Security Affairs

NOVEMBER 5, 2024

The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. Affected devices use VHD PTZ camera firmware < 6.3.40 Organizations using VHD PTZ camera firmware < 6.3.40 VulnCheck alerted affected manufacturers to the flaws, only receiving a response from PTZOptics.

Firmware 128

Firmware Manufacturing Authentication IoT 128

Security Affairs

MARCH 9, 2025

Experts discovered an undocumented hidden feature in the ESP32 microchip manufactured by Espressif, which is used in over 1 billion devices. At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif.

Manufacturing 129

Manufacturing IoT Firmware Mobile 129

Schneier on Security

JUNE 20, 2019

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. Here's a summary in English.

Firmware 264

Firmware Hacking Manufacturing Banking 264

SecureWorld News

JUNE 18, 2025

Recent research from Forescout has revealed that roughly 35,000 solar power systems are exposed to the internet, with researchers discovering 46 new vulnerabilities across three major manufacturers that could potentially destabilize power grids. Use boot verification and firmware integrity checks to detect unauthorized modifications.

Firmware 105

Firmware Manufacturing IoT Mobile 105

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware 145

Firmware Hacking Authentication Advertising 145

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Researchers from firmware security firm Binarly now report that Bootkitty Linux UEFI bootkit exploits the LogoFAIL flaw CVE-2023-40238 to compromise systems running on vulnerable firmware.

Firmware 109

Firmware Manufacturing Authentication Malware 109

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. x) may also be vulnerable.

Hacking 132

Hacking Firmware Software Manufacturing 132

Security Affairs

JANUARY 17, 2025

The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions.

Firmware 110

Firmware Technology Software Manufacturing 110

Security Affairs

NOVEMBER 6, 2024

0795 or above) Taiwanese manufacturer QNAP also patched three zero-day vulnerabilities that were exploited by security researchers during the recent Pwn2Own Ireland 2024. Midnight Blue assumes all Synology firmware versions before the patch are vulnerable, so users should apply the patch immediately. 10053 or above) Synology Photos 1.6

Firmware 127

Firmware Manufacturing Hacking Media 127

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware 219

Firmware Manufacturing Passwords Software 219

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Update the Firmware: Router manufacturers are constantly issuing updates and patches for newly discovered firmware vulnerabilities.

Wireless 199

Wireless Firmware Firewall Manufacturing 199

SecureList

JULY 6, 2022

As a rule, this means that the source code of the device’s firmware is unavailable and all the researcher can use is the user manual and a few threads on some user forum discussing the device’s operation. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware.

Firmware 125

Firmware IoT Architecture Manufacturing 125

Schneier on Security

NOVEMBER 15, 2019

In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at CommonCriteria (CC) EAL 4+, after fewer than 40,000 observations. Intel has a firmware update.

Firmware 251

Firmware Authentication Manufacturing 251

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data.

Firmware 271

Firmware Manufacturing Encryption Hacking 271

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 363

IoT Firmware Risk Encryption 363

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 124

Firmware Technology Authentication IoT 124

CSO Magazine

MAY 31, 2023

Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild.

Firmware 103

Firmware Manufacturing Risk 103

The Last Watchdog

AUGUST 26, 2024

The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware 100

Firmware IoT Manufacturing Cyber Risk 100

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware). Pierluigi Paganini.

Firmware 98

Firmware Manufacturing Malware Hacking 98

Security Affairs

DECEMBER 26, 2024

. “One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” Hardware manufacturers do not always issue patches for retired devices, and the manufacturer itself may sometimes be defunct. ” concludes the report.

Manufacturing 91

Manufacturing Malware Firmware IoT 91

Penetration Testing

JUNE 17, 2025

The WAGO Device Manager is a configuration tool embedded in the firmware of WAGO’s industrial control systems (ICS). It enables technicians to configure, monitor, and manage programmable logic controllers (PLCs) and other WAGO components used in automation environments across manufacturing, energy, and transportation sectors.

