Security Affairs

NOVEMBER 6, 2024

Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest.

Firmware 126

Firmware Manufacturing Hacking Media 126

Penetration Testing

SEPTEMBER 30, 2024

These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware 117

Firmware Technology Cybersecurity 117

Penetration Testing

JULY 11, 2024

A security vulnerability, identified as CVE-2024-39202, has been discovered in the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router, posing a significant risk to users.

Firmware 117

Firmware Wireless Risk Cybersecurity 117

Penetration Testing

DECEMBER 17, 2024

These vulnerabilities, tracked under five separate CVEs, pose significant risks,... The post Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates appeared first on Cybersecurity News.

Firmware 62

Firmware Risk Cybersecurity 62

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. reads the advisory published by ESET.

Firmware 108

Firmware Manufacturing Malware Authentication 108

Penetration Testing

AUGUST 21, 2024

A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version (DUT-Wi-FiTestSuite-9.0.0).

Firmware 123

Firmware Cybersecurity 123

Security Affairs

DECEMBER 30, 2024

Cybersecurity firm VulnCheck warns that a high-severity flaw, tracked as CVE-2024-12856 (CVSS score: 7.2), in Four-Faith routers is actively exploited in the wild. “At least firmware version 2.0 “At least firmware version 2.0 ” continues the cybersecurity firm. ” reads the advisory.

Firmware 66

Firmware Authentication Hacking Cybersecurity 66

SecureWorld News

JUNE 18, 2025

Those of us in the cybersecurity space know that this connectivity creates an attack surface that traditional power infrastructure didn't have to consider. Use boot verification and firmware integrity checks to detect unauthorized modifications. Yes, you read that right. Real-world attack scenarios The threats aren't theoretical.

Firmware 106

Firmware Manufacturing IoT Mobile 106

Security Boulevard

JANUARY 18, 2024

Cybersecurity risks increase every year and bludgeon victims who fail to prepare properly. Cybersecurity predictions offer a glimpse at the dangerous oncoming traffic and help leaders develop strategies to navigate their journey safely. Those in cybersecurity who fail to look ahead will be crushed by what they don’t see coming.

Risk 115

Risk Cybersecurity CISO Technology 115

Security Affairs

FEBRUARY 12, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel deviceflaws to its Known Exploited Vulnerabilities catalog. VulnCheck disclosed the Zyxel CPE Telnet command injection flaw CVE-2024-40891 on August 1, 2024, but the vendor has yet to publish an advisory. reads the advisory published by GreyNoise.

Authentication 73

Authentication Firmware Cybersecurity Hacking 73

Security Affairs

MAY 2, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! CVE-2024-38475 (CVSS score: 9.8) SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv

Firmware 71

Firmware Authentication VPN Mobile 71

Security Affairs

FEBRUARY 18, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Firewall 66

Firewall Firmware Authentication VPN 66

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Ransomware 121

The Hacker News

JUNE 20, 2024

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors.

Firmware 138

Firmware Mobile Cybersecurity 138

Malwarebytes

JUNE 13, 2024

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware. Firmware is the code or program which is embedded into hardware devices. For these Google devices, security patch levels of 2024-06-05 or later address this issue.

Firmware 143

Firmware Spyware Mobile Software 143

Penetration Testing

JUNE 16, 2024

Taiwan’s CERT has issued a critical security alert regarding a severe vulnerability (CVE-2024-3912) found in multiple ASUS router models. The flaw, discovered by security researcher Carlos Köpke, allows remote attackers to execute commands on... The post Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8)

Cybersecurity 130

Cybersecurity Firmware 130

Penetration Testing

AUGUST 10, 2024

The vulnerabilities, tracked under CVE-2024-39225 through CVE-2024-39229 and CVE-2024-3661, expose users to severe... The post GL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates Required appeared first on Cybersecurity News.

Firmware 70

Firmware Cybersecurity 70

Penetration Testing

JUNE 16, 2024

ASUS has released an urgent firmware update to address a critical security vulnerability affecting seven of its router models. The flaw, tracked as CVE-2024-3080 with a CVSS v3.1 allows unauthenticated remote... The post ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8)

Firmware 95

Firmware Cybersecurity 95

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. ” The vendor addressed these vulnerabilities with the release of firmware version 5.39 ” reads the advisory published by the vendor.

