Security Affairs

DECEMBER 9, 2023

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.”

Firmware 112

Firmware Mobile Software Hacking 112

Security Affairs

JULY 15, 2021

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. x firmware in an imminent ransomware campaign using stolen credentials.” x firmware, continued use may result in ransomware exploitation.” x firmware versions.

Firmware 109

Firmware Ransomware Passwords Mobile 109

Security Affairs

JULY 18, 2021

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”.

Ransomware 114

Ransomware Firmware Mobile InfoSec 114

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification.

Malware 96

Malware Wireless Firmware Mobile 96

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 116

Firmware Wireless Passwords Internet 116

Security Affairs

MAY 13, 2022

SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products.

Firmware 80

Firmware Mobile Risk Hacking 80

Security Affairs

NOVEMBER 1, 2021

In this attack, a black-box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine. ” explained Vladimir Kononovich, Senior Specialist of ICS Security at Positive Technologies. Both issues received a CVSSv3.0 score of 6.8.

Hacking 114

Hacking Firmware Encryption Manufacturing 114

Security Affairs

APRIL 5, 2020

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. “we first identified 114,797 mobile apps that contain equivalence checking. “we first identified 114,797 mobile apps that contain equivalence checking. ” continues the paper.

Mobile 115

Mobile Passwords Advertising Firmware 115

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. The flaw could be exploited by an attacker to remotely execute code taking over the device. ” states the advisory.

Firmware 99

Firmware Authentication Mobile IoT 99

Security Affairs

SEPTEMBER 24, 2021

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware 84

Firmware Mobile Hacking Information Security 84

Security Affairs

APRIL 7, 2020

The researchers also provided information on how to remove xHelper from an infected device. The malware is distributed as a popular cleaner and speed optimization app for mobile devices, most of the infections reported by Kaspersky are in Russia (80.56%), India (3.43%), and Algeria (2.43%). ” continues Kaspersky.

Malware 121

Malware Firmware Manufacturing Mobile 121

Security Affairs

DECEMBER 13, 2021

A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Pierluigi Paganini.

Wireless 103

Wireless Firmware Mobile Passwords 103

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.”

Firmware 108

Firmware Manufacturing Advertising Hacking 108

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

Security Affairs

DECEMBER 17, 2023

The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. The vulnerability affects VioStor NVR Versions 5.0.0

Firmware 112

Firmware Wireless DDOS IoT 112

Krebs on Security

MAY 22, 2023

A residential proxy generally refers to a computer or mobile device running some type of software that enables the system to be used as a pass-through for Internet traffic from others. Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app.

Scams 249

Scams DDOS Cryptocurrency Accountability 249

Security Affairs

FEBRUARY 4, 2021

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) 29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances.

Firmware 98

Firmware Mobile Media Internet 98

Security Affairs

JUNE 12, 2022

Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. ” reads the post published by Trellix.

Firmware 87

Firmware Penetration Testing Manufacturing Authentication 87

Security Affairs

JULY 16, 2022

The post Security Affairs newsletter Round 374 by Pierluigi Paganini appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Firmware 95

Firmware Ransomware DDOS Cryptocurrency 95

SecureList

FEBRUARY 27, 2024

The parent application must be installed on the parent’s mobile device in order to accomplish this. From a security researcher’s perspective, this application is particularly interesting because it allows calling to the robot, and monitoring the child’s activities and learning progress. The ADB service is disabled.

Education 96

Education Manufacturing Firmware Internet 96

Security Affairs

JUNE 25, 2020

trillion), LG comprises four business units: Home Entertainment, Mobile Communications, Home Appliances & Air Solutions, and Vehicle Components employing a total of 83,000 people. LG Electronics is part of the fourth-largest chaebol (large family-owned business conglomerate) in South Korea (LG Corporation). ” continues Cyble.

Computers and Electronics 101

Computers and Electronics Ransomware Mobile Telecommunications 101

Security Affairs

MARCH 18, 2022

In fact, Ericsson Network Manager is an Operations support system (‘OSS’ according to network jargon) , which allows the management of all the devices interconnected to it, ensuring the management of configurations, firmware updates and all automation and maintenance operations of an advanced mobile radio network.

