Bleeping Computer

JULY 26, 2023

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [.]

Firmware 98

Firmware IoT 98

Security Boulevard

AUGUST 3, 2022

You’re not imagining things; new firmware threats are appearing more often. The most recent is CosmicStrand, which exploits the Unified Extensible Firmware Interface (UEFI) to avoid detection. The post ‘CosmicStrand’ Highlights Ongoing Firmware Risks appeared first on Security Boulevard. The researchers were unable to.

Firmware 98

Firmware Risk Network Security Malware 98

The Hacker News

MAY 31, 2023

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023.

Firmware 98

Firmware Cybersecurity 98

Bleeping Computer

MAY 10, 2023

What has firmware got to do with pop rock, you ask? That's the question that crossed a security researcher's mind as he analyzed Kingston's firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it. [.]

Firmware 101

Firmware Technology 101

Bleeping Computer

MAY 20, 2023

HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. [.]

Firmware 130

Firmware Technology 130

Security Boulevard

JUNE 8, 2023

A recent firmware snafu discovered in more than 400 computer motherboard models produced by Gigabyte offers some powerful lessons to guardians of software supply chains. The post The Gigabyte firmware backdoor: Lessons learned about supply chain security appeared first on Security Boulevard.

Firmware 96

Firmware Software 96

Bleeping Computer

MAY 3, 2023

Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them. [.]

Firmware 112

Firmware Technology 112

Troy Hunt

NOVEMBER 23, 2020

Let's drill into all that and then go deeper into custom firmware and soldering too. Flashing Custom Firmware and Soldering I propose that we all need to find our own paths in terms of just how dirty we want to get our hands when playing with IoT. Why do I need to modify the firmware of such a simple little device?!

Firmware 339

Firmware IoT Wireless Manufacturing 339

Google Security

FEBRUARY 21, 2023

For the purposes of this blog, we refer to the software that runs on all these other processors as “Firmware”. Android’s defense-in-depth strategy also applies to the firmware running on bare-metal environments in these microcontrollers, as they are a critical part of the attack surface of a device.

Firmware 93

Firmware Software Authentication Risk 93

Bleeping Computer

JUNE 5, 2023

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. [.]

Firmware 114

Firmware Malware 114

Security Boulevard

OCTOBER 26, 2022

The pool of available open source resilient firmware keeps growing. This week, dynamic firmware maker AMI announced the contribution of its Tektagon OpenEdition Platform Root of Trust to the Open Compute Project (OCP). The post AMI Brings Secure Firmware to the Open Compute Project appeared first on Security Boulevard.

Firmware 98

Firmware Malware Cybersecurity 98

Security Boulevard

JUNE 5, 2023

Read More > The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Security Boulevard.

Firmware 96

Firmware 96

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware 119

Firmware IoT Encryption Architecture 119

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware 144

Firmware Malware Encryption Passwords 144

CSO Magazine

MAY 31, 2023

Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild.

Firmware 103

Firmware Manufacturing Risk 103

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Conclusions.

Firmware 144

Firmware Malware DNS Internet 144

Security Boulevard

JULY 27, 2023

The post Supply Chain and Firmware Security Take Center Stage in 2024 NDAA appeared first on Security Boulevard.

Firmware 98

Firmware 98

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware 98

Firmware Encryption Malware Hacking 98

Heimadal Security

AUGUST 9, 2021

A new vulnerability in home routers that run Arcadyan firmware wreaks havoc in the world of cybersecurity, being actively taken advantage of by threat actors. The post Exploited Vulnerability Targets Arcadyan Firmware Routers appeared first on Heimdal Security Blog. This bug’s recent activity was discovered by Juniper […].

Firmware 115

Firmware Cybersecurity Authentication 115

Bleeping Computer

FEBRUARY 21, 2023

Google has presented a plan to strengthen the firmware security on secondary Android SoCs (systems on a chip) by introducing mechanisms like control flow integrity, memory safety systems, and compiler-based sanitizers. [.]

Firmware 98

Firmware Mobile 98

Heimadal Security

APRIL 20, 2022

Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use. By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices.

Firmware 115

Firmware Cybersecurity 115

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The three buffer overflow vulnerabilities in UEFI firmware, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, were discovered by researchers from ESET. Pierluigi Paganini.

Firmware 128

Firmware Hacking Technology Information Security 128

Tech Republic Security

JUNE 18, 2021

Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.

Firmware 214

Firmware IoT 214

Bleeping Computer

FEBRUARY 2, 2022

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [.].

Firmware 126

Firmware 126

Security Affairs

JULY 25, 2022

Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. ” concludes the report.

Firmware 98

Firmware Malware Hacking Information Security 98

Dark Reading

JANUARY 20, 2022

MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).

Firmware 128

Firmware 128

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware 120

Firmware Cybersecurity Encryption Malware 120

Dark Reading

MARCH 22, 2023

Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities Internet of Things and embedded systems.

Firmware 98

Firmware IoT Internet Internet 98

Security Boulevard

APRIL 5, 2022

The post Defending Firmware in the Firmament appeared first on Security Boulevard. The recent attacks against the ViaSat satellite network in February and March of this year have gone largely unnoticed amid the din of the Russian assault on Ukraine.

Firmware 104

Firmware 104

Bleeping Computer

APRIL 19, 2022

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models. [.].

Firmware 139

Firmware 139

The Hacker News

APRIL 19, 2022

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.

Firmware 109

Firmware 109

The Hacker News

JANUARY 21, 2022

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41).

Firmware 138

Firmware Malware 138

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware 120

Firmware Ransomware Cybercrime Hacking 120

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware 93

Firmware Hacking Information Security 93

The Hacker News

NOVEMBER 9, 2022

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl.

Firmware 98

Firmware Cybersecurity 98

Security Boulevard

AUGUST 24, 2021

The post Firmware: Beyond Securing the Software Stack appeared first on Security Boulevard. However, if a savvy thief managed to infiltrate the residence through its crawl space, the very foundation of the house might be putting the overall security of the home at risk.

Firmware 117

Firmware Software Risk Security Awareness 117

Bleeping Computer

JULY 13, 2022

The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. [.].

Firmware 124

Firmware 124