Tag: firmware
-
Counterfeit Phones Carrying Hidden Revamped Triada Malware
by
in SecurityNewsThe malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/counterfeit-phones-infected-triada-malware
-
Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws
by
in SecurityNews
Tags: access, ai, control, cybersecurity, exploit, firmware, flaw, Hardware, microsoft, mitigation, monitoring, risk, soc, supply-chain, tool, update, vulnerability, vulnerability-management, zero-dayAI-powered discovery changes the cybersecurity landscape: Microsoft’s Security Copilot tool significantly accelerated the vulnerability identification process, with a particular focus on filesystem implementations due to their high vulnerability potential.”Using Security Copilot, we were able to identify potential security issues in bootloader functionalities, focusing on filesystems due to their high vulnerability potential,” the blog stated. “This…
-
Microsoft Discovers GRUB2, U-Boot, and Barebox Bootloader Flaws with Copilot
by
in SecurityNewsMicrosoft has disclosed the discovery of multiple critical vulnerabilities within the GRUB2, U-Boot, and Barebox bootloaders, leveraging its AI-driven Security Copilot platform for advanced threat analysis. These bootloaders, integral to the Unified Extensible Firmware Interface (UEFI) Secure Boot framework and widely deployed in embedded systems, were found to contain exploitable flaws that could compromise system…
-
Privacy Roundup: Week 13 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Clevo Devices Vulnerable as Boot Guard Private Key Leaks via Firmware Updates
by
in SecurityNewsA recent investigation has revealed that several Clevo-based devices are vulnerable due to a leak of Boot Guard private keys. This vulnerability was first reported on the Win-Raid forum and involves firmware updates containing sensitive Boot Guard Key Manifest (KM) and Boot Policy Manifest (BPM) private keys. Boot Guard is a security technology used by…
-
Will the FDA Start Banning Chinese-Made Medical Devices?
by
in SecurityNewsInterview with Joe Silvia, CEO of MedWare Cyber Click here to listen. In late January, the FDA issued a safety warning on Contec CMS8000 patient monitors and those relabeled as MN-120. The Chinese-made devices, used by thousands of medical institutions across the world, contain back doors in the firmware that could put patients at risk.”¦…
-
Hm, why are so many DrayTek routers stuck in a bootloop?
by
in SecurityNewsTime to update your firmware, if you can, to one with the security fixes, cough cough First seen on theregister.com Jump to article: www.theregister.com/2025/03/25/draytek_routers_bootloop/
-
HP Inc settles printer toner lockout lawsuit with a promise to make firmware updates optional
by
in SecurityNewsDynamic Security update blocks 3rd-party cartridges, but keeps printing money First seen on theregister.com Jump to article: www.theregister.com/2025/03/19/hp_printer_lawsuit_settled/
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
by
in SecurityNews
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover
by
in SecurityNewsA critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks. The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-ami-bmc-vulnerability-exposes-servers-to-disruption-takeover/
-
Schwachstelle in Tenda-AC7-Routern
by
in SecurityNewsCVE-2025-1851 ist eine schwerwiegende Sicherheitslücke, die Tenda-AC7-Router mit Firmware-Versionen bis 15.03.06.44 betrifft. Tenda-AC7 ist ein drahtloser Dualband-Router für den Einsatz in Privathaushalten sowie kleinen und mittelständischen Unternehmen. Die Schwachstelle beim Pufferüberlauf innerhalb der Funktion formSetFirewallCfg ermöglicht es einem Angreifer, eine speziell gestaltete Payload an die Webschnittstelle des Routers zu senden. Bei erfolgreicher Ausnutzung können Angreifer…
-
Tenda AC7 Vulnerability Lets Hackers Execute Malicious Payloads for Root Access
by
in SecurityNewsA vulnerability has been discovered in the Tenda AC7 router, firmware version V15.03.06.44, which allows attackers to execute malicious payloads and gain root access. As per a report in Github, the vulnerability, identified through experimental setup and exploitation, revolves around a stack overflow issue in the formSetFirewallCfg function. This exploit is significant, as it not only enables…
-
Fehlercode 11: Neue Firmware macht HP-Laserdrucker unbrauchbar
by
in SecurityNews
Tags: firmwareIm HP-Supportforum gibt es zahlreiche Beschwerden von Laserjet-Nutzern, die trotz Originaltoner mit der neuesten Firmware nicht mehr drucken können. First seen on golem.de Jump to article: www.golem.de/news/fehlercode-11-neue-firmware-macht-hp-laserdrucker-unbrauchbar-2503-194158.html
-
Researcher Hacks Embedded Devices to Uncover Firmware Secrets
by
in SecurityNewsIn a recent exploration of embedded device hacking, a researcher demonstrated how to extract firmware from flash memory using the flashrom tool. This process is crucial for understanding device operation and identifying potential vulnerabilities. However, it involves risks that can damage the equipment if not executed carefully. The Importance of Firmware Extraction Firmware is essential…
