Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 136

Firmware Mobile Technology Hacking 136

Security Affairs

APRIL 18, 2025

. “An improper authentication control vulnerability exists in certain ASUS router firmware series. “We have released new firmware update for 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series.” Asus also urges users to update the routers firmware via the ASUS support page when available.

Firmware 118

Firmware Authentication Passwords VPN 118

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The experts reported that at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes worldwide were shipped with the backdoored firmware.

Firmware 143

Firmware Malware Internet Internet 143

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. First seen.

Firmware 145

Firmware DNS Malware Internet 145

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware 144

Firmware Malware System Administration Technology 144

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware 126

Firmware IoT Architecture Encryption 126

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The three buffer overflow vulnerabilities in UEFI firmware, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, were discovered by researchers from ESET. Pierluigi Paganini.

Firmware 142

Firmware Hacking Technology Information Security 142

Security Affairs

OCTOBER 22, 2024

. “By interacting with the IOCTL M2M1SHOT_IOC_PROCESS , the driver which provides hardware acceleration for media functions like JPEG decoding and image scaling may map the userspace pages to I/O pages, execute a firmware command and tear down mapped I/O pages.” ” continues Google Project Zero.

Firmware 145

Firmware Mobile Spyware Media 145

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory. .

Firmware 127

Firmware Spyware Hacking Information Security 127

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 363

Firmware Passwords Internet Internet 363

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Researchers from firmware security firm Binarly now report that Bootkitty Linux UEFI bootkit exploits the LogoFAIL flaw CVE-2023-40238 to compromise systems running on vulnerable firmware.

Firmware 109

Firmware Manufacturing Hacking Malware 109

Security Affairs

NOVEMBER 5, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Organizations using VHD PTZ camera firmware < 6.3.40 reads the analysis published by GreyNoise.

Firmware 128

Firmware Manufacturing Authentication IoT 128

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware 136

Firmware Architecture Internet Internet 136

Security Affairs

JANUARY 17, 2025

The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions.

Firmware 110

Firmware Technology Software Manufacturing 110

Security Affairs

NOVEMBER 6, 2024

However, since the vulnerability has a high potential for criminal abuse, and millions of devices are affected, a media reach-out was made to inform system owners of the issue and to stress the point that immediate mitigative actions are required.” Official guidance from Synology can be found on their advisories page.

Firmware 127

Firmware Manufacturing Hacking Media 127

Security Affairs

JANUARY 15, 2025

“The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” ” These findings suggest that the data was likely stolen in the fall of 2022, but it’s unclear how attackers have obtained this information.

VPN 133

VPN Passwords Firewall Firmware 133

Krebs on Security

JANUARY 11, 2021

The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear. ” Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company’s user support forum.

Passwords 362

Passwords Authentication Firmware Accountability 362

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 133

Firmware Firewall Hacking Internet 133

Schneier on Security

JANUARY 14, 2022

They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors. We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device.

Malware 351

Malware IoT Firmware Internet 351

Security Affairs

NOVEMBER 9, 2024

As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. CVE-2024-8356 : Unsigned code vulnerability in VIP MCU, allowing unauthorized firmware uploads that could impact vehicle subsystems.

Hacking 132

Hacking Firmware Software Manufacturing 132

SecureWorld News

DECEMBER 8, 2024

This approach poses a significant threat, as sensitive information transmitted today could be decrypted in the future. For example, in the financial sector, if a quantum computer breaks encryption on data in transit, a threat actor could access confidential information, resulting in severe financial and reputational damage.

Encryption 119

Encryption Firewall Firmware Education 119

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates. ” concludes the report.

Firmware 124

Firmware Government Firewall Malware 124

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. If this data was compromised, it could potentially expose a huge amount of very personal information about their owners, information that never existed in digital form before the advent of IoT. Or vibrator.

IoT 363

IoT Firmware Risk Encryption 363

Malwarebytes

FEBRUARY 18, 2025

This is the type of method we would like to see when it comes to sensitive data like medical information. Some modern drives come with a secure erase command embedded in the firmware, but you need special software to execute the command, and it may require several rounds of overwrite.

Marketing 121

Marketing Firmware Software Manufacturing 121

Schneier on Security

NOVEMBER 15, 2019

In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. Intel has a firmware update. Attack website. News articles. Boing Boing post.

Firmware 251

Firmware Authentication Manufacturing 251

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. The SPF information is included in the domains DNS records as a TXT record. “The malspam campaign we investigated was large in scope, involving approximately 20,000 sender domains.

DNS 139

DNS Malware Firmware DDOS 139

The Last Watchdog

AUGUST 26, 2024

The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware 100

Firmware IoT Manufacturing Cyber Risk 100

Security Affairs

JUNE 9, 2025

“Most of these bots don’t stay active after the device restarts because some device firmware doesn’t allow changes to the file system. ” concludes the report. To protect against infections like these, we recommend updating vulnerable devices as soon as security patches become available.

IoT 139

IoT Firmware Malware Architecture 139

Security Affairs

JANUARY 19, 2025

” The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service. Planet Technology has released firmware version 1.305b241111 to address these issues. .” reads the advisory published by Claroty. ” concludes the report.

Firmware 72

Firmware IoT Wireless Surveillance 72

Security Affairs

JANUARY 24, 2025

In March 2023, Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540 , deployed custom malware on a SonicWall SMA appliance.The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. reads the report published by Mandiant.

Firmware 75

Firmware Malware Authentication Mobile 75

Security Affairs

NOVEMBER 25, 2024

” The vendor addressed these vulnerabilities with the release of firmware version 5.39 . “Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.” ” reads the update published by the company.

Firewall 77

Firewall Ransomware VPN Firmware 77

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. Vendor supplies information.

Firmware 144

Firmware Encryption Authentication Hacking 144

Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Malware 123

Malware Cryptocurrency Firmware Mobile 123

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Keep Software Updated : Apply the latest firmware updates to patch vulnerabilities. Implement strong, unique passwords across devices.

DDOS 68

DDOS Firmware Firewall Passwords 68

Security Affairs

JANUARY 21, 2022

At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single component within the firmware image to intercept the original execution flow of the machine’s boot sequence and inject the sophisticated implant. Pierluigi Paganini.

Firmware 145

Firmware Malware Spyware Surveillance 145

The Hacker News

APRIL 3, 2024

The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [

Firmware 143

Firmware 143