The Hacker News

JANUARY 23, 2025

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News.

Firmware 143

Firmware Firewall 143

Tech Republic Security

MARCH 14, 2023

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates. The post Attack campaign on edge appliance: undetected since 2021 and resists firmware update appeared first on TechRepublic.

Firmware 153

Firmware Cybersecurity 153

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 133

Firmware Mobile Technology Hacking 133

The Hacker News

JUNE 13, 2024

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

Firmware 134

Firmware 134

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 135

Firmware Telecommunications System Administration Malware 135

Kali Linux

JANUARY 21, 2024

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. non-free-firmware is already enabled in your sources.list.

Firmware 117

Firmware 117

Penetration Testing

MARCH 8, 2024

Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8)

Firmware 142

Firmware Penetration Testing Risk 142

Penetration Testing

SEPTEMBER 30, 2024

Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware 136

Firmware Risk Cybersecurity 136

The Hacker News

OCTOBER 5, 2023

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 138

Firmware 138

Schneier on Security

NOVEMBER 10, 2021

The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 343

Hacking Firmware Engineering Software 343

Schneier on Security

JULY 1, 2019

government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. that reduced the randomness of the cryptographic keys it generates.

Firmware 270

Firmware Passwords Government Encryption 270

Troy Hunt

OCTOBER 2, 2020

This week there's all the above and, on a more personal note, my relationship with Charlotte. References My shoes are connected!

Firmware 325

Firmware Phishing Accountability 325

Schneier on Security

JULY 26, 2024

In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

Firmware 330

Firmware Encryption Manufacturing Passwords 330

Schneier on Security

NOVEMBER 6, 2018

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. EDITED TO ADD: The NSA is known to attack firmware of SSDs.

Encryption 264

Encryption Firmware Advertising Software 264

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 123

Firmware Spyware Hacking Information Security 123

Schneier on Security

JUNE 20, 2019

Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials.

Firmware 260

Firmware Hacking Manufacturing Banking 260

Dark Reading

SEPTEMBER 27, 2023

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.

Firmware 131

Firmware 131

Schneier on Security

MARCH 9, 2023

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. The malware also adds a backdoor root user to the mounted file.

Malware 252

Malware Firmware Backups 252

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 359

Firmware Passwords Internet Internet 359

Schneier on Security

MAY 18, 2022

t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.

Malware 305

Malware Firmware Encryption Risk 305

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 129

Firmware Firewall Internet Internet 129

The Hacker News

DECEMBER 13, 2024

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity.

Firmware 107

Firmware 107

Schneier on Security

JULY 21, 2020

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Hacking 233

Hacking Firmware 233

Penetration Testing

SEPTEMBER 30, 2024

These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware 117

Firmware Technology Cybersecurity 117

Schneier on Security

JULY 11, 2019

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions : Start with your bulb off for at least 5 seconds.

Firmware 270

Firmware Software 270

Schneier on Security

AUGUST 22, 2022

“Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. . “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […]. Luck held out, in a way. “

Encryption 345

Encryption Firmware Manufacturing Software 345

Penetration Testing

JULY 11, 2024

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware 117

Firmware Wireless Risk Cybersecurity 117

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall 281

Firewall Firmware VPN IoT 281

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT 256

IoT Government Firmware Hacking 256

Schneier on Security

NOVEMBER 6, 2023

The capabilities generally required expensive SDRs­—short for software-defined radios­—that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal transmissions and receptions.

Firmware 321

Firmware Hacking Software 321

Schneier on Security

MARCH 8, 2023

These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.

Malware 278

Malware Firmware Software Hacking 278

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 356

IoT Firmware Risk Manufacturing 356

The Last Watchdog

AUGUST 26, 2024

The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware 100

Firmware IoT Manufacturing Cyber Risk 100

Troy Hunt

JULY 13, 2021

Almost - there's still that cloud dependency and there's really only 2 ways around that: Control the existing device locally with the original firmware Flash the device with 3rd party firmware that supports local control Let's explore these more starting with the first option because it feels like the most low-friction path.

Internet 358

Internet Internet IoT Firmware 358

Penetration Testing

DECEMBER 3, 2024

JPCERT/CC, a Japanese cybersecurity organization, issued a warning that these vulnerabilities leave... The post I-O DATA Routers Under Attack: Urgent Firmware Update Needed! Multiple vulnerabilities have been discovered in I-O DATA routers UD-LT1 and UD-LT1/EX, and active exploitation is already underway.

Firmware 78

Firmware Cybersecurity 78

Schneier on Security

FEBRUARY 19, 2021

Nonetheless, all but one vendor spread several private keys in almost all firmware images. There’s often no one around to write patches, and most of the time router firmware isn’t even patchable. Anyhow, they are used quite rarely by most vendors except the NX feature. A published private key provides no security at all.

Firmware 315

Firmware Software Engineering Internet 315