Firmware and Information Security - Cyber Security Informer

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. XR1000v2, the issue was fixed in firmware version 1.1.0.22 XR1000v2, the issue was fixed in firmware version 1.1.0.22 Click Downloads.

Firmware

Firmware Authentication Hacking Information Security

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware

Firmware Cybersecurity Encryption Financial Services

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware

Firmware Mobile Technology Hacking

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. “Organizations using VHD PTZ camera firmware < 6.3.40 ” concludes the report.

Firmware

Firmware Manufacturing IoT Healthcare

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.”

Firewall

Firewall Firmware VPN Authentication

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware

Firmware Telecommunications System Administration Malware

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware

Firmware Malware System Administration Technology

Samsung zero-day flaw actively exploited in the wild

Security Affairs

OCTOBER 22, 2024

. “By interacting with the IOCTL M2M1SHOT_IOC_PROCESS , the driver which provides hardware acceleration for media functions like JPEG decoding and image scaling may map the userspace pages to I/O pages, execute a firmware command and tear down mapped I/O pages.” ” continues Google Project Zero.

Firmware

Firmware Mobile Spyware Media

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. A remote attacker can trigger these flaws to execute arbitrary code on the vulnerable systems in the early stages of the boot avoiding the detection of security features.

Firmware

Firmware Hacking Technology Information Security

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. The bootkit hooks UEFI authentication functions to bypass the Secure Boot mechanism and patches GRUB boot loader functions to evade additional integrity verifications.

Firmware

Firmware Manufacturing Malware Authentication

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Google fixed an actively exploited zero-day in the Pixel Firmware

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware

Firmware Spyware Hacking Information Security

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Security Affairs

JANUARY 17, 2025

ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

Firmware

Firmware Technology Software Manufacturing

Contec CMS8000 patient monitors contain a hidden backdoor

Security Affairs

JANUARY 31, 2025

“This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. ” The vulnerabilities impact the following products: CMS8000 Patient Monitor: Firmware version smart3250-2.6.27-wlan2.1.7.cramfs cramfs CMS8000 Patient Monitor: Firmware version CMS7.820.075.08/0.74(0.75)

Firmware

Firmware Healthcare Cybersecurity Internet

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware

Firmware Firewall Internet Internet

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. CVE-2024-8357 : Lack of root of trust in App SoC, risking persistent attacker control by bypassing boot security checks.

Hacking

Hacking Firmware Software Manufacturing

Some firmware bugs in HP business devices are yet to be fixed

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware

Firmware Hacking Information Security

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates. ” concludes the report.

Firmware

Firmware Government Firewall Malware

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Security Affairs

NOVEMBER 6, 2024

0795 or above) Taiwanese manufacturer QNAP also patched three zero-day vulnerabilities that were exploited by security researchers during the recent Pwn2Own Ireland 2024. Midnight Blue assumes all Synology firmware versions before the patch are vulnerable, so users should apply the patch immediately. 10053 or above) Synology Photos 1.6

Firmware

Firmware Manufacturing Hacking Media

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

“The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” ” reported Heise Security. The analysis of the configuration files revealed that all the FortiOS versions in the data set were older than version 7.2.2,

VPN

VPN Passwords Firewall Firmware

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

” The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service. Planet Technology has released firmware version 1.305b241111 to address these issues. .” reads the advisory published by Claroty. ” concludes the report.

Firmware

Firmware IoT Wireless Surveillance

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. Over the years, multiple security experts have identified several vulnerabilities in MikroTik routers, such as a remote code execution vulnerability detailed by VulnCheck researchers here.

DNS

DNS Malware Firmware Authentication

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

Security Affairs

FEBRUARY 18, 2025

The vulnerabilities are: CVE-2024-12511: SMB / FTP pass-back vulnerability CVE-2024-12510: LDAP pass-back vulnerability The vulnerabilities impact Xerox Versalink MFPs and Firmware Version: 57.69.91 ” Organizations using Xerox VersaLink C7025 Multifunction printers should update to the latest firmware. and earlier.

