Firewall, Firmware and Hacking - Cyber Security Informer

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. Researchers from Bishop Fox used BinaryEdge source data to find SonicWall firewalls with management interfaces exposed to the internet.

Firewall

Firewall Hacking Firmware Internet

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2022, Sophos released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. reads the advisory. “A

Firmware

Firmware Firewall Internet Internet

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices. USG FLEX ZLD V4.60 VPN ZLD V4.60

Firewall

Firewall Firmware VPN DDOS

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Zyxel fixes a critical bug in its business firewall and VPN devices

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. SecurityAffairs – hacking, Zyxel).

Firewall

Firewall VPN Firmware Authentication

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. SecurityAffairs – hacking, Zyxel).

Firewall

Firewall Firmware VPN Wireless

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S.

Firmware

Firmware Hacking Software Surveillance

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. Commands are executed as the nobody user.”

Firewall

Firewall VPN Firmware Internet

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. in its firewall devices.

Firmware

Firmware Firewall Authentication VPN

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. in its firewall devices. Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

. “Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.”

Hacking

Hacking Internet Internet Manufacturing

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. SecurityAffairs – hacking, Zyxel). The CVE-2022-34747 (CVSS score: 9.8) 11)C0 and earlier V5.21(AAZF.12)C0

Firewall

Firewall Firmware Authentication VPN

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. SecurityAffairs – Zyxel, hacking). ” reads the advisory. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Artificial Intelligence

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

DDOS

DDOS Firmware VPN Firewall

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The “P2P Cloud” feature bypasses firewalls and effectively allows remote connections into private networks.

Surveillance

Surveillance Hacking Firmware Manufacturing

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

According to WatchGuard , Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” Pierluigi Paganini.

Malware

Malware Firmware Architecture Firewall

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Security Affairs

JANUARY 8, 2022

SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. x firmware in MySonicWall downloads section for TZ, NSA and SOHO platforms. Junk Store 7.6.9

Firewall

Firewall Engineering Firmware Malware

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT

IoT Firmware DNS Advertising

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The operation reversibly modified the routers’ firewall rules to block remote management access to the devices.

Energy and Utilities

Energy and Utilities Government Firewall Malware

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. and 7 p.m., power grid ( Energywire , April 30). .

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

The devices halted displaying the following error message: “System enters error-mode due to FIPS error: Firmware Integrity self-test failed” The failure of the integrity test blocks the reboot of the device to protect the integrity of the network. ” reads the report published by Mandiant. ” concludes Mandiant.

Firewall

Firewall Manufacturing Government Firmware

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

“ SonicWall Capture Labs Threat Research team observe huge hits on our firewalls that attempt to exploit the command injection vulnerability with the below HTTP request.” This unauthenticated remote command injection vulnerability affects Linear eMerge E3 access control systems running firmware versions 1.00-06

DDOS

DDOS Hacking Internet Internet

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

“A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. SecurityAffairs – hacking, ransomware). This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v

VPN

VPN Firewall Firmware Authentication

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

“In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.” Install a firewall. SecurityAffairs – hacking, QNAP). . “If such processes are running on recent FW (4.4.x),

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Security Affairs

JANUARY 10, 2020

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number.”

Firmware

Firmware DNS Manufacturing Advertising

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

. “A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” SecurityAffairs – FortiSIEM, hacking).

Authentication

Authentication Firmware Advertising Firewall

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

. “Obviously, these counts only represent devices that are not firewalled and allow direct querying over the IPv4 Internet.” This info includes printer names, locations, models, firmware versions, organization names, and even WiFi network names. . SecurityAffairs – hacking, printers). ” continues the report.

Internet

Internet Internet Firmware Advertising

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. SecurityAffairs – hacking, Juniper).

Firmware

Firmware Advertising Firewall Internet

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

The agencies recommend VPN solutions that implements protections against intrusions, such as the use of signed binaries or firmware images, a secure boot process that verifies boot code before it runs, and integrity validation of runtime processes and files. SecurityAffairs – hacking, VPN solutions). ” concludes the guidance.

VPN

VPN Government Firmware Authentication

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers. Oldest firmware versions have been released as far back as 2007. The expert discovered the vulnerability in the web server component that is implemented in vulnerable Netgear router firmware.

Firmware

Firmware Internet Internet Advertising

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs

JANUARY 25, 2022

The CVE-2021-20038 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, SecurityAffairs – hacking, SonicWall Secure Mobile Access).

Mobile

Mobile Passwords Firmware Firewall

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The group uses multiple attack vectors to gain access to victim networks, including RDP exploitation, SonicWall firewall vulnerabilities exploitation, and phishing attacks. SecurityAffairs – hacking, Zeppelin ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Encryption Firmware Backups

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk

Risk VPN Internet Internet

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. SecurityAffairs – hacking, CISA).

Firmware

Firmware VPN Firewall Risk

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

What are the common firmware and software vulnerabilities in RF devices that can be exploited? Vulnerabilities in RF technology often encompass various weaknesses and security gaps within the firmware and software used in RF devices. Keeping firmware up to date is essential for security.

Encryption

Encryption Firmware Surveillance Technology

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Trending Sources

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Widespread exploitation by botnet operators of Zyxel firewall flaw

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Zyxel fixes a critical bug in its business firewall and VPN devices

Zyxel fixed firewall unauthenticated remote command injection issue

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Zyxel published guidance for protecting devices from ongoing attacks

A critical flaw in industrial automation systems opens to remote hack

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Zyxel addressed a critical RCE flaw in its NAS devices

Some Zyxel devices can be hacked via DNS requests

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Multiple DDoS botnets were observed targeting Zyxel devices

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

US and UK link new Cyclops Blink malware to Russian state hackers?

IoT Unravelled Part 3: Security

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

New Ttint IoT botnet exploits two zero-days in Tenda routers

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

DoS attack the caused disruption at US power utility exploited a known flaw

China-linked APT likely linked to Fortinet zero-day attacks

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Dovecat crypto-miner is targeting QNAP NAS devices

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

A daily average of 80,000 printers exposed online via IPP

Juniper Networks addressed many issues in its products

NSA, CISA release guidance on hardening remote access via VPN solutions

79 Netgear router models affected by a dangerous Zero-day

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

CISA Order Highlights Persistent Risk at Network Edge

CISA is warning of vulnerabilities in GE Power Management Devices

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Stay Connected