Firmware, Information Security and Mobile

Samsung zero-day flaw actively exploited in the wild

Security Affairs

OCTOBER 22, 2024

A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices. Then the exploit code uses a specific firmware command to copy data, potentially overwriting a page middle directory (PMD) entry in a page table.

Firmware

Firmware Mobile Spyware Media

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware

Firmware Mobile Technology Hacking

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework. 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

SonicWall releases second firmware updates for SMA 100 vulnerability

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. ” reads the security advisory. reads the advisory.

Firmware

Firmware Mobile Hacking Information Security

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile

Mobile Malware Firmware Manufacturing

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

.” reads the report published by the researchers “Exploitation of this hidden functionality would allow hostile actors to conduct impersonation attacks andpermanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment bybypassing code audit controls.”

Manufacturing

Manufacturing IoT Firmware Mobile

Two SonicWall SMA100 flaws actively exploited in the wild

Security Affairs

MAY 1, 2025

SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances. SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475 , in its SMA100 Secure Mobile Access appliances.

Firmware

Firmware Mobile VPN Authentication

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. According to a US CISA advisory, the successful exploitation of these flaws could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information.

Mobile

Mobile Hacking Firmware Surveillance

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

Security Affairs

JANUARY 24, 2025

SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. The malware was well tailored to the system to provide stability and maintain persistence, even in the case of installation of firmware upgrades.

Firmware

Firmware Malware Authentication Mobile

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”.

Ransomware

Ransomware Firmware Mobile InfoSec

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs

JANUARY 25, 2022

Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038 , in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December.

Mobile

Mobile Passwords Firmware Firewall

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 2, 2025

During further analysis, SonicWall and trusted security partners identified an additional exploitation technique using CVE-2024-38475, through which unauthorized access to certain files could enable session hijacking. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv CVE-2024-38475 (CVSS score: 9.8) and earlier.

Firmware

Firmware Authentication VPN Mobile

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Security Affairs

AUGUST 23, 2022

It allows a remote or local client to connect and operate in the “mysh” console application, which must first be installed on the device or initially present in its firmware. To avoid the risk of becoming a victim of such malware attacks, experts recommend to purchase mobile devices only from official stores and legitimate distributors.

Mobile

Mobile Firmware Malware Wireless

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. x firmware in an imminent ransomware campaign using stolen credentials.” x firmware, continued use may result in ransomware exploitation.” x firmware versions.

Firmware

Firmware Ransomware Passwords Mobile

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. “we first identified 114,797 mobile apps that contain equivalence checking. “we first identified 114,797 mobile apps that contain equivalence checking. ” continues the paper.

Mobile

Mobile Passwords Advertising Firmware

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. The flaw could be exploited by an attacker to remotely execute code taking over the device. ” states the advisory.

Firmware

Firmware Authentication Mobile IoT

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

The researchers also provided information on how to remove xHelper from an infected device. The malware is distributed as a popular cleaner and speed optimization app for mobile devices, most of the infections reported by Kaspersky are in Russia (80.56%), India (3.43%), and Algeria (2.43%). ” continues Kaspersky.

Malware

Malware Firmware Manufacturing Advertising

Google Pixel 9 supports new security features to mitigate baseband attacks

Security Affairs

OCTOBER 6, 2024

In the past, researchers documented multiple attacks relying on false base stations to target mobile devices. Baseband firmware can be affected by vulnerabilities, making it a significant attack vector. Threat actors can remotely carry out these kinds of attacks through protocols like IMS. ” reads Google’s announcement.

Firmware

Firmware Mobile Spyware Software

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed Android app called “Showcase.apk,” which runs with excessive system privileges, allowing it to remotely execute code and install remote package. ” reads the report. Google is also notifying other Android OEMs.

Hacking

Hacking Firmware Mobile Penetration Testing

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

Security Affairs

DECEMBER 9, 2023

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.”

Firmware

Firmware Mobile Software Hacking

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware

Firmware Wireless Passwords Internet

Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

Security Affairs

JULY 10, 2023

Resecurity identified the emergence of adversarial mobile Android-based Antidetect Tooling for Mobile OS-Based Fraud. Resecurity has identified the emergence of adversarial mobile Android-based tools (called “mobile anti-detects”), like Enclave and McFly, as a new frontier in fraud tradecraft evolution.

Mobile

Mobile Banking Firmware Software

CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

Security Affairs

SEPTEMBER 24, 2021

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware

Firmware Mobile Hacking Information Security

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.”

Firmware

Firmware Manufacturing Advertising Hacking

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

In this attack, a black-box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine. ” explained Vladimir Kononovich, Senior Specialist of ICS Security at Positive Technologies. Both issues received a CVSSv3.0 score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

Google fixed actively exploited Android flaw CVE-2024-32896

Security Affairs

SEPTEMBER 4, 2024

In June 2024, Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. As usual, the IT giant did not provide technical information about attacks exploiting the above issue. ” reads the Bulletin for September 2024.