-
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
by
in SecurityNews
Tags: attack, conference, cyber, firmware, office, rce, remote-code-execution, risk, router, vulnerabilityA recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical security controls. These findings, disclosed by researchers at DEFCON 32 HHV and Ekoparty 2024, highlight systemic risks in widely used small office/home office (SOHO) routers due to outdated firmware, weak…
-
So werden PV-Anlagen digital angegriffen und geschützt
by
in SecurityNews
Tags: access, ai, authentication, backup, best-practice, bug, china, cyber, cyberattack, cybersecurity, cyersecurity, firmware, framework, germany, iot, risk, software, technology, update, usa, vulnerabilityUnternehmen setzen vermehrt auf Solaranlagen mit Batteriespeichern, um hohe Energiekosten und Netzstabilitätsrisiken zu minimieren. Diese Systeme sind allerdings oft nicht gehärtet und damit ein immer beliebteres Ziel bei Cyberkriminellen. Quality Stock ArtsSteigen die Energiepreise, werden kostenintensive Projekte wie Rechenzentren für Künstliche Intelligenz (KI) ebenfalls teurer. Große Unternehmen suchen deshalb verstärkt nach Möglichkeiten, ihren Energiehaushalt günstiger…
-
NVIDIA Issues Warning About Severe Security Flaws Enabling Code Attacks
by
in SecurityNewsNVIDIA has issued an urgent security bulletin urging customers using itsHopper HGX 8-GPU High-Performance Computing (HMC) systemsto immediately install firmware updates addressing two critical vulnerabilities. Released on February 28, 2025, the patches target flaws that could allow attackers to execute malicious code, escalate privileges, or cripple enterprise GPU infrastructure through denial-of-service (DoS) attacks. The advisories…
-
Privacy Roundup: Week 9 of Year 2025
by
in SecurityNews
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Why cyber attackers are targeting your solar energy systems, and how to stop them
by
in SecurityNews
Tags: access, attack, authentication, automation, awareness, backup, best-practice, china, communications, control, credentials, cyber, cybercrime, cybersecurity, data, detection, exploit, firmware, framework, group, infrastructure, iot, mfa, monitoring, network, password, penetration-testing, regulation, risk, russia, service, software, technology, threat, update, vulnerabilitySmart inverter vulnerabilities threaten the electric grid: The biggest risk occurs during high-demand times. If enough solar DERs suddenly go offline during a critical period, there might not be adequate alternative energy sources that can come online immediately, or the available alternatives are much more expensive to operate. Attackers can produce similar results merely by…
-
Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA
by
in SecurityNews
Tags: cisa, cybersecurity, exploit, firmware, group, infrastructure, ransomware, software, vulnerabilityA ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). First seen on therecord.media Jump to article: therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert
-
Privacy Roundup: Week 7 of Year 2025
by
in SecurityNews
Tags: access, antivirus, api, apple, attack, breach, business, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, law, leak, malware, microsoft, military, network, password, phishing, privacy, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, windows, zero-dayThis is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 – 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Lexmark warnt vor Sicherheitslücken in Drucker-Software und -Firmware
by
in SecurityNewsLexmark hat Sicherheitslücken in Drucker-Firmware und Begleitsoftware gefunden. Updates stehen bereit, um sie zu schließen. First seen on heise.de Jump to article: www.heise.de/news/Lexmark-warnt-vor-Sicherheitsluecken-in-Drucker-Software-und-Firmware-10282090.html
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
by
in SecurityNews
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
Intel Patched 374 Vulnerabilities in 2024
by
in SecurityNewsIntel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects. The post Intel Patched 374 Vulnerabilities in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/intel-patched-374-vulnerabilities-in-2024/
-
Privacy Roundup: Week 6 of Year 2025
by
in SecurityNews
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
The Explosion of Hardware-Hacking Devices
Due to the growing popularity of the ESP32 IoT platform adoption by security professionals, this article raises several security concerns addressing firmware attacks that could target this user population and what you can do to protect yourself. Introduced in August 2020 following a $4.8 million Kickstarter campaign, the FlipperZero quickly became one of the most……
-
BTS #45 Understanding Firmware Vulnerabilities in Network Appliances
by
in SecurityNewsIn this episode, Paul, Vlad, and Chase discuss the security challenges associated with Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating……