Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT 363

IoT Firmware Risk Encryption 363

SecureWorld News

JUNE 18, 2025

When renewable energy becomes a security risk Some people are concerned about whether solar panels will operate after periods of cloudy weather, others are more concerned about whether they can be remotely accessed. Use boot verification and firmware integrity checks to detect unauthorized modifications. Yes, you read that right.

Firmware 106

Firmware Manufacturing IoT Mobile 106

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk 279

Risk VPN Internet Internet 279

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall 66

Firewall Firmware Authentication VPN 66

Security Boulevard

APRIL 27, 2021

Cigent Technology today launched Cigent Data Defense, an offering that combines existing multifactor authentication and encryption capabilities to secure sensitive data residing on solid-state drives (SSDs). The post Cigent Technology Extends Firmware to Secure SSDs appeared first on Security Boulevard.

Firmware 102

Firmware Technology Encryption Authentication 102

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. For the latest updates and resources, visit StopRansomware.gov.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware 98

Firmware Malware Encryption Authentication 98

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 77

Authentication Risk Computers and Electronics Mobile 77

eSecurity Planet

MAY 29, 2025

They also used two additional authentication bypass techniques that havent been assigned official CVE numbers yet. Stored the backdoor in NVRAM, a memory that survives both reboots and firmware updates. The routers at risk are primarily those that are exposed directly to the internet, often found in homes and small offices.

Firmware 62

Firmware Internet Internet Small Business 62

Security Affairs

MAY 2, 2025

A remote authenticated attacker with administrative privilege can exploit the flaw to inject arbitrary commands as a nobody user, potentially leading to OS Command Injection Vulnerability. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv 62sv and higher versions (Fixed on December 4, 2023) CVE-2024-38475 10.2.1.14-75sv

Firmware 71

Firmware Authentication VPN Mobile 71

Security Boulevard

JANUARY 31, 2024

Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration.

IoT 119

IoT Firmware Authentication Risk 119

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. Cybersecurity isnt just an IT problem; its central to risk management, operational continuity, and customer trust.

Cyber Attacks 100

Cyber Attacks Retail Cyber threats Backups 100

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router.

Firmware 144

Firmware Encryption Authentication Passwords 144

eSecurity Planet

MARCH 17, 2025

To mitigate the risk of Medusa ransomware attacks, CISA and the FBI recommend the following measures: Update systems regularly: Ensure operating systems, software, and firmware are patched and up to date to close known vulnerabilities.

Ransomware 71

Ransomware Backups Firmware Insurance 71

Penetration Testing

FEBRUARY 6, 2025

Two newly discovered security vulnerabilitiesCVE-2024-9643 and CVE-2024-9644affecting the Four-Faith F3x36 router (firmware v2.0.0) could allow remote attackers to The post CVE-2024-9643 & CVE-2024-9644: Authentication Bypass in Four-Faith F3x36 Routers Puts Networks at Risk appeared first on Cybersecurity News.

Authentication 59

Authentication Risk Firmware Cybersecurity 59

Krebs on Security

MARCH 30, 2021

“The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.” Such access could have allowed the intruders to remotely authenticate to countless Ubiquiti cloud-based devices around the world. ” In its Jan.

Accountability 280

Accountability IoT Passwords Firmware 280

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Ransomware 120

Ransomware Firmware Passwords Mobile 120

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 62

Authentication Risk Computers and Electronics Mobile 62

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.

Firmware 131

Firmware Authentication Passwords Hacking 131

SecureList

JUNE 11, 2024

Second, terminals can be connected to other scanners, such as electronic pass readers, or support other authentication methods using built-in hardware. Risk of error: although biometric data is unique, in some cases, systems have misidentified individuals who had damaged fingertips, etc.

Firmware 132

Firmware Authentication Passwords Risk 132

Security Affairs

JUNE 14, 2024

CVE-2024-4358 is an authentication bypass vulnerability that an unauthenticated attacker can exploit to gain access to Telerik Report Server restricted functionality. CVE-2024-26169 is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges.

Firmware 132

Firmware Authentication Hacking Risk 132

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 131

Firmware Wireless Passwords Internet 131

Security Boulevard

APRIL 18, 2025

Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Both frameworks have a Core section, which outlines detailed activities and outcomes aimed at helping organizations discuss risk management. Check out NISTs effort to further mesh its privacy and cyber frameworks.

Risk 59

Risk Cybersecurity Data privacy Software 59

Security Affairs

NOVEMBER 10, 2019

Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Information Risk Management (IRM) recently published its 2019 Risky Business Report. One tip that education brands should follow is to create a prioritized list of risks.

Risk 110

Risk Cybersecurity Artificial Intelligence Education 110

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication 133

Authentication Firmware Hacking Engineering 133

The Last Watchdog

OCTOBER 16, 2019

Machine identities are divvied out as digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites. These certificates leverage something called the public key infrastructure ( PKI ), a framework for encrypting data and authenticating the machines talking to each other.

Digital transformation 195

Digital transformation Firmware Authentication IoT 195

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 98

Firmware Authentication Software Hacking 98

eSecurity Planet

NOVEMBER 4, 2021

CWE-1240 : Use of a Cryptographic Primitive with a Risky Implementation – non-standard cryptographic implementation is pretty hard to fix and puts the whole system at risk. CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses.

Software 117

Software Firmware Computers and Electronics Risk 117

Malwarebytes

AUGUST 25, 2023

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. is related to incorrect authentication of the bulb, which means the device can be impersonated, allowing for Tapo password theft and device manipulation.

Passwords 98

Passwords Risk IoT Firmware 98

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. Devices at risk. x versions of the firmware. x firmware. x firmware versions. SMA 210/410/500v (Actively Supported) update firmware to 9.0.0.10-28sv SMA 400/200 Update to 10.2.0.7-34 34 or 9.0.0.10

Ransomware 104

Ransomware Firmware Firewall Passwords 104

Malwarebytes

APRIL 5, 2022

The CISA catalog of known exploited vulnerabilities was set up to list the most important vulnerabilities that have proven to pose the biggest risks. The catalog is an integral part of binding operational directive (BOD) 22-01 titled Reducing the Significant Risk of Known Exploited Vulnerabilities.

Firmware 145

Firmware Software Risk Authentication 145

Security Affairs

JUNE 14, 2019

of the firmware. The weakness impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP. “An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 there is no released firmware version 4.4.3) there is no released firmware version 4.4.3)

Firmware 107

Firmware Advertising Authentication Passwords 107

Security Affairs

DECEMBER 18, 2018

Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB. Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life.

Firmware 109

Firmware Advertising Manufacturing Authentication 109

Security Affairs

DECEMBER 14, 2022

While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.

Surveillance 145

Surveillance Manufacturing Internet Internet 145

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking 110

Hacking Firmware Media Authentication 110

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated. Pierluigi Paganini.

Firmware 100

Firmware IoT Authentication Backups 100

eSecurity Planet

JULY 1, 2024

MOVEit Transfer had an authentication bypass that affected 2,700 instances. Apple issued updates for AirPods’ Bluetooth authentication bypass flaw. To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources.

Risk 62

Risk Authentication Firmware Software 62