Tag: firmware
-
The Explosion of Hardware-Hacking Devices
Due to the growing popularity of the ESP32 IoT platform adoption by security professionals, this article raises several security concerns addressing firmware attacks that could target this user population and what you can do to protect yourself. Introduced in August 2020 following a $4.8 million Kickstarter campaign, the FlipperZero quickly became one of the most……
-
BTS #45 Understanding Firmware Vulnerabilities in Network Appliances
by
in SecurityNewsIn this episode, Paul, Vlad, and Chase discuss the security challenges associated with Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating……
-
Netgear Patches Critical Vulnerabilities in Multiple WiFi Router Models
by
in SecurityNewsNetgear has released security updates addressing two critical vulnerabilities affecting several WiFi router models and has strongly urged users to update their firmware immediately. These vulnerabilities could allow unauthenticated attackers to execute remote code or bypass authentication, creating a serious… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/netgear-patches-critical-vulnerabilities-in-multiple-wifi-router-models/
-
Netgear warns users to patch critical WiFi router vulnerabilities
by
in SecurityNewsNetgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-critical-wifi-router-vulnerabilities/
-
AMD Epyc – Kritisches Sicherheitsleck in Server-CPUs geschlossen
by
in SecurityNewsSicherheitsforscher von Google haben bei Epyc-Prozessoren von AMD eine Sicherheitslücke entdeckt, die per Firmware-Update geschlossen wird. First seen on computerbase.de Jump to article: www.computerbase.de/news/prozessoren/amd-epyc-kritisches-sicherheitsleck-in-server-cpus-geschlossen.91275
-
Patch coming for reported firmware bugs in Palo Alto firewalls
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/patch-coming-for-reported-firmware-bugs-in-palo-alto-firewalls
-
Geräte-Lifecycle im Griff – Sicherheit von Hardware und Firmware kommt zu kurz
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-it-sicherheitsherausforderungen-unternehmen-2025-a-b26dd91a2c45062499c15e8e5ff097c5/
-
TP-Link Router Web Interface XSS Vulnerability PoC Exploit Released
by
in SecurityNewsA recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the router’s web interface, potentially leading to malicious exploitation. Discovery of the Vulnerability The vulnerability stems…
-
Sicherheitsupdate: Schadcode-Attacken können D-Link-Router schaden
by
in SecurityNewsIn der aktuellen Firmware haben D-Link-Entwickler eine offensichtlich kritische Schwachstelle im Router DSL-3788 geschlossen. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdate-Schadcode-Attacken-koennen-D-Link-Router-schaden-10259091.html
-
Fix nur vor Ort möglich: Zyxel schickt Firewalls per Update in Bootschleife
by
in SecurityNewsDie betroffenen Zyxel-Firewalls lassen sich nicht mehr aus der Ferne warten. Admins müssen per Kabel dran, um eine neue Firmware einzuspielen. First seen on golem.de Jump to article: www.golem.de/news/fix-nur-vor-ort-moeglich-zyxel-schickt-firewalls-per-update-in-bootschleife-2501-192799.html
-
Privacy Roundup: Week 4 of Year 2025
by
in SecurityNews
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Palo-Alto: Sicherheitslücken in Firmware und Bootloadern von Firewalls
by
in SecurityNewsDie Firmware und Bootloader von einigen Palo-Alto-Firewalls weisen Sicherheitslecks auf, die Angreifern das Einnisten nach Angriffen ermöglichen. First seen on heise.de Jump to article: www.heise.de/news/Palo-Alto-Sicherheitsluecken-in-Firmware-und-Bootloadern-von-Firewalls-10257031.html
-
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
by
in SecurityNewsAn exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices’ firmware as well as misconfigured security features.”These weren’t obscure, corner-case vulnerabilities,” security vendor Eclypsium said in a report shared with The Hacker News.”Instead these were very well-known issues that we wouldn’t expect to…
-
PoC Exploit Released for TP-Link Code Execution Vulnerability(CVE-2024-54887)
by
in SecurityNewsA security researcher, exploring reverse engineering and exploit development, has successfully identified a critical vulnerability in the TP-Link TL-WR940N router, specifically affecting hardware versions 3 and 4 with all firmware up to the latest version. This vulnerability, which has been documented as CVE-2024-54887, allows for potential arbitrary remote code execution (RCE) through stack buffer overflow…
