Firmware, Manufacturing and Risk - Cyber Security Informer

LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions at Risk

Penetration Testing

DECEMBER 1, 2023

Numerous security vulnerabilities collectively known as LogoFAIL enable malefactors to interfere with the booting process of computer devices and implant bootkits, owing to issues related to image analysis components used by motherboard manufacturers for... The post LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions (..)

Firmware

Firmware Penetration Testing Risk Manufacturing

Gigabyte firmware component can be abused as a backdoor

CSO Magazine

MAY 31, 2023

Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild.

Firmware

Firmware Manufacturing Risk

Device manufacturers need to rethink how to lock down IoT

SC Magazine

MAY 27, 2021

Today’s columnist, Matt Wyckhouse of Finite State, says to lock down IoT devices, manufacturers have to build security in from the start. A recent Microsoft Security Signals survey found that just 29% of companies have any budget allocated to protect firmware at all. How device manufacturers can stem the tide.

Manufacturing

Manufacturing IoT Firmware Software

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

FEBRUARY 17, 2024

This and many other vulnerabilities pose a significant risk, as they not only permit unauthorized access to individual devices but also enable hackers to infiltrate huge hospital networks and cause mass disruption through malicious software. Vulnerabilities in medical devices present significant risks, expanding the potential for breaches.

Healthcare

Healthcare Manufacturing Internet Internet

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Malwarebytes

AUGUST 25, 2023

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. There are some workarounds suggested to “fix” these issues, but they’re aimed at the manufacturers as opposed to the users.

Passwords

Passwords Risk IoT Firmware

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT

IoT Firmware Risk Manufacturing

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

The researchers discovered the issue by analyzing firmware images used devices from the above manufacturers. The experts analyzed one of the core frameworks EDKII used as a part of any UEFI firmware which has its own submodule and wrapper over the OpenSSL library ( OpensslLib ) in the CryptoPkg component. Pierluigi Paganini.

Firmware

Firmware Manufacturing Hacking Software

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. We frequently hear from IT security professionals that “the risk associated with the mobile device is something we care about. SafeNet Trusted Access can detect risks on devices equipped with the SafeNet MobilePASS+ authenticator app.

Authentication

Authentication Risk Mobile Computers and Electronics

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. We frequently hear from IT security professionals that “the risk associated with the mobile device is something we care about. SafeNet Trusted Access can detect risks on devices equipped with the SafeNet MobilePASS+ authenticator app.

Authentication

Authentication Risk Mobile Computers and Electronics

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

After looking at 28 of the most popular manufacturers, our research team found 3.5 What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies. Most of the public-facing cameras we discovered are manufactured by the Chinese company Hikvision: the Cybernews research team found over 3.37

Surveillance

Surveillance Manufacturing Passwords Internet

Millions of Android Devices Are Vulnerable Out of the Box

WIRED Threat Level

AUGUST 10, 2018

Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about risks from firmware bugs introduced by manufacturers and carriers.

Firmware

Firmware Manufacturing Risk

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. percent over the same period in 2020, with 313.2

Wireless

Wireless IoT Manufacturing Mobile

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Use cases of secure IoT deployment

Thales Cloud Protection & Licensing

MAY 31, 2021

In our previous blog post , we discussed the challenges for securing IoT deployments, and how businesses and consumers benefit from authenticating and validating IoT software and firmware updates. Requirements also included that the firmware was to be signed by the manufacturer and verified by the pacemaker.

IoT

IoT Computers and Electronics Manufacturing Firmware

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS).” Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0 ” reads the advisory published by Microsoft.

Authentication

Authentication Firmware Hacking Passwords

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. states the report published by Fortinet. “Our states the report published by Fortinet.

Firewall

Firewall VPN Firmware Internet

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

And IoT devices often don’t have the firmware to install antivirus software or other protective tools. Thermostats In January, Bitdefender released a notice about a Bosch thermostat — the BCC100 — that had a firmware vulnerability. Some vulnerability management or XDR suites will support IoT devices as well as other systems.