Firmware

Firmware Authentication Accountability Passwords

Mirai botnet targets SSR devices, Juniper Networks warns

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Below are actions recommended by Juniper Networks: Strengthen Security Practices : Change default credentials on all SSRs.

DDOS

DDOS Firmware Firewall Passwords

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

AMD fixed a flaw that allowed to load malicious microcode

Security Affairs

FEBRUARY 4, 2025

AMD released a microcode and SEV firmware update to address the issue, requiring a BIOS update and reboot for attestation verification. “Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs.

Encryption

Encryption Firmware Hacking Information Security

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware

Firmware Authentication Hacking Software

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware

Firmware Advertising Manufacturing Malware

Netgear addresses severe security flaws in 20 of its products

Security Affairs

SEPTEMBER 6, 2021

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. GC108PP fixed in firmware version 1.0.8.2

Firmware

Firmware Authentication Passwords Hacking

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

Security Affairs

JANUARY 24, 2025

In March 2023, Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540 , deployed custom malware on a SonicWall SMA appliance.The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. reads the report published by Mandiant.

Firmware

Firmware Malware Authentication Mobile

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware

Firmware Spyware Surveillance Hacking

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Security Affairs

JUNE 25, 2024

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware

Firmware Hacking Cybercrime Information Security

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware

Firmware Malware Spyware Surveillance

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware

Firmware Wireless Passwords Internet

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware

Ransomware Firmware Mobile InfoSec

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

DIR-X4860 A1 firmware version 1.00, 1.04 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04. COVR-X1870 firmware version v1.02 The issue impacts: DIR-X4860 A1 firmware version 1.00, 1.04 CVE-2024-45695 (9.8 The issue impacts: CVE-2024-45697 (9.8

Wireless

Wireless Firmware Manufacturing Hacking

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable.

Firmware

Firmware Encryption Passwords Authentication

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. ” explained Vladimir Kononovich, Senior Specialist of ICS Security at Positive Technologies. Both issues received a CVSSv3.0 score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” Compromised hosts display unique strings during execution, including you are now apart of hail c**k botnet in older versions and I just wanna look after my cats, man. in newer ones.

Manufacturing

Manufacturing Malware Firmware IoT

Netgear urges users to upgrade two flaws impacting WiFi router models

Firmware attacks, a grey area in cybersecurity of organizations

Trending Sources

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

PTZOptics cameras zero-days actively exploited in the wild

SonicWall warns of an exploitable SonicOS vulnerability

Android devices shipped with backdoored firmware as part of the BADBOX network

China-linked APT BlackTech was spotted hiding in Cisco router firmware

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Samsung zero-day flaw actively exploited in the wild

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

QNAP urges users to update NAS firmware and app to prevent infections

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Western Digital customers have to update their My Cloud devices to latest firmware version

Google fixed an actively exploited zero-day in the Pixel Firmware

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Contec CMS8000 patient monitors contain a hidden backdoor

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Mazda Connect flaws allow to hack some Mazda vehicles

Some firmware bugs in HP business devices are yet to be fixed

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

MikroTik botnet relies on DNS misconfiguration to spread malware

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

Mirai botnet targets SSR devices, Juniper Networks warns

Expert found a secret backdoor in Zyxel firewall and VPN

AMD fixed a flaw that allowed to load malicious microcode

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

NSA publishes guidance on UEFI Secure Boot customization

Netgear addresses severe security flaws in 20 of its products

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

Second-ever UEFI rootkit used in North Korea-themed attacks

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

MoonBounce UEFI implant spotted in a targeted APT41 attack

BotenaGo botnet targets millions of IoT devices using 33 exploits

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

HelloKitty ransomware gang targets vulnerable SonicWall devices

D-Link addressed three critical RCE in wireless router models

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Stay Connected