Firewall 76

Firewall Ransomware VPN Firmware 76

Penetration Testing

OCTOBER 17, 2024

Cisco has recently disclosed a series of high-severity vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter firmware, including both on-premises and multiplatform variants. These vulnerabilities present a significant... The post Cisco ATA 190 Series Analog Telephone Adapter Firmware Flaws Exposed: Patch Now!

Firmware 85

Firmware Cybersecurity 85

Penetration Testing

MARCH 12, 2025

AMI, a leading provider of BIOS and BMC firmware, has announced security advisories addressing multiple vulnerabilities affecting its The post CVE-2024-54085: AMI SPx Vulnerability Scores Critical CVSS 10 appeared first on Cybersecurity News.

Firmware 76

Firmware Cybersecurity 76

Security Affairs

FEBRUARY 28, 2025

In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Researchers at the Chinese cybersecurity firm QiAnXin (QAX) recently discovered 89 new malware samples.

Antivirus 66

Antivirus Firmware Encryption Manufacturing 66

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

Penetration Testing

NOVEMBER 26, 2024

NVIDIA has recently released a firmware update to address a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products.

Firmware 76

Firmware Cybersecurity 76

Security Affairs

JUNE 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-26169 is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges.

Firmware 132

Firmware Authentication Hacking Risk 132

Penetration Testing

JUNE 12, 2025

Related Posts: 160GB of confidential data leaked, PC giant Acer confirms its servers were hacked High vulnerability affects Acer UEFI firmware Android system is also affected by Linux kernel Dirty Pipe flaw, Google is fixing it Rate this post Found this helpful? Support independent cybersecurity journalism. Every contribution matters.

Penetration Testing 67

Penetration Testing Advertising Firmware DDOS 67

Penetration Testing

DECEMBER 3, 2024

Zyxel Networks has released firmware updates to address multiple vulnerabilities affecting a range of its networking products, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, fiber ONTs, and WiFi extenders. The... The post Protect Your Network: Zyxel Issues Firmware Updates appeared first on Cybersecurity News.

Firmware 67

Firmware Cybersecurity 67

Security Boulevard

JULY 3, 2024

Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed “UEFIcanhazbufferoverflow.”

Firmware 105

Firmware Mobile Cybersecurity 105

Penetration Testing

SEPTEMBER 2, 2024

Zyxel, a prominent networking equipment manufacturer, has issued a security advisory urging users to promptly update their firmware to address a critical vulnerability affecting a range of their access points... The post CVE-2024-7261 (CVSS 9.8): Zyxel Patches Critical Vulnerability in Wi-Fi Devices appeared first on Cybersecurity News. (..)

Firmware 76

Firmware Manufacturing Cybersecurity 76

Security Boulevard

JANUARY 20, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 welivesecurity (ESET) CVE-2024-7344. Malware campaigns covered generally target/affect the end user.

Surveillance 97

Surveillance Malware Data breaches Phishing 97

Security Boulevard

JUNE 24, 2024

Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Identified as CVE-2024-32896, this high-severity issue involves an elevation of privilege, potentially allowing attackers to gain unauthorized access on affected devices.

Firmware 59

Firmware Cybersecurity 59

Penetration Testing

DECEMBER 9, 2024

OpenWrt, a popular open-source operating system for embedded devices, has disclosed a critical vulnerability (CVE-2024-54143) that could allow attackers to compromise the integrity of firmware updates delivered through its Attended... The post CVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade Server Allows for (..)

Firmware 48

Firmware Cybersecurity 48

Penetration Testing

MARCH 18, 2025

In a recent security advisory, the Cybersecurity and Infrastructure Security Agency (CISA) revealed multiple critical vulnerabilities impacting Sungrows The post Critical Vulnerabilities Found in Sungrow iSolarCloud App and WiNet Firmware appeared first on Cybersecurity News.

Firmware 67

Firmware Cybersecurity 67

Security Affairs

NOVEMBER 27, 2024

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. ” reads the advisory published by ESET.

Firmware 64

Firmware Authentication Malware Hacking 64

Penetration Testing

JULY 14, 2024

Supermicro Computer, a leading provider of server and motherboard solutions, has disclosed a critical security vulnerability (CVE-2024-36435) that could expose a wide range of its products to remote code execution attacks.

Cybersecurity 93

Cybersecurity Firmware 93

Security Affairs

SEPTEMBER 4, 2024

The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) “D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44341) via the lan(0)_dhcps_staticlist parameter. are two OS command injection issues. ” reads the advisory. 0)_ssid parameter.”

Firmware 124

Firmware IoT Authentication Hacking 124