Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware 87

Firmware Authentication Advertising Hacking 87

Tech Republic Security

MARCH 22, 2021

The security key is built on open source hardware and firmware, making it a universal factor authentication device instead of a two-factor authentication device.

Firmware 117

Firmware Authentication Cybersecurity 117

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. This challenge has not escaped the global cybersecurity community. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up.

Digital transformation 214

Digital transformation Computers and Electronics Cybersecurity Encryption 214

The Hacker News

JUNE 30, 2021

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4)

Firmware 141

Firmware Authentication Network Security Cybersecurity 141

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 94

Firmware Authentication Software Hacking 94

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. To address this threat, organizations of all sizes while conducting a risk assessment need to take into account the vulnerabilities of all third-party software or firmware.

Cybersecurity 116

Cybersecurity Cybercrime Social Engineering Firmware 116

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” The remaining ones are authentication bypass and command injection flaws.

Hacking 96

Hacking Firmware Authentication DNS 96

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The flaws affected multiple products including the following smart switches, below is the list of the impacted devices and related firmware fixes: GC108P fixed in firmware version 1.0.8.2

Firmware 105

Firmware Authentication Passwords Hacking 105

CyberSecurity Insiders

NOVEMBER 23, 2021

This poses a huge cybersecurity risk to the population as a whole, and one that needs to be countenanced against the obvious benefits smart tech provides. Firstly, always keep software up to date – firmware included. Authentication is key – you need to be assured that only the right people are using your networks.

Cybersecurity 89

Cybersecurity IoT Wireless Risk 89

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware 87

Firmware Education Media Authentication 87

eSecurity Planet

APRIL 28, 2022

cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. The cybersecurity authorities urged organizations to immediately apply timely patches to their systems and implement a centralized patch management system in order to reduce their attack surface.

Cybersecurity 113

Cybersecurity Software Firmware Internet 113

Chicago CyberSecurity Training

JULY 1, 2023

Use Strong Passwords and Multi-Factor Authentication (MFA): One of the most important steps to securing your business is to use strong pass phrases for your accounts. Additionally, enable multi-factor authentication (MFA) when possible. Contact us today for a free cybersecurity risk assessment tailored to your business needs.

Cybersecurity 40

Cybersecurity Backups Social Engineering Passwords 40

Malwarebytes

FEBRUARY 16, 2023

Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company.

Firmware 98

Firmware Authentication Passwords Internet 98

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 143

Firmware Architecture Malware Hacking 143

eSecurity Planet

APRIL 14, 2023

But depending on what code and data the hackers got access to, the worst-case scenario is that cyber criminals could create malicious firmware — and signed certificates to vouch for its authenticity. As one Slashdot commenter put it , “Everyone should assume that firmware on WD drives cannot be trusted at this point.”

Cyber Attacks 127

Cyber Attacks Firmware Marketing Authentication 127

eSecurity Planet

JANUARY 16, 2024

Potential results of the exploits include authentication bypass and command injection. The problem: The United States Cybersecurity and Infrastructure Security Agency (CISA) has announced a vulnerability in Microsoft SharePoint that allows a threat actor to escalate their privileges on the network. Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

SecureWorld News

NOVEMBER 2, 2023

In the ever-evolving landscape of cybersecurity threats, the discovery of serious vulnerabilities can send shockwaves through the digital world. Exploiting this flaw allows threat actors to hijack legitimate user sessions, bypassing authentication protocols such as passwords and multi-factor authentication.

Authentication 85

Authentication Data breaches Passwords Firmware 85

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 142

IoT Firmware Authentication Wireless 142

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware 88

Firmware Penetration Testing Manufacturing Authentication 88

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware 109

Firmware Ransomware Passwords Mobile 109

CyberSecurity Insiders

AUGUST 13, 2021

According to a research carried out by Maryland based Cybersecurity firm Tenable, hackers are targeting millions of home routers to add them to the Mirai botnet radar that is used to launch DDoS Cyber attack campaigns. The post Millions of home routers on Mirai Botnet Radar appeared first on Cybersecurity Insiders.

