Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT 126

IoT Hacking Firmware Advertising 126

Security Affairs

MAY 16, 2023

Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems. The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

Hacking 92

Hacking Internet Internet Manufacturing 92

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance 99

Surveillance Hacking Firmware Manufacturing 99

Security Affairs

NOVEMBER 9, 2022

Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 The root cause of the flaws is the use of a vulnerable driver during the manufacturing process for some Lenovo devices that was mistakenly not deactivated. An attacker can exploit the flaws to disable UEFI Secure Boot.

Firmware 93

Firmware Manufacturing Hacking Software 93

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. SecurityAffairs – hacking, routers). ” reads the advisory published by the experts.

Manufacturing 141

Manufacturing IoT Firmware VPN 141

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data. Intel responds.

Firmware 304

Firmware Manufacturing Encryption Hacking 304

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. Pierluigi Paganini.

Firmware 100

Firmware Manufacturing Hacking Software 100

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. . SecurityAffairs – hacking, DrayTek Vigor).

Hacking 98

Hacking Internet Internet Passwords 98

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. CVE-2022-33265 (CVSS Score 7.3) – the flaw is an Information exposure in Powerline Communication Firmware. SecurityAffairs – hacking, Moshen Dragon). Pierluigi Paganini.

Firmware 86

Firmware Manufacturing Software Hacking 86

Threatpost

JULY 17, 2019

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.

Firmware 51

Firmware Manufacturing Hacking 51

Security Affairs

OCTOBER 4, 2023

Please contact your device manufacturer for more information on the patch status about specific devices.” WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. .” WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. ” reads the advisory.

Firmware 98

Firmware Surveillance Authentication Manufacturing 98

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence 99

Artificial Intelligence Firmware Data breaches Hacking 99

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The Secure boot is a security standard developed by members of the PC industry to ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). Pierluigi Paganini.

Firmware 85

Firmware Manufacturing Hacking Cybersecurity 85

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware 125

Firmware Advertising Manufacturing Malware 125

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 SecurityAffairs – hacking, IP cameras).

Surveillance 127

Surveillance Manufacturing Passwords Internet 127

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware 107

Firmware Manufacturing Advertising Hacking 107

Security Affairs

MAY 2, 2021

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The duo was planning to present the attack at the PWN2OWN 2020 hacking contest, but since it was moved online due to the COVID19 pandemic they opted to privately report the issues to the carmaker. “We

Hacking 113

Hacking Firmware Manufacturing Software 113

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Update the firmware on CompactRIO controllers to v8.5 Updating the firmware patches the Safe Mode where defaults are loaded.

Firmware 86

Firmware Manufacturing Software Authentication 86

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 141

IoT Firmware Authentication Wireless 141

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance 82

Surveillance Hacking Firmware Manufacturing 82

Security Affairs

JUNE 12, 2022

The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. The experts focused on Carrier’s LenelS2 access control panels, manufactured by HID Mercury. ” The experts also developed a proof-of-concept (PoC) exploit to unlock any door and hack monitoring systems. Overall 4.8.

Firmware 86

Firmware Penetration Testing Manufacturing Authentication 86

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 358

IoT Firmware Risk Manufacturing 358

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware 89

Firmware Malware Manufacturing Hacking 89

Security Affairs

NOVEMBER 4, 2021

“CISA encourages manufacturers, vendors, and developers to review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager and update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.” SecurityAffairs – hacking, Europol). ” reads CISA’s advisory. Pierluigi Paganini.

Firmware 96

Firmware Manufacturing Technology Engineering 96

Security Affairs

SEPTEMBER 10, 2019

” The IoT radio devices are manufactured by Imperial & Dabman (Series I and D) and are distributed in Germany by Telestar, but experts pointed out that it is possible to buy them via Ebay and Amazon by resellers. .” SecurityAffairs – IoT radio devices, hacking). . ” continues the experts. Pierluigi Paganini.

IoT 84

IoT Hacking Firmware Advertising 84

Security Affairs

NOVEMBER 10, 2022

Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. SecurityAffairs – hacking, ABB Totalflow). Pierluigi Paganini.

Firmware 130

Firmware Authentication Passwords Manufacturing 130

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication 88

Authentication Firmware Hacking Passwords 88

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Ransomware 87

Ransomware Firmware Hacking Manufacturing 87

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware 105

Firmware Surveillance Manufacturing Advertising 105

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware 92

Firmware Architecture Advertising Manufacturing 92

Security Affairs

SEPTEMBER 19, 2022

The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. SecurityAffairs – hacking, Log4Shell). Pierluigi Paganini.

Wireless 91

Wireless Firmware Passwords Engineering 91

Security Affairs

AUGUST 4, 2021

IN FRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. HCC Embedded has released firmware patches to address the INFRA:HALT issues. SecurityAffairs – hacking, OT). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DNS 117

DNS Manufacturing Firmware Technology 117

The Last Watchdog

SEPTEMBER 5, 2023

I had an eye-opening conversation about all of this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany. Here are a few takeaways: Minimum requirements A few years back, a spate of seminal IoT hacks grabbed the full attention of governments worldwide.

IoT 221

IoT Government Internet Internet 221

Security Affairs

DECEMBER 31, 2021

An invalidation data region is created by varying the OP area that can be changed by the user or by the firmware manager. However, a threat actor can reduce the size of the OP area using the firmware manager generating an invalid data area. SecurityAffairs – hacking, SSDs). ” reads the research paper. Pierluigi Paganini.

Malware 134

Malware Firmware Manufacturing Media 134

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. states the report published by Fortinet. “Our states the report published by Fortinet.

Firewall 84

Firewall VPN Firmware Internet 84

Security Affairs

SEPTEMBER 2, 2021

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” SecurityAffairs – hacking, BrakTooth). ” continue the researchers.

Firmware 87

Firmware Manufacturing IoT Technology 87

Security Affairs

MARCH 13, 2022

SecurityAffairs – hacking, newsletter). If you want to also receive for free the newsletter with the international press subscribe here. CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Charities and NGOs providing support in Ukraine hit by malware. Follow me on Twitter: @securityaffairs and Facebook.

Data breaches 85

Data breaches Firmware Hacking Ransomware 85