Firmware, Information Security and Manufacturing

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware).

Firmware

Firmware Manufacturing Malware Hacking

Lenovo warns of flaws that can be used to bypass security features

Security Affairs

NOVEMBER 9, 2022

Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1

Firmware

Firmware Manufacturing Hacking Software

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws.

Manufacturing

Manufacturing IoT Firmware VPN

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. CVE-2022-33265 (CVSS Score 7.3) – the flaw is an Information exposure in Powerline Communication Firmware.

Firmware

Firmware Manufacturing Software Hacking

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. Pierluigi Paganini.

Firmware

Firmware Manufacturing Hacking Software

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The Secure boot is a security standard developed by members of the PC industry to ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

Firmware

Firmware Manufacturing Hacking Cybersecurity

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Patches for the issues affecting Adreno GPU and Compute DSP drivers have been made available, and OEMs have been notified with a strong recommendation to deploy security updates as soon as possible. Please contact your device manufacturer for more information on the patch status about specific devices.”

Firmware

Firmware Surveillance Authentication Manufacturing

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. The vulnerabilities discovered by the security duo impacts the Wincor Cineo ATMs with the RM3 and CMD-V5 dispensers. score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware

Firmware Advertising Manufacturing Malware

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.”

Firmware

Firmware Manufacturing Advertising Hacking

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 The reign of a Chinese brand.

Surveillance

Surveillance Manufacturing Passwords Internet

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw.

Firmware

Firmware Manufacturing Software Authentication

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. ” reads the post published by Trellix.

Firmware

Firmware Penetration Testing Manufacturing Authentication

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) and sends it to a server under the control of the attackers ([link]. ” continues the report.

Malware

Malware Firmware Manufacturing Mobile

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware

Firmware Malware Manufacturing Hacking

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

Security Affairs

NOVEMBER 4, 2021

“CISA encourages manufacturers, vendors, and developers to review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager and update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.” ” reads CISA’s advisory.

Firmware

Firmware Manufacturing Technology Engineering

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158 and CVE–2022–36159, impacting the Contec Flexlan FXA3000 and FXA2000 series LAN devices. The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless.

Wireless

Wireless Firmware Passwords Engineering

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm. Crashes generally trigger a fatal assertion, segmentation faults due to a buffer or heap overflow within the SoC firmware.

Firmware

Firmware Manufacturing IoT Technology

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.

Firmware

Firmware Authentication Passwords Manufacturing

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

An invalidation data region is created by varying the OP area that can be changed by the user or by the firmware manager. However, a threat actor can reduce the size of the OP area using the firmware manager generating an invalid data area. This attack could lead to an information-disclosing attack.

Malware

Malware Firmware Manufacturing Media

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. states the report published by Fortinet. “Our states the report published by Fortinet.

Firewall

Firewall VPN Firmware Internet

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. ” reads the analysis published by the experts.

Firmware

Firmware Accountability Advertising Manufacturing

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. ” reads the security advisory published by Nozomi Networks Labs. The mainboard of the Annke N48PBB.

Surveillance

Surveillance Hacking Firmware Manufacturing

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Security Affairs

AUGUST 2, 2021

The flaw affects the Translogic PTS system manufactured by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and thousands of hospitals worldwide. An attacker could also push an insecure firmware upgrade to fully compromise the devices. Swisslog has released Nexus Control Panel version 7.2.5.7

Healthcare

Healthcare Firmware Manufacturing Ransomware

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Flashing Firmware: Flashing BUSSide firmware inside the NodeMCU is quick and easy: # apt-get install esptool # git clone [link] # esptool --port /dev/ttyUSB0 write_flash 0x00000 BUSSide/FirmwareImages/*.bin. his majesty, the Firmware). In a couple of minutes you should get extracted the firmware. What do you do?

IoT

IoT Hacking Firmware Advertising

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

The researchers analyzed the firmware and set up a 2G base station in order to intercept and analyze the devices’ communications. Itel it2160 – The device was spotted transferring some info to the domain asv.transsion.com (Country, Model, Firmware version, Language. And the manufacturer if you find any incomprehensible activity.