Firmware 60

Firmware Penetration Testing Manufacturing Advertising 60

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. And how do you vet those firmware updates? In IoT, [manufacturers] want that low-cost sensor.

Manufacturing 114

Manufacturing IoT Firmware Architecture 114

CSO Magazine

AUGUST 11, 2022

The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.

Firmware 138

Firmware Manufacturing 138

SecureWorld News

DECEMBER 8, 2024

Preparing for a quantum future: steps for organizations Engage with manufacturers and third parties: Collaborate with vendors and partners to implement PQC solutions for essential services. Static firmware means that hardware must be replaced every time there is a security issue, which can be costly and inefficient.

Encryption 119

Encryption Firewall Firmware Education 119

Krebs on Security

APRIL 26, 2019

Although it may seem impossible to enumerate more than a million devices with just a six-digit ID, Marrapese notes that each ID begins with a unique alphabetic prefix that identifies which manufacturer produced the device, and there are dozens of companies that white-label the iLnkP2P software.

IoT 278

IoT Firewall Manufacturing Computers and Electronics 278

Penetration Testing

DECEMBER 1, 2023

Numerous security vulnerabilities collectively known as LogoFAIL enable malefactors to interfere with the booting process of computer devices and implant bootkits, owing to issues related to image analysis components used by motherboard manufacturers for... The post LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions (..)

Firmware 85

Firmware Penetration Testing Risk Manufacturing 85

The Last Watchdog

MAY 16, 2022

Supply chains have vulnerabilities at touchpoints with manufacturers, suppliers, and other service providers.”. Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client.

Cyber Attacks 273

Cyber Attacks Firmware Manufacturing Artificial Intelligence 273

The Hacker News

DECEMBER 21, 2021

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

Penetration Testing 136

Penetration Testing Firmware Telecommunications Manufacturing 136

Security Boulevard

FEBRUARY 28, 2022

Machine Identities are Essential for Securing Smart Manufacturing. The Industrial Internet of Things (IIoT) puts networked sensors and intelligent devices directly on the manufacturing floor to collect data, drive artificial intelligence and do predictive analytics. Benefits of IIoT in the manufacturing sector. brooke.crothers.

Manufacturing 98

Manufacturing IoT Authentication Artificial Intelligence 98

CSO Magazine

DECEMBER 6, 2022

Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable.

Firmware 80

Firmware Manufacturing Malware 80

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

Typically, when they are manufactured, IoT devices receive their initial identity in the form of a “digital birth certificate.” Therefore, manufacturing is the first critical link in the chain to establish trust across the IoT. Digitally signing software and firmware to ensure integrity and protect from malware.

Manufacturing 89

Manufacturing Internet Internet IoT 89

Dark Reading

OCTOBER 18, 2023

Under the Security Appraisal Framework and Enablement (SAFE) program, device manufacturers would be able to work with approved auditors to verify firmware.

Firmware 75

Firmware Manufacturing 75

Security Affairs

SEPTEMBER 16, 2024

The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698. “We do not recommend that security researchers act in this manner, as they expose end-users to further risks without patches being available from the manufacturer.” DIR-X4860 A1 firmware version 1.00, 1.04

Wireless 132

Wireless Firmware Manufacturing Hacking 132

The Hacker News

DECEMBER 5, 2022

The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"

Manufacturing 105

Manufacturing Firmware Ransomware Malware 105

Malwarebytes

FEBRUARY 18, 2025

Some modern drives come with a secure erase command embedded in the firmware, but you need special software to execute the command, and it may require several rounds of overwrite. The exact steps depend on your computer’s manufacturer and model.

Marketing 113

Marketing Firmware Software Manufacturing 113

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. Millions of users are potentially impacted by these vulnerabilities.

Manufacturing 145

Manufacturing IoT Firmware VPN 145