Security Vulnerabilities in Android Firmware

Schneier on Security

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. And since they're firmware bugs, in many cases there is no ability to patch them. android firmware smartphones supplychain vulnerabilitiesThe vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker.

Backdoor Built into Android Firmware

Schneier on Security

In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices , including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Thursday's report also said the supply chain attack was pulled off by one or more partners the manufacturers used in preparing the final firmware image used in the affected devices. android backdoors crime firmware google malware phones supplychain

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Firmware: Beyond Securing the Software Stack

Security Boulevard

The post Firmware: Beyond Securing the Software Stack appeared first on Security Boulevard. Picture a house equipped with state-of-the-art alarm systems, sensors, locks and cameras. From the outside, the house might seem reasonably protected against potential intruders.

Exploited Vulnerability Targets Arcadyan Firmware Routers

Heimadal Security

A new vulnerability in home routers that run Arcadyan firmware wreaks havoc in the world of cybersecurity, being actively taken advantage of by threat actors. The post Exploited Vulnerability Targets Arcadyan Firmware Routers appeared first on Heimdal Security Blog.

September Firmware Threat Report

Security Boulevard

Spyware found embedded in UEFI and MBR firmware - ran undetected for years. The post September Firmware Threat Report appeared first on Security Boulevard. Security Bloggers Network threat report

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. SecurityAffairs – hacking, firmware attacks).

Microsoft Finds New NETGEAR Firmware Vulnerabilities

Heimadal Security

The post Microsoft Finds New NETGEAR Firmware Vulnerabilities appeared first on Heimdal Security Blog. Cybersecurity News firmware firmware vulnerabilities iot devices microsoft NETGEAR vulnerability

TrickBot's New Tactic Threatens Firmware

Dark Reading

A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device

Don’t Let the Fox Watch the Henhouse: Securing Firmware

Security Boulevard

As organizations look to address those challenges, it’s critical to start with what is arguably the most integral piece of the supply chain: the firmware layer. Firmware is, essentially, the foundational code within a device.

May Firmware Threat Report

Security Boulevard

The post May Firmware Threat Report appeared first on Security Boulevard. Sometimes it takes a thunderstorm before seeing positive outcomes and real change: Cyber May Flowers, if you will.

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Many peripheral devices do not verify that firmware is properly signed with a high quality public/private key before running the code.

Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs

Dark Reading

Second-ever sighting of a firmware exploit in the wild is a grim reminder of the dangers of these mostly invisible attacks

Cigent Technology Extends Firmware to Secure SSDs

Security Boulevard

The post Cigent Technology Extends Firmware to Secure SSDs appeared first on Security Boulevard.

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

Let's drill into all that and then go deeper into custom firmware and soldering too. Flashing Custom Firmware and Soldering I propose that we all need to find our own paths in terms of just how dirty we want to get our hands when playing with IoT.

Router Firmware Vulnerability Bypasses Authentication

Digital Guardian

A vulnerability found in some routers and modems could make the devices vulnerable to authentication bypass and in turn, allow attackers access to sensitive information

80% of Global Enterprises Report Firmware Cyberattacks

Threatpost

A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.

Designing Firmware Resilience for 3 Top Attack Vectors

Dark Reading

Firmware has become an increasingly prevalent target for hackers. Here's how to stop them

Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

Tech Republic Security

Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Threatpost

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

Dark Reading

A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Threatpost

Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.

3 ways to prevent firmware attacks without replacing systems

CSO Magazine

A recent security post warned that firmware attacks are on the rise. However, only 29% of security budgets has been allocated to protect firmware.

Intel Firmware Flaws Found

Dark Reading

Another big firmware security issue affecting Intel processors, requires OEM updates

NIST Kicks the Can: Why We Need to Address Firmware Security Now

Security Boulevard

Register for our July 14 webinar and learn how you can get ahead of fast-growing firmware attacks today. The post NIST Kicks the Can: Why We Need to Address Firmware Security Now appeared first on Security Boulevard.

How FISMA Requirements Relate to Firmware Security

Dark Reading

Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security

Firmware Vulnerabilities Show Supply Chain Risks

Dark Reading

A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk

Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags

Dark Reading

Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet

83% of Businesses Hit With a Firmware Attack in Past Two Years

Dark Reading

A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks

How Microsoft is using hardware to secure firmware

Tech Republic Security

Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot

SonicWall releases second firmware updates for SMA 100 vulnerability

Security Affairs

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild.

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. This time it happens to be firmware.

Is your firmware vulnerable to attack? A report says it might be

Tech Republic Security

Unsigned firmware in WiFi adapters, USB hubs, trackpads, and other devices can be compromised by hackers, says enterprise firmware security company Eclypsium in a new report

Hundreds of Millions of PC Components Still Have Hackable Firmware

WIRED Threat Level

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made. Security Security / Cyberattacks and Hacks

Firmware Fuzzing 101

ForAllSecure

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context.

Firmware Fuzzing 101

ForAllSecure

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context.

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program. The post Intel addresses High-Severity flaws in NUC Firmware and other tools appeared first on Security Affairs.

A Secure Supply Chain Requires Independent Visibility Into Firmware

Security Boulevard

Once again, supply chain risks are in the news, with Bloomberg reporting attacks compromising servers via malicious firmware updates. The post A Secure Supply Chain Requires Independent Visibility Into Firmware appeared first on Security Boulevard.

Firmware Flaw Allows Attackers to Evade Security on Some Home Routers

Dark Reading

Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. The post QNAP urges users to update NAS firmware and app to prevent infections appeared first on Security Affairs.

Firmware: A New Attack Vector Requiring Industry Leadership

Dark Reading

It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. Users are urgently recommended to update to firmware Version 1.12.14.7

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

SC Magazine

ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware.

SonicWall issues firmware patch after attackers exploited critical bugs

SC Magazine

firmware. firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. . The post SonicWall issues firmware patch after attackers exploited critical bugs appeared first on SC Media.