Firewall, Firmware, Hacking and Internet

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. Researchers from Bishop Fox used BinaryEdge source data to find SonicWall firewalls with management interfaces exposed to the internet.

Firewall

Firewall Hacking Firmware Internet

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2022, Sophos released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. reads the advisory. “A

Firmware

Firmware Firewall Internet Internet

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices. USG FLEX ZLD V4.60 VPN ZLD V4.60

Firewall

Firewall Firmware VPN DDOS

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S.

Firmware

Firmware Hacking Software Surveillance

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. SecurityAffairs – hacking, Zyxel).

Firewall

Firewall Firmware VPN Wireless

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. Commands are executed as the nobody user.”

Firewall

Firewall VPN Firmware Internet

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Security Affairs

MAY 16, 2023

The researchers discovered eight vulnerabilities that impact thousands of internet-connected devices worldwide. The experts demonstrated multiple attack vectors, including the exploitation of flaws in internet-exposed services, cloud account takeover, and the exploitation of flaws in the cloud infrastructure. through 00.07.03.4

Hacking

Hacking Internet Internet Manufacturing

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. ” Experts used the search engines for Internet-connected devices, like Shodan.io, to search for ENIP-compatible internet-facing devices and discovered more than 8,000 systems exposed online.

Hacking

Hacking Firmware Internet Internet

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. through 5.35.

DDOS

DDOS Firmware VPN Firewall

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. A Safer Internet of Things. The post The Internet of Things Is Everywhere.

Internet

Internet Internet IoT Software

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. SecurityAffairs – Zyxel, hacking). ” reads the advisory. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. The “P2P Cloud” feature bypasses firewalls and effectively allows remote connections into private networks.

Surveillance

Surveillance Hacking Firmware Manufacturing

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS

DDOS Hacking Internet Internet

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. SecurityAffairs – hacking, printers).

Internet

Internet Internet Firmware Advertising

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. and 7 p.m., power grid ( Energywire , April 30).

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT

IoT Firmware DNS Advertising

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

The devices halted displaying the following error message: “System enters error-mode due to FIPS error: Firmware Integrity self-test failed” The failure of the integrity test blocks the reboot of the device to protect the integrity of the network. ” reads the report published by Mandiant. ” concludes Mandiant.

Firewall

Firewall Manufacturing Government Firmware

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

“According to analysis, QNAP NAS can become infected when they are connected to the Internet with weak user passwords.” “In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.”

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers.

Firmware

Firmware Internet Internet Advertising

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

“A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”. 6.5.1.12, 6.0.5.3,

VPN

VPN Firewall Firmware Authentication

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. SecurityAffairs – hacking, Juniper).

Firmware

Firmware Advertising Firewall Internet

The Internet of Things: Security Risks Concerns

Spinone

MARCH 17, 2018

The Internet of Things (IoT) is a term used to describe the network of interconnected electronic devices with “smart” technology. billion “things” connected to the Internet , a 30% increase from 2015. 75% of Bluetooth Smart door locks have been found to have vulnerabilities that allow them to be easily hacked.

Internet

Internet Internet Risk Computers and Electronics

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

APRIL 28, 2020

Sadly, coronavirus phishing and ransomware hacks already are in high gear. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. Leaders of the top hacking collectives are astute and disciplined.

Social Engineering

Social Engineering Cyber Attacks Scams Engineering

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. “Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

Firmware

Firmware VPN Firewall Risk

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

MARCH 3, 2023

Most of us connect our mobile devices to a Wi-Fi router for internet access, but this connection can leave our network and data vulnerable to cyber threats. The protocol protects your incoming and outgoing internet traffic and makes it difficult for cyber criminals to intercept your data or hack your device.

Wireless

Wireless Encryption Passwords IoT

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

Rockwell has released firmware updates that address the vulnerability for the affected controllers. Below the recommendations published by Rockwell Automation to minimize the risk of exploitation of this vulnerability: Update to the latest available firmware revision that addresses the associated risk. Pierluigi Paganini.

Firmware

Firmware Social Engineering Advertising Malware

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

“The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet.” The malware leverages the firmware update process to achieve persistence. SecurityAffairs – hacking, Russia). ” reads the DoJ.

Malware

Malware Government Firmware Firewall

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available if data is ever compromised. Pierluigi Paganini.

Ransomware

Ransomware VPN Cybercrime Accountability

Zyxel addresses Zero-Day vulnerability in NAS devices

Security Affairs

FEBRUARY 25, 2020

A remote code execution vulnerability was identified in the weblogin.cgi program of Zyxel NAS products running firmware version 5.21 Do not leave the product directly exposed to the internet. If possible, connect it to a security router or firewall for additional protection,” Zyxel recommends. . and earlier. Pierluigi Paganini.