-
Industrial Switch Vulnerabilities Allow Remote Exploitation
by
in SecurityNewsResearchers Uncover Three Vulnerabilities, Urge Firmware Update. Attackers could chain critical vulnerabilities in industrial network switches to gain remote control to compromise automation systems, IoT devices and surveillance networks. Claroty’s Team82 uncovered three flaws in WGS-804HPT switches manufactured by Planet Technology. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/industrial-switch-vulnerabilities-allow-remote-exploitation-a-27333
-
Sicherheitsmängel gefährden DNA-Sequenziergeräte
by
in SecurityNewssrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?quality=50&strip=all 5283w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Security-Forscher haben festgestellt, dass bei einem DNA-Sequenziergerät wichtige Sicherheitsfunktionen fehlen. angellodeco Shutterstock.comDas DNA-Sequenziergerät iSeq 100 von Illumina wird von medizinischen Laboren auf der ganzen Welt für eine Vielzahl…
-
2025 Threat Landscape Trends to Watch
by
in SecurityNewsWhat Type of Attacks Will We See in 2025? January 23, 2025Time: 1:00 pm ET – 10:00 am PTSpeaker: Paul Asadoorian, Principal Security Researcher Bootkits, network infrastructure attacks, and firmware vulnerabilities all saw major development in 2024, and these major trends show no sign of slowing down in 2025. Join Paul Asadoorian for a review……
-
SonicWall firewall hit with critical authentication bypass vulnerability
by
in SecurityNewsSonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication.The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit.”We have identified a high (severity) firewall vulnerability that…
-
SonicWall warns of an exploitable SonicOS vulnerability
by
in SecurityNewsSonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is >>susceptible to actual exploitation.
-
DNA sequencer vulnerabilities signal firmware issues across medical device industry
by
in SecurityNews
Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windowsIn highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
-
SonicWall urges admins to patch exploitable SSLVPN bug immediately
by
in SecurityNewsSonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/
-
DNA sequencers found running ancient BIOS, posing risk to clinical research
by
in SecurityNewsDevices on six-year-old firmware vulnerable to takeover and destruction First seen on theregister.com Jump to article: www.theregister.com/2025/01/08/dna_sequencer_vulnerabilities/
-
Critical BIOS/UEFI Vulnerabilities Allow Attackers To Overwrite System Firmware
by
in SecurityNewsResearchers discovered critical BIOS/UEFI vulnerabilities in the Illumina iSeq 100 DNA sequencer, where the device utilizes an outdated firmware implementation with CSM mode lacking essential security features like Secure Boot and firmware write protections. The vulnerability window allows attackers to exploit the system, potentially overwriting the firmware to either disable the device or install malicious…
-
DNA sequencer company notifying customers of vulnerabilities in popular device
by
in SecurityNewsThe iSeq 100 genetic sequencer has vulnerabilities that could allow attackers to tamper with its operations or install a firmware implant, researchers from cybersecurity firm Eclypsium say.]]> First seen on therecord.media Jump to article: therecord.media/dna-sequencer-vulnerabilities-iseq100-eclypsium
-
Genetic Engineering Meets Reverse Engineering: DNA Sequencer’s Vulnerable BIOS
by
in SecurityNewsEclypsium’s research team has identified BIOS/UEFI vulnerabilities in a popular DNA gene sequencer made by Illumina, a leading genomics and healthcare technology vendor. More specifically, we found that the Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM mode and without Secure Boot or standard firmware write protections. This would allow……
-
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
by
in SecurityNewsCybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.”The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard First…
-
Report: Flaws in Illumina DNA Sequencer Devices Allows Hacks
by
in SecurityNewsEclypsium Report Describes BIOS/UEFI Issues in Illumina iSeq 100 Firmware. Certain vulnerabilities in device maker Illumina’s iSeq 100 DNA gene sequencer could allow hackers to overwrite the system’s firmware to render the device unusable or to install a firmware implant for ongoing attacker persistence, said researchers at Eclypsium who identified the flaws. First seen on…