eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The fix: Users need to download the new public commit signing key from GitHub. The authenticated user must also be logged into an account on an instance of GHES.

Authentication 113

Authentication Malware VPN Mobile 113

Zero Day

JUNE 11, 2025

Also:  Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more "Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system's chain of trust," Matrosov said.

Malware 80

Malware Password Management Small Business Artificial Intelligence 80

eSecurity Planet

JULY 1, 2024

Avoid downloading or opening files from unidentified sources. Regularly update security software and use robust email filtering to reduce dangers. Organizations should educate their staff about phishing tactics and limit the use of MMC to trustworthy applications to strengthen security protections against such vulnerabilities.

Risk 62

Risk Authentication Firmware Software 62

eSecurity Planet

FEBRUARY 21, 2024

Check the Firewall Hardware & Operating System After you’ve prepared all the documentation and know everyone’s roles, one of the early steps in a firewall audit process is a hardware and firmware check. Look at the hardware to see whether it fits your company’s standards and security requirements.

Firewall 113

Firewall Firmware Software Risk 113

eSecurity Planet

JULY 8, 2024

To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. This downloads an HTML file (“olerender.html”), which contains shellcode that downloads and runs more malware. Update your routers to the most recent versions ( 5.6.15, 6.1.9-lts,

Risk 62

Risk Authentication Firmware Surveillance 62

eSecurity Planet

MAY 27, 2024

Immediately update your QNAP devices to the most recent firmware to mitigate these issues. Check for future updates and be cautious while sharing download links to avoid exploitation. The fix: Administrators should download and install the KB5039705 OOB update via Windows Update, WSUS, or the Microsoft Update Catalog.

Backups 67

Backups Authentication DDOS Engineering 67

eSecurity Planet

JUNE 10, 2024

Timothy Hjort discovered these vulnerabilities , which allow the execution of OS commands and the uploading of malicious files, compromising the security of affected devices. The fix: Zyxel issued firmware patches 5.21(AAZF.17)C0 17)C0 for NAS326 and 5.21(ABAG.14)C0 Users should apply these updates right away to protect their devices.

Malware 80

Malware Authentication Software Telecommunications 80

eSecurity Planet

MAY 20, 2024

The fix: Download your currently running version to version v0.2.72 Note that some DIR-600 devices are end of life, so D-Link won’t release any firmware updates for these. This vulnerability affects natural language processing applications. The vulnerability is tracked as CVE-2024-34359 and has a severity rating of 4.0.

VPN 62

VPN Firmware Malware Software 62

eSecurity Planet

APRIL 30, 2024

Set Secure Firewall Rules & ACLs To prevent unwanted access and ensure effective traffic management, secure your firewall through updating firmware to resolve vulnerabilities and adopting proper configurations prior to installing firewalls in production. Sample Windows Defender Firewall prompts for firewall activation 2.

Firewall 62

Firewall Architecture Firmware Risk 62

eSecurity Planet

SEPTEMBER 11, 2023

The fix: ASUS released firmware updates to address the vulnerabilities. Email Filtering and Security Solutions: Implement reliable email filtering and security systems that can recognize and block phishing emails. Attackers target certain administrative API functions on these devices using specially crafted input.

VPN 113

VPN Authentication Firmware Phishing 113