Firmware, Internet and Technology - Cyber Security Informer

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons.

Firmware

Firmware Technology Authentication IoT

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. These are the carriers that provide Internet access to rural areas all across America. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware

Firmware Firewall Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

The Hacker News

NOVEMBER 28, 2022

Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.

Firmware

Firmware IoT Internet Internet

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Conclusions.

Firmware

Firmware DNS Malware Technology

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Firmware is on everything from hard drives, motherboards and routers to office printers and smart medical devices. The Chinese are all over this.

Firmware

Firmware Hacking Software Surveillance

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

The Last Watchdog

JUNE 26, 2023

Singapore, June 26, 2023 – Hardware cybersecurity solutions pioneer Flexxon today announced the appointment of Erik Nilsen, PhD, as its Chief Technology Strategist. Flexxon’s flagship cybersecurity solution, the X-PHY® Cybersecure SSD, is the world’s first AI-embedded firmware-based cybersecurity solution.

Technology

Technology Marketing Firmware Media

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast.

Firmware

Firmware Hacking Internet Internet

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. A Safer Internet of Things. Don’t Forget the Application Layer.

Internet

Internet Internet IoT Software

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

MARCH 19, 2020

Configure a Firewall: Most routers come with a built-in firewall to block unauthorized incoming internet traffic. Update the Firmware: Router manufacturers are constantly issuing updates and patches for newly discovered firmware vulnerabilities. They only work if they’re configured.

Wireless

Wireless Firmware Firewall Manufacturing

To Make the Internet of Things Safe, Start with Manufacturing

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

This aptly describes the Internet of Things (IoT), where many small things are coming together to shape what we all hope will deliver a great leap in the way we live and do business. Digitally signing software and firmware to ensure integrity and protect from malware. 1 priority in the enterprise.” Controlling Production Runs.

Manufacturing

Manufacturing Internet Internet IoT

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. I had an eye-opening conversation about all of this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany.

IoT

IoT Government Internet Internet

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Malwarebytes

MAY 8, 2023

While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” Among them are household names like Lenovo and HP. Prevent intrusions.

Firmware

Firmware Ransomware Backups Malware

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware

Firmware Surveillance Marketing VPN

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

The Last Watchdog

JUNE 27, 2023

Typical applications include green IIoT technologies like charging stations, smart meters, and PV inverters, for which only a small amount of memory is required to run boot software or to communicate with cloud applications. The proliferation of IIoT technologies is particularly evident in smart cities. Westford, Mass.,

IoT

IoT Manufacturing Media Technology

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. While Teslas aren’t the typical business IoT device, their connection to the internet makes them a cyber threat as much as your business’s other IoT technology.

Hacking

Hacking IoT Firmware Cybersecurity

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

Wearable technologies continuously monitor vital signs such as heart rate, while larger equipment like dialysis machines and ventilators operate tirelessly to support critical bodily functions. Being constantly connected to the internet, they are either protected by basic passwords or, in some cases, have no password protection at all.

Healthcare

Healthcare Manufacturing Internet Internet

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

Malwarebytes

AUGUST 24, 2021

Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed Denial of Service (DDoS) attacks. The vulnerabilities were found and disclosed by IoT Inspector , a platform for automated security analysis of IoT firmware. Vulnerabilities.

Firmware

Firmware IoT Internet Internet

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance. I had the chance to talk about DigiCert’s perspective with Jason Sabin, DigiCert’s Chief Technology Officer. Advanced data security technologies, no matter how terrific, are just one piece of the puzzle.

Digital transformation

Digital transformation Computers and Electronics Cybersecurity Encryption

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update.

Firewall

Firewall Firmware IoT Authentication

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. Marrapese documented his findings in more detail here.

IoT

IoT Firewall Manufacturing Computers and Electronics

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Korenix has developed another firmware that the organization incorporates in its JetNet industrial switches. Malicious firmware and bootloader uploads are possible too.

Firmware

Firmware Energy and Utilities Cyber Attacks Surveillance

Building a foundation of trust for the Internet of Things

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

In the digital transformation era, companies across all sectors are using next-generation technologies to streamline their operations, deliver value to customers, and gain a competitive edge. Invariably, Internet of Things (IoT) strategies form the backbone of those efforts.

Internet

Internet Internet IoT Manufacturing

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Security Affairs

SEPTEMBER 19, 2022

Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ, which is a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models. present in the majority of NETGEAR firmware images in our corpus.”

Firmware

Firmware Passwords Technology Hacking

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking. could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS).”

Authentication

Authentication Firmware Hacking Passwords

The Internet of Things: Security Risks Concerns

Spinone

MARCH 17, 2018

The Internet of Things (IoT) is a term used to describe the network of interconnected electronic devices with “smart” technology. billion “things” connected to the Internet , a 30% increase from 2015. There are several reasons why the Internet of Things is such a threat to our digital security.

Internet

Internet Internet Risk Computers and Electronics

Patch Management vs Vulnerability Management: What’s the Difference?

eSecurity Planet

APRIL 28, 2023

Third-party vendor systems include Operating Systems (OS), firmware (software installed on hardware), and applications. but also applies to firmware that controls equipment such as hard drives, network routers, and security cameras. Many vulnerabilities, such as legacy tech, cannot be fixed using patches.

Penetration Testing

Penetration Testing IoT Firmware Software

Keep Calm and Check Your Public Wi-Fi Connection

Approachable Cyber Threats

JANUARY 17, 2023

We need access to the internet wherever we go here in the digital age. Our reliance on the internet means we tend to look for convenient ways to connect our electronic devices to the internet when we aren’t home - usually relying on public Wi-Fi at coffee shops, restaurants, hotels, airports, etc. Is public Wi-Fi safe to use?”