Hacking

Hacking IoT Firmware Cybersecurity

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Security Affairs

JANUARY 10, 2020

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings. Hundreds of millions of Broadcom-based cable modems are at risk of remote hijacking due to the presence of a vulnerability dubbed Cable Haunt, CVE-2019-19494.

Firmware

Firmware DNS Manufacturing Advertising

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

Two of these vulnerabilities, tracked as CVE-2022-31805 and CVE-2022-31806, have been rated critical (CVSS scores: 9.8), 7 as high risk, and 2 as medium risk. However, many vendors who use CODESYS V2 runtime have not yet updated in time, in which case factories using these affected products are still in serious risk.”

Software

Software Manufacturing Firmware Risk

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

MARCH 10, 2021

There are so many reasons why manufacturers connect their products to the Internet, whether it’s industrial machines, medical devices, consumer goods or even cars. Additionally, many auto manufacturers now have the ability to remotely update software to fix vulnerabilities or even upgrade functionality. Device Security is Hard.

IoT

IoT Firmware Manufacturing Encryption

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

This analysis from Dirk Schrader, Vice President of Security Research, and Michael Paye, Vice President of Research and Development, is based on Netwrix’s global experience across a wide range of verticals, including technology, finance, manufacturing, government and healthcare. Understaffing will increase the role of channel partners.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Firmware

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

The researchers analyzed the firmware and set up a 2G base station in order to intercept and analyze the devices’ communications. Itel it2160 – The device was spotted transferring some info to the domain asv.transsion.com (Country, Model, Firmware version, Language. And the manufacturer if you find any incomprehensible activity.

Mobile

Mobile Malware Firmware Manufacturing

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

This vulnerability management policy defines the requirements for the [eSecurity Planet] IT and security teams to protect company resources from unacceptable risk from unknown and known vulnerabilities. Broader is always better to control risks, but can be more costly.] Vulnerability Management Policy & Procedure A.

Penetration Testing

Penetration Testing Risk Firmware Software

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Security Affairs

AUGUST 23, 2022

This, however, is not the only risk factor for users.” The experts noticed that all the devices were copycats of famous brand-name models, their names are consonant with the names of some of the models produced by popular manufacturers. ” reads the post published by Doctor Web. Android 4.4.2 ” concludes Dr.Web.

Mobile

Mobile Firmware Malware Wireless

637 flaws in industrial control system (ICS) products were published in H1 2021

Security Affairs

AUGUST 20, 2021

Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain. Of the vulnerabilities with no, or partial, remediation, 61.96% were found in firmware. Pierluigi Paganini.

Firmware

Firmware Ransomware Manufacturing Software

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

The Security Ledger

NOVEMBER 11, 2019

We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks. We’re joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks are real -and growing. Terry is a former NSA employee who specializes in firmware security.

Risk

Risk Surveillance Firmware Technology

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

The experts also shared a list of additional five weaknesses, included in the Hardware Weaknesses on the Cusp, that should be addressed by risk managers. CIOs and security managers could also use the list to assess the efficiency of their program to secure hardware within in their organizations. ” reads the announcement.

Firmware

Firmware Manufacturing Education Engineering

Experts found undocumented access feature in Siemens SIMATIC PLCs

Security Affairs

NOVEMBER 17, 2019

The researchers focused their analysis on the firmware integrity verification process implemented in the Siemens SIMATIC S7-1200 PLC. “There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. ” reads a security advisory published by Siemens.

Firmware

Firmware Advertising Manufacturing Risk

Why Healthcare IoT Requires Strong Machine Identity Management

Security Boulevard

MAY 30, 2022

Besides all the benefits IoMT devices provide, they have also introduced new risks to healthcare organizations that haven’t previously been a security priority. These new risks have created a dangerous security gap—new technology is introducing new risks and a larger attack surface. Hackable pacemakers.

Healthcare

Healthcare IoT Manufacturing Risk

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. Install updates/patch operating systems, software, and firmware as soon as they are released. ” Internet of Things.

Ransomware

Ransomware Manufacturing Passwords Internet

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

The Internet of Things: Security Risks Concerns

Spinone

MARCH 17, 2018

These smart devices include cars, household appliances, building systems such as lighting and heating, televisions, medical devices, manufacturing equipment, and many other types of systems used both in a consumer and industrial setting. Millions of smart TVs are at risk of click fraud, botnets, data theft, and ransomware.

Internet

Internet Internet Risk Computers and Electronics

An educational robot security research

SecureList

FEBRUARY 27, 2024

Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. The ADB service is disabled. ” from the cloud.

Education

Education Manufacturing Firmware Internet

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Driven by the need to secure themselves against increasing threats, organizations (both manufacturers and IoT consumers) realize that they need better built-in security. To secure data exchanged between IoT devices and the software required for operating these devices – bootstrap, firmware, apps – we need to establish a chain of trust.

IoT

IoT Manufacturing Energy and Utilities Data collection

For remote workforces, don’t overlook printer security

SC Magazine

MARCH 23, 2021

Despite the increasing move to digitalization, many industries and teams still rely on printing as a vital part of their business processes, including the legal, healthcare, manufacturing, and logistics sectors. It’s not just human error that puts an organization at risk of a security breach. The security question.

Firmware

Firmware Digital transformation Passwords Software

Critical unfixed flaws affect ABB Safety PLC Gateways

Security Affairs

DECEMBER 18, 2018

Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB. Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life.

Firmware

Firmware Advertising Manufacturing Authentication

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

FEBRUARY 11, 2019

Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. “Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0

Antivirus

Antivirus Firmware Advertising VPN

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada.

Ransomware

Ransomware Encryption Firmware Backups

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. What are the common firmware and software vulnerabilities in RF devices that can be exploited? Keeping firmware up to date is essential for security.

Encryption

Encryption Firmware Surveillance Technology

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

AUGUST 10, 2021

In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactured by at least 17 vendors. ” Should Updates Be Automated? ” Multiple Threats.

IoT

IoT DDOS Internet Internet

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

The case offered a stark demonstration of the risks U.S. “ After seeing no adverse effects, the entity deployed the firmware patch at an operational generation site that night.” “ After seeing no adverse effects, the entity deployed the firmware patch at an operational generation site that night.”

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Install updates/patch operating systems, software, and firmware as soon as they are released. hard drive, storage device, the cloud). Focus on cyber security awareness and training. Pierluigi Paganini.

Ransomware

Ransomware Passwords Backups Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. ” reads the report published by the company.

Ransomware

Ransomware DDOS Passwords Backups

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

” The IoT radio devices are manufactured by Imperial & Dabman (Series I and D) and are distributed in Germany by Telestar, but experts pointed out that it is possible to buy them via Ebay and Amazon by resellers. .” Nevertheless, the protocol on network level and in end devices is still a bigger topic than originally thought.”

IoT

IoT Hacking Firmware Advertising

LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions at Risk

Gigabyte firmware component can be abused as a backdoor

Trending Sources

Device manufacturers need to rethink how to lock down IoT

The High-Stakes Game of Ensuring IoMT Device Security

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

IoT Unravelled Part 3: Security

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Enhance your security posture by detecting risks on authenticator devices

Enhance your security posture by detecting risks on authenticator devices

3.5m IP cameras exposed, with US in the lead

Millions of Android Devices Are Vulnerable Out of the Box

EU to Force IoT, Wireless Device Makers to Improve Security

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Use cases of secure IoT deployment

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Two critical flaws affect CODESYS ICS Automation Software

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Five Cybersecurity Trends that Will Affect Organizations in 2023

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Vulnerability Management Policy Template

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

637 flaws in industrial control system (ICS) products were published in H1 2021

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Experts found undocumented access feature in Siemens SIMATIC PLCs

Why Healthcare IoT Requires Strong Machine Identity Management

FBI warns of ransomware threat to food and agriculture

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

The Internet of Things: Security Risks Concerns

An educational robot security research

Critical Success Factors to Widespread Deployment of IoT

For remote workforces, don’t overlook printer security

Critical unfixed flaws affect ABB Safety PLC Gateways

A mysterious code prevents QNAP NAS devices to be updated

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

DoS attack the caused disruption at US power utility exploited a known flaw

FBI warns of ransomware attacks targeting the food and agriculture sector

Avoslocker ransomware gang targets US critical infrastructure

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Stay Connected