Security Affairs

JANUARY 15, 2025

At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.”

VPN 132

VPN Passwords Firewall Firmware 132

Security Affairs

OCTOBER 22, 2024

. “By interacting with the IOCTL M2M1SHOT_IOC_PROCESS , the driver which provides hardware acceleration for media functions like JPEG decoding and image scaling may map the userspace pages to I/O pages, execute a firmware command and tear down mapped I/O pages.” ” continues Google Project Zero.

Firmware 145

Firmware Mobile Spyware Media 145

Security Affairs

APRIL 18, 2025

. “An improper authentication control vulnerability exists in certain ASUS router firmware series. “We have released new firmware update for 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series.” Asus also urges users to update the routers firmware via the ASUS support page when available.

Firmware 117

Firmware Authentication Passwords VPN 117

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The experts reported that at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes worldwide were shipped with the backdoored firmware.

Firmware 143

Firmware Malware Internet Internet 143

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 138

Firmware Telecommunications System Administration Malware 138

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 136

Firmware Mobile Technology Hacking 136

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Researchers from firmware security firm Binarly now report that Bootkitty Linux UEFI bootkit exploits the LogoFAIL flaw CVE-2023-40238 to compromise systems running on vulnerable firmware.

Firmware 108

Firmware Manufacturing Malware Authentication 108

Security Affairs

NOVEMBER 5, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Organizations using VHD PTZ camera firmware < 6.3.40 reads the analysis published by GreyNoise.

Firmware 127

Firmware Manufacturing Authentication IoT 127

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware 145

Firmware Ransomware Encryption Advertising 145

Security Affairs

JANUARY 17, 2025

The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions.

Firmware 110

Firmware Technology Software Manufacturing 110

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. SecurityAffairs – hacking, iLOBleed). ” reads the report published by the expers.

Firmware 144

Firmware Malware System Administration Technology 144

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The three buffer overflow vulnerabilities in UEFI firmware, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, were discovered by researchers from ESET. SecurityAffairs – hacking, Lenovo).

Firmware 142

Firmware Hacking Technology Information Security 142

Krebs on Security

JULY 2, 2021

Researchers Radek Domanski and Pedro Ribeiro originally planned to present their findings at the Pwn2Own hacking competition in Tokyo last year. That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device.

Firmware 363

Firmware Passwords Internet Internet 363

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory. .

Firmware 126

Firmware Spyware Hacking Information Security 126

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. The SPF information is included in the domains DNS records as a TXT record. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, MikroTik botnet)

DNS 139

DNS Malware Firmware Authentication 139

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware 135

Firmware Architecture Internet Internet 135

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates.

Firmware 123

Firmware Government Firewall Malware 123

Security Affairs

JUNE 9, 2025

“Most of these bots don’t stay active after the device restarts because some device firmware doesn’t allow changes to the file system. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, botnet) ” concludes the report.

IoT 138

IoT Firmware Malware Architecture 138

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 132

Firmware Firewall Hacking Internet 132

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 133

Hacking Firmware IoT Internet 133

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware 108

Firmware Hacking Information Security 108

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. If this data was compromised, it could potentially expose a huge amount of very personal information about their owners, information that never existed in digital form before the advent of IoT. Or vibrator.

IoT 363

IoT Firmware Risk Encryption 363

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. “Claroty has privately disclosed details to Real Time Automation (RTA), informing the vendor of a critical vulnerability in its proprietary 499ES EtherNet/IP (ENIP) stack.

Hacking 142

Hacking Firmware Internet Internet 142

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. score of 6.8.

Hacking 138

Hacking Firmware Encryption Manufacturing 138

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Cryptocurrency 123

Cryptocurrency Malware Mobile Firmware 123

Security Affairs

JANUARY 15, 2024

. “The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SonicWall)

Firewall 144

Firewall Hacking Firmware Internet 144

Penetration Testing

JUNE 15, 2025

The flaws, tracked as CVE-2025-45984 through CVE-2025-45988, affect a wide range of firmware versions used in both consumer and enterprise-grade networking equipment. Shared Affected Codebase: Each flaw targets the same goahead binary and associated shared object, amplifying the impact across models and firmware versions.

Firmware 67

Firmware DNS Penetration Testing Malware 67

Security Affairs

JANUARY 19, 2025

” The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service. Planet Technology has released firmware version 1.305b241111 to address these issues. .” reads the advisory published by Claroty. ” concludes the report. .

Firmware 71

Firmware IoT Wireless Surveillance 71

Security Affairs

MARCH 9, 2025

Through reverse engineering, Targolic researchers discovered hidden commeds (code 0x3F) in the ESP32 Bluetooth firmware. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ESP32 microchip manufactured by Espressif)

Manufacturing 128

Manufacturing IoT Firmware Mobile 128

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking 126

Hacking Firmware Internet Internet 126

Security Affairs

FEBRUARY 4, 2025

AMD released a microcode and SEV firmware update to address the issue, requiring a BIOS update and reboot for attestation verification. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, SEV)

Encryption 99

Encryption Firmware Hacking Information Security 99

Security Affairs

MAY 19, 2021

Anyway, the experts didn’t find a way to compromise the T-Box, they only demonstrated how to send arbitrary CAN messages from T-Box and bypass the code signing mechanism to fash a custom SH2A MCU firmware by utilizing a vulnerability in SH2A firmware on a debug version T-Box. SecurityAffairs – hacking, Mercedes).

Hacking 136

Hacking Firmware Engineering Software 136

Security Affairs

JANUARY 24, 2025

In March 2023, Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540 , deployed custom malware on a SonicWall SMA appliance.The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. reads the report published by Mandiant.

Firmware 74

Firmware Malware Authentication Mobile 74

Security Affairs

NOVEMBER 25, 2024

” The vendor addressed these vulnerabilities with the release of firmware version 5.39 Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, firewalls) for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series. ” reads the update published by the company.

Firewall 76

Firewall Ransomware VPN Firmware 76

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Keep Software Updated : Apply the latest firmware updates to patch vulnerabilities. Implement strong, unique passwords across devices.

DDOS 67

DDOS Firmware Firewall Passwords 67

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware 98

Firmware Encryption Government Malware 98