Security Affairs

APRIL 2, 2025

The researchers speculate that threat actors behind this variant have compromised the supply chain, so stores may not even suspect that they are selling smartphones infected with Triada “The new version of the malware is distributed in the firmware of infected Android devices. It is located in the system framework.

Malware 124

Malware Cryptocurrency Mobile Firmware 124

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware). Pierluigi Paganini.

Firmware 98

Firmware Manufacturing Malware Hacking 98

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords 132

Passwords Software Firmware Malware 132

Security Affairs

DECEMBER 19, 2024

To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date. Below are actions recommended by Juniper Networks: Strengthen Security Practices : Change default credentials on all SSRs.

DDOS 69

DDOS Firmware Firewall Passwords 69

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware 141

Firmware Advertising Manufacturing Malware 141

Security Affairs

JUNE 27, 2022

CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. Follow me on Twitter: @securityaffairs and Facebook.

Software 112

Software Manufacturing Firmware Risk 112

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 132

Firmware Wireless Passwords Internet 132

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 02 Dec 2020 – Netgear released the new firmware v2.6.0.48

Firmware 144

Firmware Authentication Hacking Software 144

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware 134

Firmware Architecture Advertising Manufacturing 134

Daniel Miessler

MAY 14, 2020

A password manager is a piece of software that creates all these for you, keeps them stored safely, and then fills them in for you automatically when you need to log in. Keep your firmware and software updated. Keep all of your software and hardware religiously updated.

Risk 345

Risk Passwords Password Management Accountability 345

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware 123

Firmware Malware Hacking Manufacturing 123

Security Affairs

SEPTEMBER 13, 2024

The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware 142

Malware Firmware Antivirus Manufacturing 142

Security Affairs

DECEMBER 12, 2020

The National Instruments CompactRIO product , a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications. Pierluigi Paganini.

Firmware 119

Firmware Manufacturing Software Authentication 119

Security Affairs

FEBRUARY 28, 2025

The malicious code acts as a backdoor allowing attackers to download and install third-party software secretly. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus 67

Antivirus Firmware Encryption Manufacturing 67

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process. The executable resides in a UEFI firmware volume.

Firmware 98

Firmware Risk Software Passwords 98

Security Affairs

NOVEMBER 14, 2021

The FailOverFlow hacker group, known to have published in the past several PlayStation jailbreaks, published a message on Twitter that shows PS5 firmware symmetric root keys, Another one bites the dust pic.twitter.com/Y1ty93AvaE — fail0verflow (@fail0verflow) November 8, 2021. Translation: We got all (symmetric) ps5 root keys.

Firmware 129

Firmware Software Engineering Hacking 129

Security Affairs

DECEMBER 15, 2020

. “The affected products are vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. ” states the advisory.

Firmware 141

Firmware Authentication Mobile IoT 141

Security Affairs

DECEMBER 9, 2023

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.”

Firmware 135

Firmware Mobile Software Hacking 135

Security Affairs

OCTOBER 6, 2024

Baseband firmware can be affected by vulnerabilities, making it a significant attack vector. Experts warn that most smartphone basebands lack exploit mitigations commonly used in software development. “Pixel’s proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

Firmware 135

Firmware Mobile Spyware Software 135

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Lenovo released updates to address the vulnerabilities impacting the ThinkPad X13s BIOS.

Firmware 98

Firmware Manufacturing Software Hacking 98

Security Affairs

AUGUST 10, 2019

. “We were able to find the presence of a Remote Code Execution (RCE) vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then failed to apply subsequent security patches to.” Avaya addressed the issue with the release of new firmware on June 25. Only the H.323

Firmware 109

Firmware IoT Advertising Software 109

Security Affairs

NOVEMBER 25, 2022

The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. OpenSSL contains an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. ” continues the report.

Firmware 103

Firmware Manufacturing Hacking Software 103

Security Affairs

FEBRUARY 4, 2021

” The IT giant revealed that the vulnerabilities affect the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.01.02: RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with POE RV260W Wireless-AC VPN Router. Pierluigi Paganini.

VPN 131

VPN Small Business Wireless Firmware 131

Security Affairs

JULY 28, 2020

That’s why I created #BürtleinaBoard : to have a more usable breakout-board around BUSSide software framework. Flashing Firmware: Flashing BUSSide firmware inside the NodeMCU is quick and easy: # apt-get install esptool # git clone [link] # esptool --port /dev/ttyUSB0 write_flash 0x00000 BUSSide/FirmwareImages/*.bin.

IoT 145

IoT Hacking Firmware Advertising 145

Security Affairs

JULY 11, 2019

. “A potential security vulnerability in the Intel® Processor Diagnostic Tool may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.” ” reads the security advisory.

Firmware 109

Firmware Advertising Authentication Hacking 109

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Ransomware 111

Ransomware Firmware Wireless Encryption 111

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. The “Showcase.apk” package, developed by Smith Micro, is part of the firmware image on millions of Android Pixel phones, potentially enhancing sales in Verizon stores.

Hacking 144

Hacking Firmware Mobile Penetration Testing 144

Security Affairs

NOVEMBER 9, 2022

Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1

Firmware 110

Firmware Manufacturing Hacking Software 110

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. . “Some of the security issues were detected more than once.

Manufacturing 145

Manufacturing IoT Firmware VPN 145

Security Affairs

AUGUST 24, 2021

Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. On August 15, firmware security company IoT Inspector published details about the flaws.

IoT 136

IoT Firmware Internet Internet 136

Security Affairs

NOVEMBER 9, 2020

This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications. Working exploits were already reported to software vendors that will address the vulnerabilities discovered by the experts in the coming weeks.

Hacking 144

Hacking Firmware Software Government 144

Security Affairs

DECEMBER 31, 2021

” The operating system and any applications running on it have no visibility on the over-provisioning, this means that security software is not able to inspect their content looking for a malicious code. An invalidation data region is created by varying the OP area that can be changed by the user or by the firmware manager.

Malware 145

Malware Firmware Manufacturing Media 145

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence. Follow me on Twitter: @securityaffairs and Facebook.

Malware 116

Malware Firmware Architecture Firewall 116

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware.

Ransomware 119

Ransomware Firmware Encryption Engineering 119

Security Affairs

MAY 25, 2023

The company pointed out that the released patch is “beta software or hot-fix release,” which is still undergoing final testing. “Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. ” We are in the final!

Firmware 98

Firmware Authentication Software Hacking 98

Security Affairs

AUGUST 17, 2022

“A potential security vulnerability in some Intel® Processors may allow information disclosure.Intel is releasing firmware updates to address this potential vulnerability.” “As the I/O address space is only accessible to privileged software, ÆPIC Leak targets Intel’s TEE, SGX.

Architecture 101

Architecture Firmware Software Information Security 101

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. ” reads the security advisory.

Firmware 101

Firmware Passwords Advertising IoT 101