Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. We take reports from the security research community very seriously and conduct investigations as soon as we receive them.”

Firmware 351

Firmware Passwords Internet Internet 351

Security Affairs

APRIL 3, 2024

“The most severe of these issues is a high security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.” ” reads the Android Security Bulletin—April 2024. ” reads the advisory.

Spyware 109

Spyware Firmware Hacking Information Security 109

Schneier on Security

NOVEMBER 6, 2018

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. EDITED TO ADD: The NSA is known to attack firmware of SSDs.

Encryption 235

Encryption Firmware Advertising Software 235

Krebs on Security

FEBRUARY 26, 2020

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Patch 2 , and that those with firmware versions before ZLD V4.35 Patch 0 through ZLD V4.35

Firewall 257

Firewall Firmware VPN IoT 257

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Firmware 129

Firmware Advertising Manufacturing Malware 129

Security Affairs

JULY 15, 2021

SonicWall has issued an urgent security alert to warn customers of “ an imminent ransomware campaing ” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “ an imminent ransomware campaing ” targeting some of its equipment that reached end-of-life (EoL). x firmware versions. 34 or 9.0.0.10

Firmware 111

Firmware Ransomware Passwords Mobile 111

Schneier on Security

JUNE 21, 2019

Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. It seems to be the work of criminals, but it could just as easily have been a nation-state.

Firmware 259

Firmware Manufacturing Malware Mobile 259

CSO Magazine

JUNE 2, 2022

The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products. Firmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups.

Firmware 100

Firmware Ransomware Engineering 100

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” states the advisory. . ” states the advisory.

Firmware 135

Firmware Authentication Hacking Software 135

Security Affairs

OCTOBER 4, 2023

Chipmaker Qualcomm released security updates to address 17 vulnerabilities in several components. Google Threat Analysis Group and Google Project Zero experts focus on attacks carried out by nation-state actors or surveillance firms, this means that one of these threat actors may be behind the exploitation of the Qualcomm flaws.

Firmware 101

Firmware Surveillance Authentication Manufacturing 101

eSecurity Planet

APRIL 14, 2023

Two security researchers also looked at the file and agreed it is signed with the company’s certificate.” But depending on what code and data the hackers got access to, the worst-case scenario is that cyber criminals could create malicious firmware — and signed certificates to vouch for its authenticity.

Cyber Attacks 116

Cyber Attacks Firmware Marketing Authentication 116

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware 119

Firmware Cybersecurity Encryption Financial Services 119

CyberSecurity Insiders

JULY 16, 2021

Therefore, customers using Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products are being urged to disconnect those devices from internet as they are on the verge of getting cyber attacked and injected with file encrypting malware as its 8.x x firmware is going to reach its EOL aka End of Life.

Ransomware 145

Ransomware Firmware Cyber Attacks Firewall 145

Security Affairs

SEPTEMBER 6, 2023

The flaws impact firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 of the RT-AX55, RT-AX56U_V2, and RT-AC86U ASUS routers. A remote, unauthenticated attacker can exploit the flaw to gain remote code execution to perform arbitrary operations on the device or interrupt service.

Firmware 130

Firmware Hacking Internet Internet 130

Security Affairs

JANUARY 27, 2023

Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560, that impacts more than 100 printer models.

Firmware 94

Firmware Hacking 94

Security Boulevard

AUGUST 24, 2021

Picture a house equipped with state-of-the-art alarm systems, sensors, locks and cameras. However, if a savvy thief managed to infiltrate the residence through its crawl space, the very foundation of the house might be putting the overall security of the home at risk.

Firmware 119

Firmware Software Risk Security Awareness 119

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Now for the big challenge - security. The "s" in IoT is for Security Ok, so the joke is a stupid oldie, but a hard truth lies within it: there have been some shocking instances of security lapses in IoT devices.

IoT 358

IoT Firmware Risk Manufacturing 358

Security Affairs

MARCH 29, 2023

The company states that the vulnerability affects QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) QNAP operating systems. The vulnerability was discovered by security firm Synacktiv, it is a sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit. Go to Control Panel > System > Firmware Update.

