Penetration Testing

JULY 11, 2024

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware 112

Firmware Wireless Risk Cybersecurity 112

Schneier on Security

NOVEMBER 18, 2019

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. And since they're firmware bugs, in many cases there is no ability to patch them. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker.

Firmware 223

Firmware 223

Bleeping Computer

JANUARY 14, 2024

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [.]

Firmware 128

Firmware Software Mobile 128

Security Boulevard

JUNE 24, 2024

Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Nature of the Memory-Related Vulnerability The zero-day exploit in […] The post Google Pixel Firmware Zero-Day Flaw Exploited And Patched appeared first on TuxCare.

Firmware 57

Firmware Cybersecurity 57

Schneier on Security

JUNE 21, 2019

In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices , including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers.

Firmware 261

Firmware Manufacturing Malware Mobile 261

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 144

Firmware Mobile Malware Retail 144

Security Boulevard

JUNE 25, 2024

In the dynamic world of data centers, where uptime and security are paramount, firmware management often goes under the radar. However, as data centers become increasingly sophisticated, efficient firmware management is crucial for maintaining both security and operational efficiency.

Firmware 57

Firmware 57

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 92

Firmware Spyware Hacking Information Security 92

Penetration Testing

MARCH 8, 2024

Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8)

Firmware 142

Firmware Penetration Testing Risk 142

Bleeping Computer

MARCH 7, 2024

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [.]

Firmware 118

Firmware 118

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 111

Firmware Telecommunications System Administration Malware 111

Tech Republic Security

MARCH 14, 2023

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates. The post Attack campaign on edge appliance: undetected since 2021 and resists firmware update appeared first on TechRepublic.

Firmware 145

Firmware Cybersecurity 145

Security Boulevard

AUGUST 3, 2022

You’re not imagining things; new firmware threats are appearing more often. The most recent is CosmicStrand, which exploits the Unified Extensible Firmware Interface (UEFI) to avoid detection. The post ‘CosmicStrand’ Highlights Ongoing Firmware Risks appeared first on Security Boulevard. The researchers were unable to.

Firmware 98

Firmware Risk Mobile Malware 98

Security Boulevard

JULY 26, 2023

Whether you are new to Linux or a seasoned Linux systems administrator, knowing the hardware and firmware on your systems is essential. Firmware that is out-of-date can pose security and operational risks. The post Linux Commands To Check The State Of Firmware appeared first on Security Boulevard.

Firmware 98

Firmware System Administration Risk 98

Security Boulevard

JUNE 12, 2024

The post Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers appeared first on Security Boulevard.

Firmware 62

Firmware 62

Security Boulevard

JUNE 20, 2024

in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The post UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware appeared first on Security Boulevard.

Firmware 57

Firmware Mobile 57

Security Boulevard

DECEMBER 12, 2023

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux….

Firmware 62

Firmware Manufacturing 62

The Hacker News

OCTOBER 5, 2023

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 119

Firmware 119

Bleeping Computer

MAY 20, 2023

HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. [.]

Firmware 134

Firmware Technology 134

Security Boulevard

OCTOBER 26, 2022

The pool of available open source resilient firmware keeps growing. This week, dynamic firmware maker AMI announced the contribution of its Tektagon OpenEdition Platform Root of Trust to the Open Compute Project (OCP). The post AMI Brings Secure Firmware to the Open Compute Project appeared first on Security Boulevard.

Firmware 98

Firmware Malware Cybersecurity 98

Dark Reading

SEPTEMBER 27, 2023

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.

Firmware 131

Firmware 131

LRQA Nettitude Labs

NOVEMBER 1, 2023

Like many other RTOS based devices there is no ASLR implementation, which means once a vulnerability is discovered that can hijack control flow, any existing function in the firmware can be reliably jumped to using the function’s address.

Firmware 64

Firmware Authentication Software 64

Security Boulevard

MAY 9, 2024

Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. The post BTS #29 – Supply Chains, Firmware, And Patching – Jason Kikta appeared first on Security Boulevard.

Firmware 52

Firmware 52

Security Boulevard

DECEMBER 20, 2023

Firmware security analysis is a critical aspect of modern cybersecurity. As our devices become more interconnected and reliant on firmware, understanding the vulnerabilities in this often overlooked layer of software is paramount. In this article, we delve into EMBA, a powerful open-source firmware security analysis tool.

Firmware 57

Firmware Engineering Software Cybersecurity 57

Heimadal Security

AUGUST 9, 2021

A new vulnerability in home routers that run Arcadyan firmware wreaks havoc in the world of cybersecurity, being actively taken advantage of by threat actors. The post Exploited Vulnerability Targets Arcadyan Firmware Routers appeared first on Heimdal Security Blog. This bug’s recent activity was discovered by Juniper […].

Firmware 116

Firmware Authentication Cybersecurity 116

Bleeping Computer

MAY 10, 2023

What has firmware got to do with pop rock, you ask? That's the question that crossed a security researcher's mind as he analyzed Kingston's firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it. [.]

Firmware 99

Firmware Technology 99

The Hacker News

MAY 31, 2023

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023.

Firmware 98

Firmware Cybersecurity 98

Penetration Testing

JANUARY 14, 2024

Recently, NVIDIA has released a crucial firmware security update for its advanced computing systems, the DGX A100 and H100.

Firmware 90

Firmware Penetration Testing 90

Google Security

FEBRUARY 21, 2023

For the purposes of this blog, we refer to the software that runs on all these other processors as “Firmware”. Android’s defense-in-depth strategy also applies to the firmware running on bare-metal environments in these microcontrollers, as they are a critical part of the attack surface of a device.

Firmware 96

Firmware Software Authentication Technology 96

Bleeping Computer

JULY 26, 2023

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [.]

Firmware 98

Firmware IoT 98

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware 234

Firmware Cybersecurity Technology Engineering 234

Bleeping Computer

FEBRUARY 2, 2022

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [.].

Firmware 129

Firmware 129

Heimadal Security

APRIL 20, 2022

Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use. By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices.

Firmware 118

Firmware Cybersecurity 118

Security Boulevard

JUNE 8, 2023

A recent firmware snafu discovered in more than 400 computer motherboard models produced by Gigabyte offers some powerful lessons to guardians of software supply chains. The post The Gigabyte firmware backdoor: Lessons learned about supply chain security appeared first on Security Boulevard.

Firmware 96

Firmware Software 96

Bleeping Computer

MAY 3, 2023

Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them. [.]

Firmware 106

Firmware Technology 106

Bleeping Computer

JUNE 5, 2023

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. [.]

Firmware 115

Firmware Malware 115

Tech Republic Security

JUNE 18, 2021

Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.

Firmware 213

Firmware IoT 213