Authentication

Authentication Advertising Firmware Internet

Satellites are critical infrastructure and need to be cybersecured

Malwarebytes

MARCH 29, 2022

SpaceX’s Starlink satellite Internet program plans to send more than a thousand new satellites into orbit every year. Commercial satellites, like Starlink, provide us with the ability to have things like Internet access, television, GPS, and scientific information about the weather and other processes in the atmosphere and on the surface.

Cybersecurity

Cybersecurity Internet Internet Technology

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

JULY 19, 2023

While the threat actor infrastructure might request Net-NTLMv2 authentication, Windows will honor the defined internet security zones and will not send (leak) Net-NTLMv2 hashes. For example, this router is typically used by ISPs on the customer side and its firmware provides a Command Line Interface (CLI) accessible directly through a WebUI.

Firmware

Firmware Internet Internet Government

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Security Affairs

AUGUST 14, 2018

” The experts focused their analysis on the impact of key reuse on Internet Protocol Security (IPsec). The cryptographic key for IPsec leverages the Internet Key Exchange (IKE) protocol, which has two versions, IKEv1 and IKEv2. According to the Huawei’s advisory , its firewall products are affected by the flaw.

Encryption

Encryption Authentication Internet Internet

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system. The only way to recover infected devices is to manually reinstall the device’s firmware. SecurityAffairs – Silex malware, hacking). Pierluigi Paganini.

IoT

IoT Malware Advertising Firmware

Top 9 Cybersecurity Challenges SMEs Currently Face

Responsible Cyber

APRIL 8, 2020

The Internet of Things (IoT) is undeniably the future of technology. Hence, since ransomware locks down files permanently (unless businesses want to cough up the ransom) backups are a crucial safeguard to recover from the hack. IoT Opens Excessive Entry Points. Indeed, it has added convenience to our hectic schedules. DDoS Attacks.

Cybersecurity

Cybersecurity DDOS Small Business Phishing

Webinar on cyberattacks in Ukraine – summary and Q&A

SecureList

MARCH 14, 2022

We advise organizations to: Take typical measures against DDoS attacks, ransomware and destructive malware, phishing, targeted attacks, supply-chain attacks and firmware attacks. Make sure that any and all internet-facing systems are up-to-date with all the latest patches installed. Install security software on endpoints.

DDOS

DDOS Firmware Internet Internet

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

“To update to the latest firmware, each user should select the “Check for Upgrade” option in the “Centrals” menu in the GUI. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. SecurityAffairs – Prima FlexAir, hacking).

Backups

Backups Authentication Advertising Firmware

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

Hacking

Hacking IoT Firmware Internet

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware

Firmware IoT VPN Authentication

How to Maximize the Value of Penetration Tests

eSecurity Planet

JUNE 23, 2023

For example, a network and firewall penetration testing expert will be unlikely to also have expertise to test web applications for SQL injection , or to understand internet-of-things (IoT) firmware hacking. Using a third-party penetration tester runs the risk of exposing those secrets through the hacking process.

Penetration Testing

Penetration Testing Social Engineering Risk Data breaches

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Trending Sources

Widespread exploitation by botnet operators of Zyxel firewall flaw

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Expert found a secret backdoor in Zyxel firewall and VPN

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Zyxel fixed firewall unauthenticated remote command injection issue

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

A critical flaw in industrial automation systems opens to remote hack

Multiple DDoS botnets were observed targeting Zyxel devices

The Internet of Things Is Everywhere. Are You Secure?

Some Zyxel devices can be hacked via DNS requests

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

IoT Unravelled Part 3: Security

CISA Order Highlights Persistent Risk at Network Edge

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

A daily average of 80,000 printers exposed online via IPP

DoS attack the caused disruption at US power utility exploited a known flaw

New Ttint IoT botnet exploits two zero-days in Tenda routers

China-linked APT likely linked to Fortinet zero-day attacks

Dovecat crypto-miner is targeting QNAP NAS devices

79 Netgear router models affected by a dangerous Zero-day

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Juniper Networks addressed many issues in its products

The Internet of Things: Security Risks Concerns

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

CISA is warning of vulnerabilities in GE Power Management Devices

How to Configure a Router to Use WPA2 in 7 Easy Steps

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

US dismantled the Russia-linked Cyclops Blink botnet

Daixin Team targets health organizations with ransomware, US agencies warn

Zyxel addresses Zero-Day vulnerability in NAS devices

Satellites are critical infrastructure and need to be cybersecured

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Silex malware bricks thousands of IoT devices in a few hours

Top 9 Cybersecurity Challenges SMEs Currently Face

Webinar on cyberattacks in Ukraine – summary and Q&A

CISA warns of critical flaws in Prima FlexAir access control system

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

How to Maximize the Value of Penetration Tests

Stay Connected