SecureList

JULY 19, 2023

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 Some samples submitted to VirusTotal in the past were later found to exploit CVE-2023-23397; others were published after the vulnerability was publicly disclosed.

Firmware 98

Firmware Internet Internet Government 98

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS 98

DDOS Firmware Firewall VPN 98

Security Boulevard

SEPTEMBER 1, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition appeared first on Security Boulevard.

Firmware 45

Firmware Architecture CISO Education 45

The Last Watchdog

JUNE 27, 2023

June 27, 2023 – The industry is vying for ever-increasing gigabyte capacities. The models of the EM-30 and S-56(u) series, which are available as an embedded component in the form of an e.MMC or as flexible, interchangeable SD memory cards, offer maximum reliability due to proven firmware architecture. Westford, Mass.,

IoT 184

IoT Manufacturing Media Technology 184

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

Security Affairs

APRIL 25, 2023

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451 ) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8)

DDOS 98

DDOS Engineering Firmware Architecture 98

Malwarebytes

JUNE 21, 2023

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-02. Zyxel warned its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.

Internet 98

Internet Internet Firmware Cyber Risk 98

Pen Test Partners

AUGUST 4, 2024

TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. You’re stuck disassembling yet another firmware blob stripped of symbols and lacking any handy reference strings. introduced BSim, the NSA’s 2023 Christmas gift to the reverse engineering community. Background Oh no!

Firmware 80

Firmware Architecture Engineering Accountability 80

eSecurity Planet

APRIL 28, 2023

Third-party vendor systems include Operating Systems (OS), firmware (software installed on hardware), and applications. but also applies to firmware that controls equipment such as hard drives, network routers, and security cameras. The most common patch requirements will be for endpoint operating systems (macOS, Windows, etc.)

Penetration Testing 109

Penetration Testing IoT Firmware Software 109

Kali Linux

DECEMBER 4, 2023

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. For the time being, the image is for ARM64 architecture, hopefully additional flavors will come later. 1kali1 (2023-10-09) ┌──(kali㉿kali)-[~] └─$ uname -r 6.5.0-kali3-amd64 Get Kali Linux 2023.4

Architecture 145

Architecture Passwords Firmware Software 145

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking 141

Hacking Energy and Utilities Malware Media 141

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile. As of 2023, it is trading at around $150.

Malware 145

Malware DNS Encryption Cryptocurrency 145

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Ransomware 121

Security Boulevard

SEPTEMBER 20, 2024

1 - CISA: Critical infrastructure orgs susceptible to common attacks After assessing the security of 143 critical infrastructure organizations in 2023, the U.S. To get more details, read the 24-page “ CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments ” report and complementary charts.

Cybersecurity 97

Cybersecurity IoT Hacking Risk 97

eSecurity Planet

MAY 12, 2023

Similarly, the IT Department needs to evaluate the current environment, the current IT architecture, and the nature of the vulnerability to determine the likelihood of exploitation, which should also be evaluated on a scale from 1 (low likelihood) to 10 (high likelihood). Policy Version Version 1.0 Appendix I.

Penetration Testing 109

Penetration Testing Risk Firmware Software 109

Security Affairs

MAY 19, 2023

The network of compromised devices was discovered by Trend Micro which shared details of its investigation at the Black Hat Asia 2023 conference in May. The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities.

Mobile 98

Mobile Advertising Malware Cybercrime 98

Security Boulevard

JANUARY 11, 2024

IoT malware makes presence known in 2023 Based on data from the world’s largest inline security cloud, the recently released ThreatLabz Enterprise IoT and OT Threat Report revealed a 400% year-over-year increase in IoT malware attacks across various industries.

IoT 75

IoT Malware Education Government 75

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. amd64 NOTE: The output of uname -r may be different depending on the system architecture. But, wait, 32 mirrors ??? Where do all those mirrors come from? That was intriguing.

Software 144

Software Firmware VPN Internet 144

LRQA Nettitude Labs

AUGUST 30, 2023

Tavis Ormandy reported this vulnerability to AMD on 15 May 2023 and it was assigned CVE-2023-20593. AGESA firmware updates are scheduled for release in October and December 2023, which should contain new microcode for those products.

Firmware 52

Firmware Architecture Accountability Backups 52

eSecurity Planet

MARCH 30, 2023

Additionally, FortiNAC can enforce company policies on device patching and firmware version. This article was originally written by Drew Robb on May 7, 2019, and updated by Chad Kime on March 31, 2023. FortiNAC is integrated with FortiGate and other Fortinet products.

IoT 98

IoT Firewall Wireless Mobile 98

Kali Linux

DECEMBER 5, 2022

Wireless firmware has been updated, and Magisk firmware flashing is now patched. Radxa Zero images created from the build-scripts should now have firmware to support the wireless card on newer models (1.51+). Pinebook Pro images have firmware to support the new wireless card on more recent models.

Firmware 52

Firmware Wireless Mobile Media 52

Kali Linux

MARCH 12, 2023

Kali is not only Offense, but starting to be defense Python Changes - Python 3.11 & PIP changes going forward 2023 Theme - Our once a year theme update! 2023 Theme Refresh Since Kali 2021.2 , all our first year releases (20xx.1) In Debian 12 , they have included a non-free-firmware component. What is in Kali Purple?

Firmware 52

Firmware Architecture Engineering Technology 52

Kali Linux

AUGUST 22, 2023

Internal Infrastructure With the release of Debian 12 which came out this summer, we took this opportunity to re-work, re-design, and re-architecture our infrastructure. Build-Logs - Output of our images/platform as well as packages being created on each supported architecture. 1kali1 (2023-06-29) ┌──(kali㉿kali)-[~] └─$ uname -r 6.3.0-kali1-amd64

Architecture 52

Architecture Firmware Firewall Software 52

Kali Linux

MAY 29, 2023

Plus, we are now including additional firmware on all ARM images. Kali Team Discord Chat Session The next Kali Discord session will happen a week after the release, Wednesday, 7th June 2023 16:00 -> 17:00 UTC/+0 GMT. 1kali1 (2023-05-12) ┌──(kali㉿kali)-[~] └─$ uname -r 6.1.0-kali9-amd64 The version of u-boot has been bumped.

Firmware 52

Firmware Phishing Architecture Authentication 52

eSecurity Planet

DECEMBER 7, 2023

Still, research remains in early stages, so initial standards remain in draft form and a full mitigation architecture for federal agencies isn’t expected until the 2030s. This feature can be included in firmware, in operating systems, or as a feature in open-source, shareware, or commercial applications.

Encryption 109

Encryption Authentication Passwords Password Management 109

ForAllSecure

FEBRUARY 22, 2023

There's the you know, these little ESP chips that have like, all in one Wi Fi and a little Linux or a little you know that OS that's just trivial and you download the firmware, you tweak a few things and you've got blinky lights, the magic can talk to other things and like do all sorts of cool stuff. Everybody's building their own badges.

Engineering 40

Engineering Hacking Marketing Wireless 40