Penetration Testing

SEPTEMBER 30, 2024

These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware 107

Firmware Technology Cybersecurity 107

Schneier on Security

NOVEMBER 18, 2019

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. And since they're firmware bugs, in many cases there is no ability to patch them. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker.

Firmware 237

Firmware 237

Schneier on Security

JUNE 21, 2019

In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices , including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers.

Firmware 273

Firmware Manufacturing Malware Mobile 273

Security Boulevard

AUGUST 13, 2024

When the penetration testing engagement includes devices there is an opportunity to both highlight weaknesses and weaponize the firmware. Many resources and materials exist that explain how […] The post Firmware Guide for Pen Testers appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Firmware 59

Firmware Penetration Testing 59

The Hacker News

JUNE 13, 2024

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

Firmware 113

Firmware 113

Security Boulevard

JUNE 12, 2024

As endpoint security tools improve, attackers target lower level firmware components to evade detection. This demo shows how malware targeting UEFI firmware, such as Black Lotus, can evade Windows device security features and EDR Vendor 1, and give attackers stealthy and persistent access to systems.

Firmware 64

Firmware Malware 64

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 100

Firmware Mobile Technology Hacking 100

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 144

Firmware Mobile Malware Retail 144

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 117

Firmware Telecommunications System Administration Malware 117

Security Boulevard

AUGUST 3, 2022

You’re not imagining things; new firmware threats are appearing more often. The most recent is CosmicStrand, which exploits the Unified Extensible Firmware Interface (UEFI) to avoid detection. The post ‘CosmicStrand’ Highlights Ongoing Firmware Risks appeared first on Security Boulevard. The researchers were unable to.

Firmware 98

Firmware Risk Mobile Malware 98

Penetration Testing

MARCH 8, 2024

Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8)

Firmware 140

Firmware Penetration Testing Risk 140

Bleeping Computer

JANUARY 14, 2024

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [.]

Firmware 108

Firmware Software Mobile 108

Security Boulevard

JULY 26, 2023

Whether you are new to Linux or a seasoned Linux systems administrator, knowing the hardware and firmware on your systems is essential. Firmware that is out-of-date can pose security and operational risks. The post Linux Commands To Check The State Of Firmware appeared first on Security Boulevard.

Firmware 98

Firmware System Administration Risk 98

Security Boulevard

JUNE 24, 2024

Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Nature of the Memory-Related Vulnerability The zero-day exploit in […] The post Google Pixel Firmware Zero-Day Flaw Exploited And Patched appeared first on TuxCare.

Firmware 59

Firmware Cybersecurity 59

Tech Republic Security

MARCH 14, 2023

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates. The post Attack campaign on edge appliance: undetected since 2021 and resists firmware update appeared first on TechRepublic.

Firmware 136

Firmware Cybersecurity 136

Security Boulevard

JULY 22, 2024

Read More > The post Firmware, Supply Chain, and Frameworks - NIST SP 800-53 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post Firmware, Supply Chain, and Frameworks – NIST SP 800-53 appeared first on Security Boulevard.

Firmware 64

Firmware Cybersecurity 64

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 97

Firmware Spyware Hacking Information Security 97

Security Boulevard

AUGUST 27, 2024

as it Relates to Firmware Security? as it Relates to Firmware Security? To ensure the protection of CJI, which provides critical data on fugitives and […] The post What’s New in CJIS 5.9.5 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post What’s New in CJIS 5.9.5

Firmware 64

Firmware 64

Penetration Testing

JULY 11, 2024

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware 108

Firmware Wireless Risk Cybersecurity 108

Security Boulevard

JUNE 25, 2024

In the dynamic world of data centers, where uptime and security are paramount, firmware management often goes under the radar. However, as data centers become increasingly sophisticated, efficient firmware management is crucial for maintaining both security and operational efficiency.

Firmware 59

Firmware 59

Security Boulevard

DECEMBER 12, 2023

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux….

Firmware 64

Firmware Manufacturing 64

Bleeping Computer

MARCH 7, 2024

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [.]

Firmware 104

Firmware 104

Security Boulevard

AUGUST 26, 2024

New findings from Forescout ­– Vedere Labs , the industry leader in device intelligence, and Finite State … (more…) The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers first appeared on The Last Watchdog.

Firmware 75

Firmware IoT Internet Internet 75

Security Boulevard

OCTOBER 26, 2022

The pool of available open source resilient firmware keeps growing. This week, dynamic firmware maker AMI announced the contribution of its Tektagon OpenEdition Platform Root of Trust to the Open Compute Project (OCP). The post AMI Brings Secure Firmware to the Open Compute Project appeared first on Security Boulevard.

Firmware 98

Firmware Malware Cybersecurity 98

Penetration Testing

OCTOBER 10, 2024

Attackers are exploiting previously known vulnerabilities in the... The post Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required appeared first on Cybersecurity News.

Firmware 47

Firmware Cybersecurity VPN 47

Heimadal Security

AUGUST 9, 2021

A new vulnerability in home routers that run Arcadyan firmware wreaks havoc in the world of cybersecurity, being actively taken advantage of by threat actors. The post Exploited Vulnerability Targets Arcadyan Firmware Routers appeared first on Heimdal Security Blog. This bug’s recent activity was discovered by Juniper […].

Firmware 115

Firmware Authentication Cybersecurity 115

The Hacker News

OCTOBER 5, 2023

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 116

Firmware 116

Dark Reading

SEPTEMBER 27, 2023

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.

Firmware 131

Firmware 131

Bleeping Computer

MAY 20, 2023

HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. [.]

Firmware 129

Firmware Technology 129

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware 233

Firmware Cybersecurity Technology Engineering 233

The Hacker News

MAY 31, 2023

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023.

Firmware 98

Firmware Cybersecurity 98

Google Security

FEBRUARY 21, 2023

For the purposes of this blog, we refer to the software that runs on all these other processors as “Firmware”. Android’s defense-in-depth strategy also applies to the firmware running on bare-metal environments in these microcontrollers, as they are a critical part of the attack surface of a device.

Firmware 96

Firmware Software Authentication Technology 96

Security Boulevard

JUNE 12, 2024

The post Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers appeared first on Security Boulevard.

Firmware 64

Firmware 64

Security Boulevard

DECEMBER 20, 2023

Firmware security analysis is a critical aspect of modern cybersecurity. As our devices become more interconnected and reliant on firmware, understanding the vulnerabilities in this often overlooked layer of software is paramount. In this article, we delve into EMBA, a powerful open-source firmware security analysis tool.

Firmware 59

Firmware Engineering Software Cybersecurity 59

Penetration Testing

JULY 25, 2024

could allow remote attackers... The post HPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update appeared first on Cybersecurity News. A critical security vulnerability, CVE-2021-38578, has been discovered in a wide range of HPE ProLiant, Alletra, Synergy, Apollo, and Edgeline servers.

Firmware 61

Firmware Cybersecurity 61

Heimadal Security

APRIL 20, 2022

Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use. By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices.

Firmware 113

Firmware Cybersecurity 113

Security Boulevard

JUNE 8, 2023

A recent firmware snafu discovered in more than 400 computer motherboard models produced by Gigabyte offers some powerful lessons to guardians of software supply chains. The post The Gigabyte firmware backdoor: Lessons learned about supply chain security appeared first on Security Boulevard.

Firmware 96

Firmware Software 96