Encryption

Encryption Internet Internet VPN

SonicWall released patch for actively exploited SMA 100 zero-day

Security Affairs

FEBRUARY 4, 2021

SonicWall this week released firmware updates (version 10.2.0.5-29sv) “SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv We have also tested the shared PoC code and have so far concluded that it is not effective against firmware released after the 2015 patch.” continues the update.

Firmware

Firmware Mobile Media Internet

Securing Public Sector Against IoT Malware in 2024

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. Today’s Internet of Things might as well be called the Internet of Threats. However, as IoT innovation and adoption grows, so do the associated security risks. Adding urgency to this imperative for U.S.

IoT

IoT Malware Education Government

Device manufacturers need to rethink how to lock down IoT

SC Magazine

MAY 27, 2021

Embedded, internet-connected devices control the most critical infrastructure on the planet. A recent Microsoft Security Signals survey found that just 29% of companies have any budget allocated to protect firmware at all. The Security Signals research said that attacks on firmware increased five-fold in four years.

Manufacturing

Manufacturing IoT Firmware Software

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

CyberPower is a prominent supplier of data center hardware and infrastructure solutions, with a specific focus on cutting-edge power protection technologies and effective power management systems. of PowerPanel Enterprise software and version 1.44.08042023 of the Dataprobe iBoot PDU firmware.

Hacking

Hacking Firmware Authentication Software

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Manufacturing Passwords Internet

FBI warns food and agriculture to brace for seasonal ransomware attacks

Malwarebytes

APRIL 28, 2022

In September 2021 , the agency revealed that ransomware threat actors were ramping up attacks as the sector adopted more smart technologies. In the last decade, the agriculture sector has been through a rapid technological transformation as traditional farm machinery—such as tractors—have joined the Internet of Things (IoT).

Ransomware

Ransomware Technology Firmware Internet

Router security in 2021

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. In early 2022, for instance, a security researcher effectively cut off the whole North Korea from the internet by exploiting unpatched vulnerabilities in critical routers and other network equipment. Conclusion.

DDOS

DDOS Passwords IoT Firmware

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? Hangzhou Xiongmai Technology Co., In fact, the researchers found it was trivial to set up a system that mimics the XMEye cloud and push malicious firmware updates to any device.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As public and private sector entities gradually march toward 5G, the financial burden of piling security standards could force some Internet of Things device manufacturers to walk away from highly regulated markets like defense. The Internet of Things Cybersecurity Improvement Act of 2020 , which was enacted Dec.

Manufacturing

Manufacturing IoT Firmware Architecture

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Episode 147: Forty Year Old GPS Satellites offer a Warning about securing the Internet of Things

The Security Ledger

MAY 29, 2019

But what does it tell us about the security of the Internet of Things? The post Episode 147: Forty Year Old GPS Satellites offer a Warning about securing the Internet of Things appeared first on The Security. But what does it tell us about the security of the Internet of Things? Bill Malik of Trend Micro joins us to discuss.

Internet

Internet Internet Digital transformation Software

Announcing our open source security key test suite

Google Security

NOVEMBER 13, 2020

These technologies are trusted by a growing number of websites to provide phishing-resistant two-factor authentication (2FA). As the protocol specification continues to evolve—there is already a draft of CTAP 2.1—corner corner cases that can cause interoperability problems are bound to appear.

Firmware

Firmware Authentication Engineering Technology

Key Developments in IoT Security

Thales Cloud Protection & Licensing

JULY 15, 2021

Remember the early days of the emergence of Internet of Things (IoT) devices? Digital identification would fulfill a critical element of attaining a zero trust architecture, especially important for industrial technology edge devices. Is there IoT security awareness training for employees who use the technology? Data security.

IoT

IoT Data privacy Technology Risk

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Webinars

Trending Sources

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Webinars

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

The Internet of Things Is Everywhere. Are You Secure?

5 Ways to Ensure Home Router Security with a Remote Workforce

To Make the Internet of Things Safe, Start with Manufacturing

3.5m IP cameras exposed, with US in the lead

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Ubiquiti: Change Your Password, Enable 2FA

Patch now! Insecure Hikvision security cameras can be taken over remotely

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

The High-Stakes Game of Ensuring IoMT Device Security

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

VulnRecap 1/16/24 – Major Firewall Issues Persist

CISA Order Highlights Persistent Risk at Network Edge

P2P Weakness Exposes Millions of IoT Devices

Industrial Switches from different Vendors Impaired by Similar Exposures

Building a foundation of trust for the Internet of Things

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

The Internet of Things: Security Risks Concerns

Patch Management vs Vulnerability Management: What’s the Difference?

Keep Calm and Check Your Public Wi-Fi Connection

SonicWall released patch for actively exploited SMA 100 zero-day

Securing Public Sector Against IoT Malware in 2024

Device manufacturers need to rethink how to lock down IoT

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

FBI warns of ransomware threat to food and agriculture

FBI warns food and agriculture to brace for seasonal ransomware attacks

Router security in 2021

Naming & Shaming Web Polluters: Xiongmai

March to 5G could pile on heavier security burden for IoT device manufacturers

MoonBounce: the dark side of UEFI firmware

Episode 147: Forty Year Old GPS Satellites offer a Warning about securing the Internet of Things

Announcing our open source security key test suite

Key Developments in IoT Security

Stay Connected