Mobile

Mobile Malware Firmware Manufacturing

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

On February 10, 2020, the Taiwanese manufacturer DrayTek issued a security bulletin to address the vulnerability with the release of the firmware program 1.5.1. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later. .”

Firmware

Firmware VPN Accountability Advertising

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws.

IoT

IoT Firmware Internet Internet

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0 The researchers also shared a video PoC of an attack to bypass the ASLR. Below are the recommendations provided by Microsoft: Apply patches to affected devices in your network.

Authentication

Authentication Firmware Hacking Passwords

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

The devices halted displaying the following error message: “System enters error-mode due to FIPS error: Firmware Integrity self-test failed” The failure of the integrity test blocks the reboot of the device to protect the integrity of the network. ” reads the report published by Mandiant. ” concludes Mandiant.

Firewall

Firewall Manufacturing Government Firmware

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. ” state researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT. Follow me on Twitter: @securityaffairs and Facebook.

IoT

IoT DNS Manufacturing Firmware

An educational robot security research

SecureList

FEBRUARY 27, 2024

Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. The ADB service is disabled.

Education

Education Manufacturing Firmware Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

The United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch data-stealing malware. The QSnatch malware implements multiple functionalities, such as: .

Malware

Malware Firmware Advertising Manufacturing

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

.” The Chinese researchers who discovered the vulnerabilities pointed out that CODESYS V2 Runtime is used by many manufacturers, and most of these manufacturers still use outdated versions. The vulnerabilities affect a large number of manufacturers using a version of CODESYS V2 Runtime older than V2.4.7.57.

Software

Software Manufacturing Firmware Risk

Experts found undocumented access feature in Siemens SIMATIC PLCs

Security Affairs

NOVEMBER 17, 2019

The Siemens S7 is considered one of the most secure controllers in the industry, it is used in power plants, traffic lights, water pumps, building control, production lines, aviation systems, and many other critical infrastructures. . ” reads a security advisory published by Siemens.

Firmware

Firmware Advertising Manufacturing Risk

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

CIOs and security managers could also use the list to assess the efficiency of their program to secure hardware within in their organizations. . “Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. ” reads the announcement.

Firmware

Firmware Manufacturing Education Engineering

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. .

Hacking

Hacking Internet Internet Passwords

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., ransomware and phishing scams).

Ransomware

Ransomware Passwords Backups Firmware

Android devices shipped with backdoored firmware as part of the BADBOX network

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Trending Sources

Lenovo warns of flaws that can be used to bypass security features

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

ESET warns of three flaws that affect over 100 Lenovo notebook models

Chipmaker Qualcomm warns of three actively exploited zero-days

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

NSA publishes guidance on UEFI Secure Boot customization

BadPower attack could burn your device through fast charging

3.5m IP cameras exposed, with US in the lead

NI CompactRIO controller flaw could allow disrupting production

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

HID Mercury Access Controller flaws could allow to unlock Doors

xHelper, the Unkillable Android malware that re-Installs after factory reset

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

MSI confirms security breach after Money Message ransomware attack

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

AMD is going to patch UEFI SMM callout privilege escalation flaw

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

How to implant a malware in hidden area of SSDs with Flex Capacity feature

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

An RCE in Annke video surveillance product allows hacking the device

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Hacking IoT & RF Devices with BürtleinaBoard

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Hackers target zero-day flaws in enterprise Draytek network devices

Realtek SDK flaws exploited to deliver Mirai bot variant

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

China-linked APT likely linked to Fortinet zero-day attacks

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

An educational robot security research

QSnatch malware infected over 62,000 QNAP NAS Devices

Two critical flaws affect CODESYS ICS Automation Software

Experts found undocumented access feature in Siemens SIMATIC PLCs

Ranzy Locker ransomware hit tens of US companies in 2021

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

FBI warns of ransomware attacks targeting the food and agriculture sector

Stay Connected