Firmware Related Topics 
Security Boulevard
AUGUST 3, 2022
You’re not imagining things; new firmware threats are appearing more often. The most recent is CosmicStrand, which exploits the Unified Extensible Firmware Interface (UEFI) to avoid detection.
Schneier on Security
NOVEMBER 18, 2019
Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. And since they're firmware bugs, in many cases there is no ability to patch them. android firmware smartphones supplychain vulnerabilitiesThe vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JUNE 21, 2019
In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices , including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Thursday's report also said the supply chain attack was pulled off by one or more partners the manufacturers used in preparing the final firmware image used in the affected devices. android backdoors crime firmware google malware phones supplychain
Security Boulevard
OCTOBER 26, 2022
The pool of available open source resilient firmware keeps growing. This week, dynamic firmware maker AMI announced the contribution of its Tektagon OpenEdition Platform Root of Trust to the Open Compute Project (OCP).
Security Boulevard
AUGUST 24, 2021
The post Firmware: Beyond Securing the Software Stack appeared first on Security Boulevard. Picture a house equipped with state-of-the-art alarm systems, sensors, locks and cameras. From the outside, the house might seem reasonably protected against potential intruders.
Security Boulevard
DECEMBER 13, 2022
The post December Firmware Threat Report appeared first on Security Boulevard. This month’s report is going to dive into predictions in the device/IT supply chain space, relevant to our industry, and based on existing trends that all point to The Supplyocalpyse: Appetite for Destruction.
Security Boulevard
NOVEMBER 7, 2022
The post November Firmware Threat Report appeared first on Security Boulevard. Whether it’s the Executive Office, the average consumer, or the threat actors, all eyes are on the security of the technology supply chain.
Security Affairs
JULY 25, 2022
Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor.
Dark Reading
JANUARY 20, 2022
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI
Security Boulevard
APRIL 5, 2022
The post Defending Firmware in the Firmament appeared first on Security Boulevard. The recent attacks against the ViaSat satellite network in February and March of this year have gone largely unnoticed amid the din of the Russian assault on Ukraine.
Security Affairs
SEPTEMBER 12, 2022
Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. In terms of impact at scale, firmware supply chain problems are one of the major challenges.” SecurityAffairs – hacking, firmware bugs).
SecureList
JANUARY 20, 2022
At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. Our discovery: a sophisticated implant within UEFI firmware. What happened?
SecureList
JULY 25, 2022
In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware’s image. Introduction.
Heimadal Security
JULY 2, 2021
The post Microsoft Finds New NETGEAR Firmware Vulnerabilities appeared first on Heimdal Security Blog. Cybersecurity News firmware firmware vulnerabilities iot devices microsoft NETGEAR vulnerability
Security Affairs
JUNE 2, 2022
The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques.
The Hacker News
JANUARY 12, 2023
Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them.
Security Boulevard
SEPTEMBER 30, 2021
Spyware found embedded in UEFI and MBR firmware - ran undetected for years. The post September Firmware Threat Report appeared first on Security Boulevard. Security Bloggers Network threat report
Security Affairs
APRIL 5, 2021
A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. SecurityAffairs – hacking, firmware attacks).
Security Boulevard
MARCH 22, 2022
Another difficulty is the firmware itself becoming a challenge to reverse, if it was compiled for an obsolete architecture and commercial disassemblers can’t properly reconstruct it. The post Reverse Engineering Obfuscated Firmware for Vulnerability Analysis appeared first on Nozomi Networks.
Dark Reading
JANUARY 9, 2023
The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations
Dark Reading
JUNE 2, 2022
Conti threat actors are betting chipset firmware is updated less frequently than other software — and winning big, analysts say
Dark Reading
DECEMBER 3, 2020
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device
Security Boulevard
APRIL 2, 2021
As organizations look to address those challenges, it’s critical to start with what is arguably the most integral piece of the supply chain: the firmware layer. Firmware is, essentially, the foundational code within a device.
Security Boulevard
APRIL 6, 2022
The post March Firmware Threat Report appeared first on Security Boulevard. While the media and industry is telling you that the hybrid/cyber conflict surrounding the invasion of Ukraine has been underwhelming, nothing could be further from the truth.
Security Boulevard
JUNE 24, 2021
The post June Firmware Threat Report appeared first on Security Boulevard. Not just one, but four. That’s how many vulnerabilities Eclypsium researchers discovered in Dell’s BIOSConnect feature. Taken together, this chain of vulnerabilities has a CVSS score of 8.3
Security Boulevard
JANUARY 3, 2022
The post December Firmware Threat Report appeared first on Security Boulevard. What a December! Let’s see if we can write a threat report without mentioning log4j. Possible? Let’s find out!
Tech Republic Security
JUNE 18, 2021
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert
The Hacker News
APRIL 19, 2022
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.
Dark Reading
MARCH 21, 2022
The latest three memory corruption flaws in Dell BIOS highlights the challenges of fixing firmware vulnerabilities
The Hacker News
NOVEMBER 9, 2022
PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices.
Security Affairs
FEBRUARY 1, 2022
Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers.
Bleeping Computer
FEBRUARY 2, 2022
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [.].
Dark Reading
MAY 12, 2022
The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years.
Bleeping Computer
JULY 13, 2022
The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. [.].
Bleeping Computer
APRIL 19, 2022
Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models. [.].
SecureList
JULY 6, 2022
As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation.
Security Boulevard
NOVEMBER 2, 2021
The post Protecting Your Fortinet Devices With Firmware Security appeared first on Security Boulevard. Vulnerabilities in enterprise network and security devices are being aggressively targeted by APT and ransomware threat actors as initial access vectors into enterprises.
Tech Republic Security
NOVEMBER 27, 2019
Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot
Bleeping Computer
JUNE 2, 2022
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].
The Hacker News
JULY 13, 2022
Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models.
Heimadal Security
APRIL 20, 2022
Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use. By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices.
Security Boulevard
MAY 26, 2021
The post May Firmware Threat Report appeared first on Security Boulevard. Sometimes it takes a thunderstorm before seeing positive outcomes and real change: Cyber May Flowers, if you will.
Security Affairs
FEBRUARY 18, 2020
Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Many peripheral devices do not verify that firmware is properly signed with a high quality public/private key before running the code.
Expert insights. Personalized for you.
83 
Let's personalize your content