Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. CyberPower is a prominent supplier of data center hardware and infrastructure solutions, with a specific focus on cutting-edge power protection technologies and effective power management systems.

Hacking 81

Hacking Firmware Authentication Software 81

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. CVE-2022-33265 (CVSS Score 7.3) – the flaw is an Information exposure in Powerline Communication Firmware.

Firmware 81

Firmware Manufacturing Software Hacking 81

Security Affairs

OCTOBER 22, 2023

“If you’re working today at the cutting edge of technology then geopolitics is interested in you, even if you’re not interested in geopolitics.” ” Commercial businesses in the technology sector of any size, especially small companies and start-ups and researchers, are more exposed to Chinese espionage. .

Telecommunications 123

Telecommunications Technology Government Firmware 123

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 112

Firmware Authentication Engineering Hacking 112

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware 122

Firmware Technology Advertising Authentication 122

Security Affairs

OCTOBER 4, 2023

.” The three critical issues fixed by the chipmaker are: Public ID Security Rating CVSS Rating Technology Area Date Reported CVE-2023-24855 Critical Critical (CVSS Score 9.8) WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. Modem Internal CVE-2023-28540 Critical Critical (CVSS Score 9.1)

Firmware 93

Firmware Surveillance Authentication Manufacturing 93

Security Affairs

DECEMBER 9, 2023

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.”

Firmware 107

Firmware Mobile Software Hacking 107

Security Affairs

SEPTEMBER 19, 2022

Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ, which is a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models. present in the majority of NETGEAR firmware images in our corpus.”

Firmware 95

Firmware Passwords Technology Hacking 95

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 84

Firmware Authentication Passwords Hacking 84

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.”

Firmware 102

Firmware Manufacturing Advertising Hacking 102

SiteLock

AUGUST 27, 2021

Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. Was an 11-year old really able to hack election results?

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication 84

Authentication Firmware Hacking Passwords 84

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . Automatic updates are available via Wi-Fi and can be installed by setting IoT radio devices back to factory settings and downloading the latest firmware version. . Pierluigi Paganini.

IoT 82

IoT Hacking Firmware Advertising 82

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. SecurityAffairs – hacking, IP cameras). IP cameras exposed, with US in the lead</strong> appeared first on Security Affairs.

Surveillance 122

Surveillance Manufacturing Passwords Internet 122

Security Affairs

SEPTEMBER 2, 2021

A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth , can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. Crashes generally trigger a fatal assertion, segmentation faults due to a buffer or heap overflow within the SoC firmware. Pierluigi Paganini.

Firmware 83

Firmware Manufacturing IoT Technology 83

Security Affairs

FEBRUARY 23, 2022

US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. The malware leverages the firmware update process to achieve persistence. SecurityAffairs – hacking, CISA). Pierluigi Paganini.

Malware 85

Malware Firmware Architecture Firewall 85

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware 92

Firmware Architecture Advertising Manufacturing 92

Security Affairs

JULY 15, 2022

Dragos experts investigated an infection of DirectLogic PLCs from Automation Direct, they performed reverse engineering of the password cracking tool and discovered it did not crack the password at all, rather, it exploited a vulnerability in the firmware to retrieve the password on command. SecurityAffairs – hacking, Sality malware).

Passwords 106

Passwords Software Firmware Malware 106

Security Affairs

OCTOBER 4, 2020

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 284 appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 82

Ransomware Firmware Advertising Insurance 82

Security Affairs

NOVEMBER 4, 2021

.” BrakTooth is a set of 16 security flaws in commercial Bluetooth stacks that can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. SecurityAffairs – hacking, Europol). ” wrote the researchers. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware 91

Firmware Manufacturing Technology Engineering 91

Security Affairs

AUGUST 17, 2022

“A potential security vulnerability in some Intel® Processors may allow information disclosure.Intel is releasing firmware updates to address this potential vulnerability.” Intel has already released firmware updates to address the flaw. SecurityAffairs – hacking, ÆPIC Leak). Pierluigi Paganini.

Architecture 73

Architecture Firmware Software Information Security 73

Security Affairs

DECEMBER 13, 2021

A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Pierluigi Paganini.

Wireless 99

Wireless Firmware Mobile Passwords 99

Security Affairs

MAY 21, 2023

million NPM packages found containing the TurkoRat infostealer Lemon Group gang pre-infected 9 million Android devices for fraudulent activities Apple fixed three new actively exploited zero-day vulnerabilities KeePass 2.X

Data breaches 83

Data breaches Cybercrime Ransomware Passwords 83

ForAllSecure

APRIL 26, 2022

Like any other criminal hack. So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. It’s about challenging our expectations about the people who hack for a living.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52

Security Affairs

MARCH 3, 2023

that could potentially lead to information disclosure or privilege escalation. The Trusted Platform Module (TPM) technology is a hardware-based solution that provides secure cryptographic functions to the operating systems on modern computers, making it resistant to tampering.

Firmware 96

Firmware IoT Authentication Hacking 96

Security Affairs

FEBRUARY 15, 2022

. “EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology,” states the Taiwanese vendor. SecurityAffairs – hacking, NAS). Follow me on Twitter: @securityaffairs and Facebook.

Firmware 76

Firmware Ransomware Encryption Hacking 76

Security Affairs

JUNE 24, 2021

The PC maker released client-side BIOS firmware updates to address the other two flaws. “Technology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures. . Pierluigi Paganini.

Firmware 69

Firmware Hacking Technology Ransomware 69

Security Affairs

FEBRUARY 4, 2021

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) 29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances.

Firmware 93

Firmware Mobile Media Internet 93

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 122

Ransomware Firmware Antivirus Accountability 122

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware 91

Ransomware Passwords Backups Firmware 91

Security Affairs

FEBRUARY 28, 2024

. “These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Upgrade to the latest firmware version. Change any default usernames and passwords.

Energy and Utilities 90

Energy and Utilities Government Firewall Malware 90

Security Affairs

MARCH 18, 2022

In fact, Ericsson Network Manager is an Operations support system (‘OSS’ according to network jargon) , which allows the management of all the devices interconnected to it, ensuring the management of configurations, firmware updates and all automation and maintenance operations of an advanced mobile radio network. Pierluigi Paganini.

Mobile 96

Mobile Firmware Architecture Technology 96

ForAllSecure

JUNE 8, 2022

As with most advances in automotive, this technology started at the higher end models. Welcome to The Hacker Mind, an original podcast from for all secure. It's about challenging our expectations about the people who hack for a living. So they're really pushing this technology. So the car would start. I'm Robert Vamosi.

Hacking 52

Hacking Manufacturing Encryption Wireless 52

Security Affairs

JULY 19, 2021

An attacker could also use advanced IR camera technologies that can allow to take a good picture even from a distance. Enhanced Sign-in Security is a new security feature in Windows which requires specialized hardware, drivers, and firmware that are pre-installed on the system by device manufacturers in the factory.

Manufacturing 114

Manufacturing Authentication Firmware Hacking 114

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada. SecurityAffairs – hacking, Zeppelin ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 81

Ransomware Encryption Firmware Backups 81

Security Affairs

MARCH 23, 2021

The vendor released security updates for all these devices and urges customers to update their installs, it also released mitigations to address the flaws. “GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities.

Firmware 74

Firmware VPN Firewall Risk 74

Security Affairs

SEPTEMBER 20, 2020

SecurityAffairs – hacking, education institutions). The post NCSC warns of a surge in ransomware attacks on education institutions appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Education 144

Education Ransomware Antivirus Backups 144