Tag: firmware
-
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
by
in SecurityNewsCybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.”The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard First…
-
Report: Flaws in Illumina DNA Sequencer Devices Allows Hacks
by
in SecurityNewsEclypsium Report Describes BIOS/UEFI Issues in Illumina iSeq 100 Firmware. Certain vulnerabilities in device maker Illumina’s iSeq 100 DNA gene sequencer could allow hackers to overwrite the system’s firmware to render the device unusable or to install a firmware implant for ongoing attacker persistence, said researchers at Eclypsium who identified the flaws. First seen on…
-
Widely used DNA sequencer still doesn’t enforce Secure Boot
by
in SecurityNewsA firmware-dwelling bootkit in the iSeq 100 could be a key win for threat actors. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/widely-used-dna-sequencer-still-doesnt-enforce-secure-boot/
-
Moxa router flaws pose serious risks to industrial environmets
by
in SecurityNewsMoxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected…
-
Stimmen die Voraussetzungen, kann Schadcode auf Asus-Router gelangen
by
in SecurityNewsAngreifer können Router von Asus ins Visier nehmen und attackieren. Dagegen sind abgesicherte Firmwares erschienen. First seen on heise.de Jump to article: www.heise.de/news/Stimmen-die-Voraussetzungen-kann-Schadcode-auf-Asus-Router-gelangen-10226829.html
-
Privacy Roundup: Week 1 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
-
How are you securing your communications in the wake of the Volt Typhoon revelations?
by
in SecurityNews
Tags: access, advisory, android, apple, apt, attack, authentication, business, china, cisa, cisco, cloud, communications, computer, control, cyber, cybersecurity, detection, email, endpoint, espionage, exploit, firewall, firmware, government, group, Hardware, infrastructure, Internet, Intruder, microsoft, network, phishing, ransomware, risk, service, software, technology, threat, tool, update, vpn, vulnerability, windows, zero-dayThe FBI recently released information that text messages between Apple and Android texting systems were insecure and that attackers could listen in and access those communications, more fallout from the revelation that a Chinese-affiliated threat actor had breached telecommunications companies.The announcement that the group known as Salt Typhoon had compromised networks of major global telecommunications…
-
Hacker knacken das Smart Home
by
in SecurityNews
Tags: android, bsi, cyber, cyersecurity, data, dora, firmware, germany, hacker, incident response, Internet, mail, malware, passkey, password, resilience, risk, security-incident, service, update, vulnerabilityloading=”lazy” width=”400px”>Im Smart Home werkeln immer mehr Devices mit Internet-Anschluss für Hacker ein lohnendes Ziel. Andrey Suslov shutterstock.comIoT-Geräte wie digitale Bilderrahmen oder Mediaplayer sind immer häufiger das Ziel von Cyberkriminellen. Viele dieser mit dem Internet verbundenen Geräte weisen Schwachstellen auf und können leicht mit Schadsoftware infiziert werden. Das Bundesamt für Sicherheit in der Informationstechnik (BSI)…
-
Critical Flaws Expose 25,000 SonicWall Devices to Hackers
by
in SecurityNewsMany SonicWall Firewalls Are Unsupported or Lack Patches for Known Vulnerabilities. Thousands of SonicWall network security devices remain exposed with critical security flaws, including 20,000 running outdated firmware that no longer receives vendor support. Despite patches available for some of these flaws, many organizations continue to run the outdated firmware. First seen on govinfosecurity.com Jump…
-
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
by
in SecurityNewsOver 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-firewalls-exposed-to-critical-flaws/
-
Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices
by
in SecurityNewsFind out the key security risks of firmware security: Identify threats, and learn best practices and protection methods… First seen on hackread.com Jump to article: hackread.com/firmware-security-identifying-risks-cybersecurity-practices/
-
Overlooking platform security weakens long-term cybersecurity posture
by
in SecurityNewsPlatform security securing the hardware and firmware of PCs, laptops and printers is often overlooked, weakening cybersecurity posture for years to come, according to HP. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/platform-security-concerns/
-
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
by
in SecurityNewsA security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting…
-
IT pros say hackers could compromise device supply chain, firmware security
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/it-pros-say-hackers-could-compromise-device-supply-chain-firmware-security
-
Sechs Sicherheitslücken in SAG Sonicwall behebt Schwachstellen in Firewall und Firmware
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
by
in SecurityNewsHP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threequarters-security-leaders/
-
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
by
in SecurityNews
Tags: access, advisory, attack, best-practice, cloud, cve, data, encryption, exploit, finance, firmware, flaw, germany, Hardware, mitigation, monitoring, reverse-engineering, software, update, vulnerabilityAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and…
-
Critical OpenWrt bug enabling malicious firmware image installation addressed
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/critical-openwrt-bug-enabling-malicious-firmware-image-installation-addressed
-
OpenWrt Update Flaw Exposed Devices to Malicious Firmware
by
in SecurityNewsEmbedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
-
Black Hat: Latest news and insights
by
in SecurityNewsThe infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets
Researchers found a way to disrupt AMD server hardware using $10 worth of off-the-shelf items. The company has issued a firmware update. There’s no evidence of exploitation in the wild. ]]> First seen on therecord.media Jump to article: therecord.media/amd-security-flaw-badram
-
OpenWrt: Upgrade-Schwachstelle CVE-2024-54143 gefährdet Firmware-Updates
by
in SecurityNewsKurze Information für Benutzer der OpenWrt-Firmware für Router. Der Update-Service für die Firmware weist in älteren Versionen die Schwachstelle CVE-2024-54143 auf. Angreifer könnten diese Schwachstelle ausnutzen, um Schadsoftware per Firmware-Update einzuschleusen. Es gibt aber bereits eine gepatchte Firmware-Version. Die Open-Source-Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/openwrt-upgrade-schwachstelle-cve-2024-54143-gefaehrdet-firmware-updates/
-
Critical OpenWrt Bug: Update Your Gear!
by
in SecurityNewsASU 48-bit trash hash: Open source router firmware project fixes dusty old code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/openwrt-cve-2024-54143-richixbw/
-
Enthält potenziell Schadcode: Kritische Upgrade-Lücke gefährdet Openwrt-Firmware
by
in SecurityNewsIn einem Upgrade-Dienst von Openwrt hat es eine Schwachstelle gegeben. Sie wurde zwar schnell gefixt; zuvor erstellte Firmware-Images sind aber potenziell kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/enthaelt-potenziell-schadcode-kritische-upgrade-luecke-gefaehrdet-openwrt-firmware-2412-191574.html
-
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
by
in SecurityNewsA flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/
-
Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation
by
in SecurityNewsThe CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images. The post Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-openwrt-flaw-exposes-firmware-update-server-to-exploitation/
-
Update your OpenWrt router! Security issue made supply chain attack possible
by
in SecurityNewsA security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
-
OpenWrt orders router firmware updates after supply chain attack scare
by
in SecurityNewsA couple of bugs lead to a potentially bad time First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/