Firmware 136

Firmware DDOS Malware Manufacturing 136

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 117

Firmware Wireless Passwords Internet 117

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 The researchers discovered that the issue resides in the CGI program. /httpd/cgi-bin/authLogout.cgi.

Firmware 120

Firmware Advertising Malware Internet 120

eSecurity Planet

MAY 18, 2023

“Cisco has not and will not release firmware updates to address the vulnerabilities described in the advisory for these devices,” the company stated. The researchers say the implant’s firmware-agnostic design could allow it to be integrated into other brands of routers as well. They also noted that while the U.S.

Small Business 104

Small Business Firmware Ransomware Software 104

Security Affairs

AUGUST 27, 2021

Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The experts performed reverse engineering of the firmware to fully unrestricted SSH access. – Source Nozomi.

Surveillance 100

Surveillance Hacking Firmware Manufacturing 100

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. The two vulnerabilities, tracked as CVE-2018-9099 and CVE-2018-9100 , resides in the firmware of the CMD-V5 dispenser and RM3/CRS dispenser respectively.

Hacking 115

Hacking Firmware Encryption Manufacturing 115

Malwarebytes

MARCH 29, 2022

On March 17, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) published an al e rt in conjunction with the Federal Bureau of Investigation (FBI) which warned of possible threats to US and international satellite communication (SATCOM) networks. Enforce principle of least privilege through authorization policies.

Cybersecurity 75

Cybersecurity Internet Internet Technology 75

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. The company states that devices running the Nebula cloud management mode are not impacted.

VPN 111

VPN Firewall Firmware Authentication 111

Security Affairs

DECEMBER 12, 2020

Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw. “Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.”

Firmware 88

Firmware Manufacturing Software Authentication 88

SecureWorld News

FEBRUARY 17, 2024

Regrettably, cybersecurity is often an overlooked aspect in the development of many smart devices, and medical devices in particular. In response, manufacturers are intensifying their cybersecurity efforts, incorporating advanced CI/CD workflows to safeguard medical devices from escalating attacks.

Healthcare 98

Healthcare Manufacturing Internet Internet 98

Security Affairs

AUGUST 13, 2023

CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5) CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2) CVE-2023-3263: Authentication Bypass by Alternate Name (Auth Bypass; CVSS 7.5) of PowerPanel Enterprise software and version 1.44.08042023 of the Dataprobe iBoot PDU firmware.

Hacking 88

Hacking Firmware Authentication Software 88

eSecurity Planet

NOVEMBER 4, 2021

Cybersecurity & Infrastructure Agency (CISA) revealing hundreds of critical vulnerabilities. CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. The most popular firmware is BIOS and UEFI. If you can’t update it (e.g.,

Software 117

Software Firmware Computers and Electronics Risk 117

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. So, the question of unauthorized backdoors being present on any of its devices gets eliminated.

Mobile 132

Mobile Firmware Manufacturing Passwords 132

Security Affairs

NOVEMBER 10, 2019

Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Here’s a look at how the report frames AI and 5G in cybersecurity. Most Respondents Say AI Will Impact Their Cybersecurity Strategies.

Risk 96

Risk Cybersecurity Artificial Intelligence Education 96

Security Affairs

OCTOBER 13, 2020

IoT devices are exposed to cybersecurity vulnerabilities. However, if you know where the dangers lurk, there is a way to minimize the cybersecurity risks. Here are five significant cybersecurity vulnerabilities with IoT in 2020. The cybersecurity issues related to IoT are a brand-new topic in the niche. Poor credentials.

IoT 132

IoT Cybersecurity Manufacturing Internet 132

SiteLock

AUGUST 27, 2021

Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. The bill will provide an avenue of resources and guidelines for small businesses to reduce their cybersecurity risks. Does your financial institution respect your 2-factor authentication?

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. EPMM versions 11.10, 11.9

Authentication 113

Authentication Malware VPN Mobile 113