Firmware

Firmware Mobile Hacking Information Security

SonicWall urges customers to fix SMA 1000 vulnerabilities

Security Affairs

MAY 13, 2022

SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products.

Firmware

Firmware Mobile Risk Hacking

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking

Hacking IoT Wireless Firmware

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification.

Malware

Malware Wireless Firmware Mobile

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Pierluigi Paganini.

Wireless

Wireless Firmware Mobile Passwords

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

“In correspondence with Evdokimov, staff at MFI Soft refused to believe that the company’s hardware was the source of the data leaks, and attributed them instead to the “corporate information security systems” operated by the telecoms’ clients.” ” continues Meduza. billion rubles ($154.5 billion rubles ($31.5

Surveillance

Surveillance Firmware Advertising Mobile

SonicWall released patch for actively exploited SMA 100 zero-day

Security Affairs

FEBRUARY 4, 2021

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) 29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances.

Firmware

Firmware Mobile Media Internet

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

trillion), LG comprises four business units: Home Entertainment, Mobile Communications, Home Appliances & Air Solutions, and Vehicle Components employing a total of 83,000 people. LG Electronics is part of the fourth-largest chaebol (large family-owned business conglomerate) in South Korea (LG Corporation). ” continues Cyble.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Google warns of an actively exploited Android kernel flaw

Security Affairs

AUGUST 6, 2024

. “The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed.” As usual, the IT giant did not provide technical information about attacks exploiting the above issue. reads the advisory.

Firmware

Firmware Spyware Hacking Technology

Decoding Security 127: We Got Conned

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business

Small Business Artificial Intelligence Firmware IoT

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. ” reads the post published by Trellix.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Netgear published the list of impacted products, it includes routers, mobile routers, modems, gateways and extenders. Some of the products have reached end of life (EOL), this means that the vendor will not release security updates the fix for these flaws. . The researchers earned a total of $25,000 for reporting them.

Authentication

Authentication Firmware Hacking Mobile

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. The vulnerability affects VioStor NVR Versions 5.0.0

Firmware

Firmware Wireless DDOS IoT

Security Affairs newsletter Round 374 by Pierluigi Paganini

Security Affairs

JULY 16, 2022

The post Security Affairs newsletter Round 374 by Pierluigi Paganini appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Firmware

Firmware Ransomware DDOS Cryptocurrency

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

And a great many of these “proxy” networks are marketed primarily to cybercriminals seeking to anonymize their traffic by routing it through an infected PC, router or mobile device. The contact information on Crismaru’s LinkedIn page says his company websites include myiptest[.]com, WHO’S BEHIND SOCKSESCORT?

Malware

Malware VPN Internet Internet

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Keep your firmware and software updated. For your most important accounts—such as those controlling your email account, your bank, and your mobile phone account—you should enable two-factor authentication. Keep all of your software and hardware religiously updated.

Risk

Risk Passwords Password Management Accountability

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager

Security Affairs

MARCH 18, 2022

In fact, Ericsson Network Manager is an Operations support system (‘OSS’ according to network jargon) , which allows the management of all the devices interconnected to it, ensuring the management of configurations, firmware updates and all automation and maintenance operations of an advanced mobile radio network.

Mobile

Mobile Firmware Architecture Technology

Security Affairs newsletter Round 347

Security Affairs

JANUARY 2, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber stories of 2021 PulseTV discloses potential credit card breach The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched How to implant a malware in hidden (..)

Banking

Banking Firmware Malware Ransomware

Samsung zero-day flaw actively exploited in the wild

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Trending Sources

Android devices shipped with backdoored firmware as part of the BADBOX network

New Triada Trojan comes preinstalled on Android devices

SonicWall releases second firmware updates for SMA 100 vulnerability

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Undocumented hidden feature found in Espressif ESP32 microchip

Two SonicWall SMA100 flaws actively exploited in the wild

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

HelloKitty ransomware gang targets vulnerable SonicWall devices

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Experts uncovered hidden behavior in thousands of Android Apps

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

xHelper, the Unkillable Android malware that re-Installs after factory reset

Google Pixel 9 supports new security features to mitigate baseband attacks

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

BadPower attack could burn your device through fast charging

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Google fixed actively exploited Android flaw CVE-2024-32896

SonicWall urges customers to fix SMA 1000 vulnerabilities

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Experts show how to run malware on chips of a turned-off iPhone

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Expert found Russia’s SORM surveillance equipment leaking user data

SonicWall released patch for actively exploited SMA 100 zero-day

Maze ransomware operators claim to have breached LG Electronics

Google warns of an actively exploited Android kernel flaw

Decoding Security 127: We Got Conned

HID Mercury Access Controller flaws could allow to unlock Doors

Netgear is releasing fixes for ten issues affecting 79 products

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs newsletter Round 374 by Pierluigi Paganini

Who and What is Behind the Malware Proxy Service SocksEscort?

10 Behaviors That Will Reduce Your Risk Online

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager

Security Affairs newsletter Round 347

Stay Connected