CSO Magazine

DECEMBER 6, 2022

Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable.

Firmware 80

Firmware Manufacturing Malware 80

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware). Pierluigi Paganini.

Firmware 85

Firmware Manufacturing Malware Hacking 85

Schneier on Security

AUGUST 22, 2022

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “

Encryption 315

Encryption Firmware Manufacturing Software 315

Security Boulevard

FEBRUARY 28, 2022

Machine Identities are Essential for Securing Smart Manufacturing. The Industrial Internet of Things (IIoT) puts networked sensors and intelligent devices directly on the manufacturing floor to collect data, drive artificial intelligence and do predictive analytics. Benefits of IIoT in the manufacturing sector. brooke.crothers.

Manufacturing 98

Manufacturing IoT Authentication Artificial Intelligence 98

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware 110

Firmware Hacking Authentication Advertising 110

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 118

Firmware Technology Authentication IoT 118

SC Magazine

MAY 27, 2021

Today’s columnist, Matt Wyckhouse of Finite State, says to lock down IoT devices, manufacturers have to build security in from the start. A recent Microsoft Security Signals survey found that just 29% of companies have any budget allocated to protect firmware at all. How device manufacturers can stem the tide.

Manufacturing 56

Manufacturing IoT Firmware Software 56

Security Boulevard

NOVEMBER 10, 2022

Update your Lenovo laptop’s firmware now! PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. La entrada Update your Lenovo laptop’s firmware now!

Firmware 52

Firmware Malware Manufacturing 52

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. And how do you vet those firmware updates? In IoT, [manufacturers] want that low-cost sensor.

Manufacturing 114

Manufacturing IoT Firmware Architecture 114

The Hacker News

DECEMBER 5, 2022

The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"

Manufacturing 94

Manufacturing Firmware Ransomware Malware 94

CSO Magazine

AUGUST 11, 2022

The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.

Firmware 138

Firmware Manufacturing 138

Dark Reading

SEPTEMBER 11, 2019

It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.

Firmware 72

Firmware Manufacturing Cybersecurity 72

Dark Reading

NOVEMBER 29, 2022

The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.

Firmware 81

Firmware Manufacturing Malware 81

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Update the Firmware: Router manufacturers are constantly issuing updates and patches for newly discovered firmware vulnerabilities.

Wireless 199

Wireless Firmware Firewall Manufacturing 199

ForAllSecure

DECEMBER 16, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware 52

Firmware Architecture Engineering Authentication 52

ForAllSecure

DECEMBER 15, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware 52

Firmware Architecture Engineering Authentication 52

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware 219

Firmware Manufacturing Passwords Software 219

The Hacker News

DECEMBER 21, 2021

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

Penetration Testing 124

Penetration Testing Firmware Telecommunications Manufacturing 124

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

Typically, when they are manufactured, IoT devices receive their initial identity in the form of a “digital birth certificate.” Therefore, manufacturing is the first critical link in the chain to establish trust across the IoT. Digitally signing software and firmware to ensure integrity and protect from malware.

Manufacturing 89

Manufacturing Internet Internet IoT 89

Graham Cluley

NOVEMBER 10, 2022

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers.

Firmware 104

Firmware Manufacturing Malware 104

Schneier on Security

JUNE 20, 2019

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. Here's a summary in English.

Firmware 222

Firmware Hacking Manufacturing Banking 222

Threatpost

JULY 17, 2019

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.

Firmware 51

Firmware Manufacturing Hacking 51

Security Affairs

NOVEMBER 9, 2022

Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 The root cause of the flaws is the use of a vulnerable driver during the manufacturing process for some Lenovo devices that was mistakenly not deactivated. An attacker can exploit the flaws to disable UEFI Secure Boot.

Firmware 89

Firmware Manufacturing Hacking Software 89

NSTIC

JUNE 22, 2023

d of NIST IR 8259B, that manufacturers have considered and documented their “secure software development and supply chain practices used.” The NIST SSDF (NIST SP 800-218) describes software development practices that can aid manufacturers in developing IoT products by providing guidance for the secure development of software and firmware.

IoT 64

IoT Manufacturing Cybersecurity Firmware 64

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. Millions of users are potentially impacted by these vulnerabilities.

Manufacturing 139

Manufacturing IoT Firmware VPN 139

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. Pierluigi Paganini.

Firmware 99

Firmware Manufacturing Hacking Risk 99

SecureWorld News

FEBRUARY 17, 2024

In response, manufacturers are intensifying their cybersecurity efforts, incorporating advanced CI/CD workflows to safeguard medical devices from escalating attacks. New security solutions are now aiding healthcare organizations' IT teams in promptly resolving issues, even with devices from various manufacturers.

Healthcare 98

Healthcare Manufacturing Internet Internet 98

CSO Magazine

JANUARY 14, 2022

All server manufacturers provide this functionality in firmware through a set of chips that run independent of the rest of the server and OS. Over the years, security researchers have found and demonstrated vulnerabilities in the BMC implementations of different server manufacturers and attackers have taken advantage of some of them.

Manufacturing 123

Manufacturing Firmware Cybersecurity 123

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. CVE-2022-33265 (CVSS Score 7.3) – the flaw is an Information exposure in Powerline Communication Firmware. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite.

Firmware 83

Firmware Manufacturing Software Hacking 83

CSO Magazine

MARCH 23, 2022

As a countermeasure, the manufacturer recommends firmware updates and configuration changes. According to Heise , attackers can use vulnerabilities in the firmware to remotely cause a buffer overflow in around 250 HP printer models. Gateway LLMNR protocol.

Firmware 86

Firmware Manufacturing 86

Malwarebytes

MAY 8, 2023

While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” Among them are household names like Lenovo and HP.

Firmware 96

Firmware Ransomware Backups Malware 96

Schneier on Security

NOVEMBER 15, 2019

In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at CommonCriteria (CC) EAL 4+, after fewer than 40,000 observations. Intel has a firmware update.

Firmware 213

Firmware Authentication Manufacturing 213

Security Affairs

APRIL 19, 2022

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. The Secure boot is a security standard developed by members of the PC industry to ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

Firmware 81

Firmware Manufacturing Hacking Cybersecurity 81

Malwarebytes

OCTOBER 18, 2022

Europol said the gang focused on cars from two unnamed French car manufacturers, which probably means the developers found a vulnerability in the car’s firmware that allowed them to replace the original software. Vulnerabilities in the keyless entry systems have been found in the firmware of other car manufactures.

Firmware 93

Firmware Manufacturing Software Authentication 93

Security Boulevard

MAY 27, 2022

Manufacturers need a scalable solution to address concerns like authentication, data encryption, and the integrity of firmware on connected devices. Security in IoT devices has lagged behind their production. The post Securing the IoT at Scale: How PKI Can Help appeared first on Keyfactor.

IoT 79

IoT Firmware Manufacturing Encryption 79

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data.

Firmware 301

Firmware Manufacturing Encryption Hacking 301

Doctor Chaos

FEBRUARY 28, 2022

It has been found that very tiny imperfections are added to printed materials by manufacturers, which in turn may actually be identifiers that can be used to track down a specific printer. In recent years, some manufacturers have mentioned the existence of the tracking information in printer documentation while others have not.

Manufacturing 147

Manufacturing Firmware Technology 147