2023, Architecture, Firmware and Risk - Cyber Security Informer

BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition

Security Boulevard

SEPTEMBER 1, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition appeared first on Security Boulevard.

Firmware

Firmware Architecture CISO Education

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

On June 11, Fortinet released a half-dozen security updates for its FortiOS firmware, including a weakness that researchers said allows an attacker to run malware on virtually any Fortinet SSL VPN appliance. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk

Risk VPN Internet Internet

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. Here are five specific trends for 2023 that you need to be aware of: The business of cybercrime will be further professionalized. About Netwrix . Netwrix makes data security easy.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Firmware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS

DDOS Firmware VPN Firewall

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

JULY 19, 2023

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 So, the logical assumption should be: “The WebDAV protocol is not at risk of leaking credentials via this exploit technique TO ANY NETWORK EXTERNAL ENTITY” What about the local exploitability of WebDAV?

Firmware

Firmware Internet Internet Government

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

Reducing your attack surface is more effective than playing patch-a-mole

Malwarebytes

JUNE 21, 2023

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-02. Zyxel warned its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.

Internet

Internet Internet Firmware Cyber Risk

Securing Public Sector Against IoT Malware in 2024

Security Boulevard

JANUARY 11, 2024

However, as IoT innovation and adoption grows, so do the associated security risks. In this blog post, we’ll explore the potential impact of IoT malware on the public sector — a story of innovation, risk, and the need for resilience. The directive aims to enhance the overall security posture of the U.S.

IoT

IoT Malware Education Government

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Patch Management vs Vulnerability Management: What’s the Difference?

eSecurity Planet

APRIL 28, 2023

Third-party vendor systems include Operating Systems (OS), firmware (software installed on hardware), and applications. but also applies to firmware that controls equipment such as hard drives, network routers, and security cameras. Many vulnerabilities, such as legacy tech, cannot be fixed using patches.

Penetration Testing

Penetration Testing IoT Firmware Software

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

This vulnerability management policy defines the requirements for the [eSecurity Planet] IT and security teams to protect company resources from unacceptable risk from unknown and known vulnerabilities. Broader is always better to control risks, but can be more costly.] Vulnerability Management Policy & Procedure A.

Penetration Testing

Penetration Testing Risk Firmware Software

Zenbleed – AMD Side-Channel Attack Targets Vectorised Functions

LRQA Nettitude Labs

AUGUST 30, 2023

Tavis Ormandy reported this vulnerability to AMD on 15 May 2023 and it was assigned CVE-2023-20593. AGESA firmware updates are scheduled for release in October and December 2023, which should contain new microcode for those products.

Firmware

Firmware Architecture Accountability Backups

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking

Hacking Energy and Utilities Media Malware

FortiNAC: Network Access Control (NAC) Product Review

eSecurity Planet

MARCH 30, 2023

Additionally, FortiNAC can enforce company policies on device patching and firmware version. This article was originally written by Drew Robb on May 7, 2019, and updated by Chad Kime on March 31, 2023. FortiNAC is integrated with FortiGate and other Fortinet products.

IoT

IoT Firewall Wireless Mobile

Kali Linux 2023.1 Release (Kali Purple & Python Changes)

Kali Linux

MARCH 12, 2023

Kali is not only Offense, but starting to be defense Python Changes - Python 3.11 & PIP changes going forward 2023 Theme - Our once a year theme update! You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages. In Debian 12 , they have included a non-free-firmware component.

Firmware

Firmware Architecture Engineering Technology

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Still, research remains in early stages, so initial standards remain in draft form and a full mitigation architecture for federal agencies isn’t expected until the 2030s. This feature can be included in firmware, in operating systems, or as a feature in open-source, shareware, or commercial applications.

Encryption

Encryption Authentication Passwords Password Management

Cyber Security Informer

BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition

CISA Order Highlights Persistent Risk at Network Edge

Webinars

Trending Sources

Five Cybersecurity Trends that Will Affect Organizations in 2023

Webinars

Multiple DDoS botnets were observed targeting Zyxel devices

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Reducing your attack surface is more effective than playing patch-a-mole

Securing Public Sector Against IoT Malware in 2024

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Patch Management vs Vulnerability Management: What’s the Difference?

Vulnerability Management Policy Template

Zenbleed – AMD Side-Channel Attack Targets Vectorised Functions

Advanced threat predictions for 2024

FortiNAC: Network Access Control (NAC) Product Review

Kali Linux 2023.1 Release (Kali Purple & Python Changes)

Types of Encryption, Methods & Use Cases

Stay Connected