAP urges users to update NAS firmware and app to prevent infections

Webinars

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Ransomware threat to SonicWall Customers

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

Zyxel patches two critical vulnerabilities

Flaws in Dell's over-the-air device recovery and update impacts millions of devices

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

Cybersecurity and its impact on the home

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

CISA Order Highlights Persistent Risk at Network Edge

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

The High-Stakes Game of Ensuring IoMT Device Security

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Update now! NetGear routers’ default configuration allows remote attacks

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

VulnRecap 1/16/24 – Major Firewall Issues Persist

Satellites are critical infrastructure and need to be cybersecured

Millions of home routers on Mirai Botnet Radar

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Researchers warn of QNAP NAS attacks in the wild

Over 80,000 Hikvision cameras can be easily hacked

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Arris router vulnerability could lead to complete takeover

Cyclops Blink malware: US and UK authorities issue alert

SiteLock’s Top Five Cybersecurity Predictions For 2020

NI CompactRIO controller flaw could allow disrupting production

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Expert found Backdoor credentials in ZyXEL LTE3301 M209

Reducing your attack surface is more effective than playing patch-a-mole

Industrial Switches from different Vendors Impaired by Similar Exposures

A critical flaw in industrial automation systems opens to remote hack

Bad News: AI and 5G Are Expected to Worsen Cybersecurity Risks

Top 9 Cybersecurity Challenges SMEs Currently Face

An RCE in Annke video surveillance product allows hacking the device

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Stay Connected