article thumbnail

New Windows/Linux Firmware Attack

Schneier on Security

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure (..)

Firmware 318
article thumbnail

The great non-free-firmware transition

Kali Linux

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. non-free-firmware is already enabled in your sources.list.

Firmware 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

The Hacker News

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

Firmware 111
article thumbnail

UEFI Firmware Exploit Evades EDR

Security Boulevard

As endpoint security tools improve, attackers target lower level firmware components to evade detection. This demo shows how malware targeting UEFI firmware, such as Black Lotus, can evade Windows device security features and EDR Vendor 1, and give attackers stealthy and persistent access to systems.

article thumbnail

CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development

Penetration Testing

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware 113
article thumbnail

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Security Affairs

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

article thumbnail

Google Pixel Firmware Zero-Day Flaw Exploited And Patched

Security Boulevard

Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Nature of the Memory-Related Vulnerability The zero-day exploit in […] The post Google Pixel Firmware Zero-Day Flaw Exploited And Patched appeared first on TuxCare.