Tag: firmware
-
BTS #39 The Art of Firmware Scraping Edwin Shuttleworth
In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, the IoT landscape, types of firmware, the importance of Software Bill of Materials (SBOMs), and emulation in firmware analysis. Edwin shares his experiences……
-
Netzwerkmanagementkarte von Schneider Electric erhält SL2Zertifizierung
Schneider Electric hat mit der als erster Hersteller weltweit eine Netzwerkmanagementkarte mit IEC 62443-4-2 SL2-zertifizierter Firmware im Produktportfolio. Die NMC3-Karte ermöglicht einen sicheren Netzwerkzugriff auf die USV-Anlagen von Schneider Electric und unterstützt die Einbindung in ein Datacenter-Infrastructure-Management (DCIM)-System wie Ecostruxure-IT. Die IEC 62443-4-2 ist eine Norm der International […] First seen on netzpalaver.de Jump to…
-
HPE Aruba Networking fixt 3 kritische Schwachstellen in Access Points
Kurze Meldung für Administratoren, die Access Points von HPE Aruba Networking im Einsatz haben. Der Anbieter hat gerade Sicherheitsupdates veröffentlicht, um drei kritische Schwachstellen im Command Line Interface (CLI) der betreffenden Firmware zu schließen. Die Schwachstellen ermöglichen Remote Befehle auszuführen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/27/hpe-aruba-networking-fixt-3-kritische-schwachstellen-in-access-points/
-
Firmware-Update für D-Link-Router schließt Schwachstellen
Bestimmte Router-Modelle von D-Link weisen diverse kritische Schwachstellen (u.a. fest Passwörter für Zugänge) auf, die durch Firmware-Updates beseitigt werden. D-Link hat dazu den Sicherheitshinweis SAP10412 veröffentlicht. Bei heise gibt es diesen Beitrag, der noch einige Erläuterungen enthält. First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/21/firmware-update-fuer-d-link-router-schliesst-schwachstellen/
-
Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
Tags: access, advisory, apache, attack, authentication, botnet, business, cctv, ceo, china, cisa, cloud, computer, control, credentials, cyber, cyberattack, cybersecurity, data, defense, detection, firmware, framework, github, google, government, group, guide, hacker, identity, infrastructure, intelligence, international, Internet, iot, least-privilege, linkedin, linux, login, malicious, malware, mfa, microsoft, mitigation, mitre, ml, mobile, network, nist, office, password, phishing, risk, risk-management, router, service, software, supply-chain, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows, xssReport finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS vulnerabilities, CIS Benchmarks and a China-backed botnet’s takedown! Dive into six…
-
PKfail Secure Boot bypass remains a significant risk two months later
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-remains-a-significant-risk-two-months-later/
-
Google says replacing C/C++ in firmware with Rust is easy
First seen on theregister.com Jump to article: www.theregister.com/2024/09/06/google_rust_c_code_language/
-
Bosch-Thermostate anfällig für Hackerangriffe
Eine Schwachstelle in der Firmware der Bosch-Thermostate des Modells BCC100 macht sie anfällig für Hackerangriffe und Malware. Wer nicht frieren will,… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/bosch-thermostate-anfallig-fur-hackerangriffe
-
Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!
