The Last Watchdog

JANUARY 22, 2024

ChargePoint, with its last firmware update, has disabled the HTTP server and updated the NTP client to address the issues. Thanks to the analysis and help of Sternum IoT, ChargePoint was able to correct weaknesses in CPH50, reduce the attack surface and thus improve the security of the product.

IoT 100

IoT InfoSec Firmware Manufacturing 100

Security Affairs

JANUARY 22, 2021

Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. “The first vulnerability allowed an attacker to send an e-book to the victim’s Kindle device. To my pleasant surprise, the e-book appeared on the device!

Hacking 133

Hacking Authentication Firmware Phishing 133

Security Affairs

JUNE 25, 2021

Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting an old vulnerability. Owners of Western Digital (WD) claim that their My Book Live and My Book Live Duo network-attached storage (NAS) devices have been wiped. Pierluigi Paganini.

Firmware 87

Firmware Internet Internet Hacking 87

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. link] [link] Have a software/firmware update mechanism. Cryptographic keys on the device or pod.

IoT 52

IoT Firmware Mobile Manufacturing 52

Notice Bored

OCTOBER 22, 2021

Most if not all developments involve information (requirements/objectives, specifications, plans, status/progress reports etc.) and potentially substantial information risks. As is the way with ISO27k, the trick is to focus on the information risks. The end is nigh!

Risk 80

Risk Firmware Software Information Security 80

Daniel Miessler

MAY 14, 2020

Keep your firmware and software updated. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content. Keep all of your software and hardware religiously updated.

Risk 345

Risk Password Management Passwords Accountability 345

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52