Mobile 101

Mobile Firmware Architecture Technology 101

Security Affairs

FEBRUARY 6, 2020

Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking 117

Hacking IoT Wireless Firmware 117

Security Affairs

MAY 19, 2023

Infected devices were used for multiple malicious activities, including traffic redirections through mobile proxies, info-stealing, click fraud, and social media and online messaging accounts and monetization via advertisements. Threat actors compromised third-party software or the installation of malware-laced firmware.

Mobile 87

Mobile Advertising Malware Cybercrime 87

Security Affairs

JANUARY 2, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber stories of 2021 PulseTV discloses potential credit card breach The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched How to implant a malware in hidden (..)

Banking 91

Banking Firmware Malware Ransomware 91

Security Affairs

JULY 5, 2019

Experts discovered a malicious app on Google Play, named Updates for Samsung , that was downloaded by over ten million users that poses as firmware updates. Over ten million users have installed a fake Samsung app named “ Updates for Samsung ” that poses as firmware updates. com via HTTPS. ” concludes the expert.

Scams 68

Scams Firmware Advertising Software 68

Krebs on Security

JULY 25, 2023

And a great many of these “proxy” networks are marketed primarily to cybercriminals seeking to anonymize their traffic by routing it through an infected PC, router or mobile device. The contact information on Crismaru’s LinkedIn page says his company websites include myiptest[.]com, WHO’S BEHIND SOCKSESCORT?

Malware 209

Malware VPN Internet Internet 209

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches 80

Data breaches Cybercrime Firewall Artificial Intelligence 80

Security Affairs

JULY 1, 2020

Netgear published the list of impacted products, it includes routers, mobile routers, modems, gateways and extenders. Some of the products have reached end of life (EOL), this means that the vendor will not release security updates the fix for these flaws. . The researchers earned a total of $25,000 for reporting them.

Authentication 129

Authentication Firmware Hacking Mobile 129

Security Affairs

APRIL 24, 2022

Every week the best security articles from Security Affairs free for you in your email box. T-Mobile confirms Lapsus$ had access its systems Are you using Java 15/16/17 or 18 in production? If you want to also receive for free the newsletter with the international press subscribe here. Patch them now!

Cyber Insurance 76

Cyber Insurance Spyware Firmware Insurance 76

Security Affairs

JUNE 15, 2021

With active growth of consumers using mobile devices bad actors are using such tactics more often, spoofing the victim’s device on mobile allows them to gain access to compromised accounts. MASQ provides integrated Cookie Editor allowing to import it from the file and to edit it using visual editor.

Mobile 120

Mobile Authentication Accountability Cyber threats 120

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking 45

Hacking Firmware Advertising DDOS 45

Security Affairs

FEBRUARY 1, 2021

On January, 29 SonicWall announced it is still investigating the presence of a zero-day vulnerability in the Secure Mobile Access (SMA) gateways. . We have also tested the shared PoC code and have so far concluded that it is not effective against firmware released after the 2015 patch.” ” continues the update.

Firmware 103

Firmware Media Mobile Internet 103

Security Affairs

JUNE 7, 2023

At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. The flaw made headlines because it was exploited by surveillance firms for their spyware. CVE-2022-22706 , a vulnerability in Mali GPU Kernel Driver fixed by ARM in January 2022 and marked as being used in the wild.

Spyware 85

Spyware Surveillance Firmware Hacking 85

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4%

Cyber Attacks 53

Cyber Attacks Firmware Malware VPN 53

Security Affairs

FEBRUARY 15, 2020

The protocol Bluetooth Low Energy (BLE) was released in 2010 and it is designed to implement a new generation of services for mobile applications. The issue initially causes denial of service ( DoS ), but “attackers could reverse engineer products firmware to possibly leverage remote execution,” the researchers say.

IoT 109

IoT Firmware Advertising Hacking 109

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips.

Hacking 66

Hacking Firmware Advertising Mobile 66