Millions of D-Link routers are at risk due to several critical vulnerabilities. Security researcher Raymond identified these vulnerabilities, which have been assigned multiple CVE IDs and pose severe threats to users worldwide. D-Link has issued urgent firmware updates to mitigate these risks. Users are strongly advised to update their devices immediately to protect against potential…
-
1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Infection corrals devices running AOSP-based firmware into a botnet. First seen on arstechnica.com Jump to article: arstechnica.com/
-
Intel Warns of 20+ Vulnerabilities, Advises Firmware Updates
Intel on Tuesday published advisories covering more than 20 vulnerabilities affecting processors and other products. The post Intel Warns of 20+ Vulnerabilities, Advises Firmware Updates appeared first on SecurityWeek. Source: www.securityweek.com/intel-informs-customers-about-over-a-dozen-processor-vulnerabilities/ comments: 0
-
Intel Warns of 20+ Processor Vulnerabilities, Advises Firmware Updates
Intel on Tuesday published advisories covering more than 20 vulnerabilities affecting processors and other products. The post Intel Warns of 20+ Processor Vulnerabilities, Advises Firmware Updates appeared first on SecurityWeek. Source: www.securityweek.com/intel-informs-customers-about-over-a-dozen-processor-vulnerabilities/ comments: 0
-
Flipper Zero releases Firmware 1.0 after three years of development
Tags: firmwareAfter three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. Source: www.bleepingcomputer.com/news/hardware/flipper-zero-releases-firmware-10-after-three-years-of-development/ comments: 0
-
Unsichere Lieferkette – Sicherheitslücken in OT/IoT-Router-Firmware
First seen on security-insider.de Jump to article: www.security-insider.de/forescout-finite-states-studie-sicherheit-ot-iot-router-a-5a6dc2eb8d2799bc56be0a82f63947da/
-
Yubikey-Cloning-Angriff: Kein Firmware-Update, vielleicht Key-Austausch
First seen on heise.de Jump to article: www.heise.de/news/Yubikey-Cloning-Angriff-Kein-Firmware-Update-vielleicht-Key-Austausch-9857807.html
-
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/
-
Damn Vulnerable UEFI: Simulate real-world firmware attacks
Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform for unveiling and fixing UEFI firmware vulnerabilities. Sim… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/02/dvuefi-simulate-real-world-firmware-attacks/
-
What’s New in CJIS 5.9.5 as it Relates to Firmware Security?
The Criminal Justice Information Services (CJIS) is a division of the US Federal Bureau of Investigation (FBI) that is the centralized source of crimi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/whats-new-in-cjis-5-9-5-as-it-relates-to-firmware-security/
-
Guest Essay: The urgent need to improve firmware security, especially in OT and IoT routers
As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/guest-essay-the-urgent-need-to-improve-firmware-security-especially-in-ot-and-iot-routers/
-
CPU-Sicherheitsleck Sinkclose: Firmware-Update auch für AMDs Ryzen 3000
First seen on heise.de Jump to article: www.heise.de/news/CPU-Sicherheitsleck-Sinkclose-Firmware-Update-auch-fuer-AMDs-Ryzen-3000-9842780.html
-
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Wi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-disables-bitlocker-security-fix-advises-manual-mitigation/
-
Firmware Guide for Pen Testers
Contributions from Mathew Mullins, Supply Chain Security Consultant here at Eclypsium. Introduction Penetration tests come in many different varieties… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/firmware-guide-for-pen-testers/
-
OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware
Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT c… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/07/ot-iot-router-firmware-vulnerabilities/
-
Mit Test-Key für Secure Boot: PC-Hersteller liefern unsichere UEFI-Firmware aus
Tags: firmwareBetroffen sind angeblich fast 900 verschiedene Systeme namhafter Hersteller wie Lenovo, Dell und HP. Anfällige Firmwares reichen zurück bis ins Jahr 2… First seen on golem.de Jump to article: www.golem.de/news/mit-test-key-fuer-secure-boot-pc-hersteller-liefern-unsichere-uefi-firmware-aus-2407-187453.html
-
UEFI Secure Boot: Hunderte Computer haben unsichere Kryptoschlüssel
Sicherheitsexperten fanden mehr als 900 Rechner mit UEFI-Firmwares, die jeweils einen unsicheren Platform Key (PK) enthalten. Das unterminiert Secure … First seen on heise.de Jump to article: www.heise.de/news/UEFI-Secure-Boot-Hunderte-Computer-haben-unsichere-Kryptoschluessel-9814730.html
-
PKfail Is a Newly Discovered Pathway for Firmware Malware
UEFI Developer Leaked a Secure Boot Asymmetric Key. Hundreds of laptop and server models from mainstream manufacturers are at risk of hacking that byp… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pkfail-newly-discovered-pathway-for-firmware-malware-a-25867
-
PKFail bug puts firmware security at risk
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/pkfail-bug-puts-firmware-security-at-risk
-
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows at… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-lets-attackers-install-uefi-malware/