Firmware 96

Firmware Hacking Internet Internet 96

Security Affairs

FEBRUARY 7, 2024

The vulnerability CVE-2023-40547 is an RCE in http boot support that can lead to Secure Boot bypass “A remote code execution vulnerability was found in Shim. shim is a small piece of code used by most Linux distributions in the boot process to support Secure Boot. .” ” reads the advisory. ” reads the advisory.

Firmware 115

Firmware Hacking Information Security 115

LRQA Nettitude Labs

NOVEMBER 1, 2023

For the second year running, LRQA Nettitude took part in the well-known cyber security competition Pwn2Own , held in Toronto last week. Firmware Updates Pwn2Own requires exploits to work against the latest firmware versions at the time of the competition. Unfortunately, each of our attempts failed in unexpected ways.

Firmware 65

Firmware Authentication Software 65

eSecurity Planet

NOVEMBER 4, 2021

It’s been an active week for security vulnerabilities, with MITRE and the U.S. Meanwhile, MITRE and the Hardware CWE Special Interest Group (SIG) published a list of dangerous hardware weaknesses, with the goal of raising awareness and preventing major security issues. See our list of the Top Patch Management Tools.

Software 109

Software Firmware Computers and Electronics Risk 109

Google Security

OCTOBER 9, 2023

Posted by Andrew Walbran, Android Rust Team Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Many security-critical components of an Android system run in a “bare-metal” environment, outside of the Linux kernel, and these are historically written in C.

Firmware 138

Firmware Architecture Engineering 138

Security Affairs

FEBRUARY 6, 2024

Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.”

Malware 109

Malware Firmware VPN Backups 109

Security Affairs

JULY 18, 2021

SonicWall this week has issued an urgent security alert to warn companies of “ an imminent ransomware campaing ” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.

Ransomware 117

Ransomware Firmware Mobile InfoSec 117

Malwarebytes

MAY 8, 2023

While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” ” Researchers are now starting to unravel the significance of the stolen data.

Firmware 89

Firmware Ransomware Backups Malware 89

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence 102

Artificial Intelligence Firmware Data breaches Hacking 102

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. in its firewall devices.

Firmware 89

Firmware Firewall Authentication VPN 89

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 120

Firmware Authentication Engineering Hacking 120

Security Boulevard

OCTOBER 10, 2021

This new virtual target, an ASUS DSL modem with recent firmware, can be compromised […]… Read More. The post SecTor Episode MMXXI: Return of The Hack Lab appeared first on The State of Security. The post SecTor Episode MMXXI: Return of The Hack Lab appeared first on Security Boulevard.

Hacking 104

Hacking Firmware 104

Security Boulevard

NOVEMBER 10, 2022

Update your Lenovo laptop’s firmware now! PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Read more in my article on the Tripwire State of Security blog.

Firmware 52

Firmware Malware Manufacturing 52

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware 120

Firmware Wireless Passwords Internet 120

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable.

Firmware 125

Firmware Encryption Authentication Passwords 125

CyberSecurity Insiders

DECEMBER 30, 2021

Iranian Cybersecurity firm Amnpardaz has released a security report stating that HP iLO devices were loaded with a data wiping malware dubbed iLOBleed. But researchers from Amnpardaz state that the attack needs a lot of technical expertise that only few hackers in the world can exhibit.

Malware 140

Malware Firmware Cyber threats Software 140

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware 126

Firmware Encryption Ransomware Advertising 126

SecureList

DECEMBER 27, 2023

Today, on December 27, 2023, we ( Boris Larin , Leonid Bezvershenko , and Georgy Kucherin ) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg.

Firmware 145

Firmware Engineering Spyware Retail 145

eSecurity Planet

MAY 18, 2023

While the Cisco Product Security Incident Response Team (PSIRT) says it’s not aware of any malicious use of these flaws, it says proof-of-concept exploit code is available online. The vulnerabilities are caused by improper validation of requests sent to the switches’ web interfaces, the company said.

Small Business 100

Small Business Firmware Ransomware Software 100

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The company states that devices running the Nebula cloud management mode are not impacted.

VPN 112

VPN Firewall Firmware Authentication 112