The Security Ledger

NOVEMBER 11, 2019

» Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Terry is a former NSA employee who specializes in firmware security. We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks.

Risk 40

Risk Surveillance Firmware Technology 40

The Security Ledger

DECEMBER 19, 2023

But software and always-on Internet connectivity have also enabled abusive practices, such as mass, commercial surveillance of consumers and de-facto monopolies on things like service and repair.

IoT 75

IoT Manufacturing Internet Internet 75

eSecurity Planet

FEBRUARY 22, 2022

There is no need for social engineering , as the program can implant backdoors directly without forced consent. It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation. Zero-click attacks remove this hurdle.

Spyware 125

Spyware Software Government Social Engineering 125

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. Then, more specifically, we analyzed the mobile application itself using static reverse engineering of the different use cases.

Firmware 96

Firmware Passwords Manufacturing Mobile 96

SecureList

NOVEMBER 26, 2021

The vulnerability is in MSHTML, the Internet Explorer engine. Even though few people use IE nowadays, some programs use its engine to handle web content – in particular, Microsoft Office applications. If the victim opens the document, Microsoft Office downloads the script and runs it using the MSHTML engine.

Malware 101

Malware Banking Energy and Utilities Accountability 101

ForAllSecure

APRIL 22, 2021

but in writing it, it inadvertently, or maybe overtly I don't remember captured reverse engineering software that has some protection mechanism in it, and without getting into the details. So how do you go about reverse engineering those micro controllers. In some cases the artists simply don't have the resources to be updated.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

but in writing it, it inadvertently, or maybe overtly I don't remember captured reverse engineering software that has some protection mechanism in it, and without getting into the details. So how do you go about reverse engineering those micro controllers. In some cases the artists simply don't have the resources to be updated.

IoT 52

IoT Hacking Internet Internet 52

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. The data can be textual (e.g.,

Firmware 81

Firmware Social Engineering Surveillance Malware 81

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. Firmware vulnerabilities. FinSpy is an infamous, commercial surveillance toolset that is used for “legal surveillance” purposes.

Malware 117

Malware Mobile Spyware Surveillance 117

SecureList

APRIL 27, 2022

In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology. Further analysis showed that the attackers modified a single component within the firmware to append a payload to one of its sections and incorporate inline hooks within particular functions. Final thoughts.

Malware 137

Malware Firmware Government Phishing 137

eSecurity Planet

OCTOBER 21, 2022

Adware is often smuggled onto a device, either by users who don’t know what they’re downloading or by hiding it in an otherwise innocuous piece of software like a search engine toolbar plugin for your browser. Firmware rootkits are also known as “hardware rootkits.”. It’s one of the most infectious forms of malware out there.

Malware 75

Malware Adware Spyware Antivirus 75

SecureList

OCTOBER 26, 2021

On June 3, Check Point published a report about an ongoing surveillance operation targeting a Southeast Asian government, and attributed the malicious activities to a Chinese-speaking threat actor named SharpPanda. In this quarter we focused on researching and dismantling surveillance frameworks following malicious activities we detected.

Malware 144

Malware Government Surveillance Spyware 144

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. and a medium (CVSS 4.3) level vulnerability.

IoT 117

IoT Internet Internet Ransomware 117

SecureList

NOVEMBER 14, 2023

In May, Ars Technica reported that BootGuard private keys had been stolen following a ransomware attack on Micro-Star International (MSI) in March this year (firmware on PCs with Intel chips and BootGuard enabled will only run if it is digitally signed using the appropriate keys).

Hacking 119

Hacking Energy and Utilities Media Malware 119