Tag: firmware
-
OpenWrt orders router firmware updates after supply chain attack scare
by
in SecurityNewsA couple of bugs lead to a potentially bad time First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
-
TPM 2.0: The new standard for secure firmware
by
in SecurityNewsConnected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/trusted-computing-group-trusted-platform-module-tpm-2-0/
-
CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative
by
in SecurityNewsThe open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular”, but expensive”, Flipper Zero, a multifunctional tool for penetration testers, ethical hackers, and tech enthusiasts. With its affordable hardware requirements and flexible firmware, CapibaraZero…
-
Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code
by
in SecurityNewsSonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances. These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity. SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks. These issues…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISOs still cautious about adopting autonomous patch management solutions
by
in SecurityNews
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
First-ever Linux UEFI bootkit turns out to be student project
by
in SecurityNews
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
First-ever Linux UEFI bootkit turns out to be research project
by
in SecurityNews
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
Open source router firmware project OpenWrt ships its own entirely repairable hardware
by
in SecurityNews‘Forever unbrickable’ Wi-Fi 6 box from Banana Pi comes packaged or in kit form First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/openwrt_one_foss_wifi_router/
-
Bosch-Thermostate anfällig für Hackerangriffe
by
in SecurityNewsEine Schwachstelle in der Firmware der Bosch-Thermostate des Modells BCC100 macht sie anfällig für Hackerangriffe und Malware. Wer nicht frieren will,… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/bosch-thermostate-anfallig-fur-hackerangriffe
-
Zyxel Firewall Vulnerability Actively Exploited in Attacks
by
in SecurityNewsZyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats, aiming to safeguard its users through vital firmware updates and security enhancements. CVE-2024-11667: The Vulnerability…
-
>>Bootkitty<< A First Ever UEFI Bootkit Attack Linux Systems
by
in SecurityNewsCybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Firmware Interface) threat landscape has seen considerable evolution over the past decade. Evolution of UEFI Threats Initially, in 2012,…
-
Bootkitty is the first UEFI Bootkit designed for Linux systems
by
in SecurityNewsESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF…
-
QNAP NAS users locked out after firmware update snafu
by
in SecurityNewsAffected customers gripe about storage biz’s tech support First seen on theregister.com Jump to article: www.theregister.com/2024/11/25/qnap_faulty_update/
-
Researchers Discover “Bootkitty” First UEFI Bootkit Targeting Linux Kernels
by
in SecurityNewsCybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems.Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in…
-
QNAP pulls buggy QTS firmware causing widespread NAS issues
by
in SecurityNewsQNAP has pulled a recently released firmware update after widespread customer reports that it’s breaking connectivity and, in some cases, locking users out of their devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/qnap-pulls-buggy-qts-firmware-causing-widespread-nas-issues/
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely
by
in SecurityNewsA critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, which are primarily deployed through Tunisie Telecom and Topnet ISPs. Similar variants of the router used in Algeria and Morocco are…
-
The Global Effort to Maintain Supply Chain Security – Part Two
by
in SecurityNewsVarious Cybersecurity Experts, CISO Global A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory”, every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are…
-
Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code
by
in SecurityNewsCisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks. These vuln… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-ata-190-telephone-adapter-vulnerabilities/
-
Western Digital releases firmware fix for SSDs blighted by Windows 11 24H2 BSODs
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/17/western_digital_releases_a_firmware/
-
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
by
in SecurityNewsCisco has released patches for multiple vulnerabilities in ATA 190 series firmware, including two high-severity flaws. The post Cisco Patches High-Sev… First seen on securityweek.com Jump to article: www.securityweek.com/cisco-patches-high-severity-vulnerabilities-in-analog-telephone-adapters/
-
BTS #39 The Art of Firmware Scraping Edwin Shuttleworth
by
in SecurityNewsIn this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/bts-39-the-art-of-firmware-scraping-edwin-shuttleworth/
-
Google says replacing C/C++ in firmware with Rust is easy
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/09/06/google_rust_c_code_language/
-
Firmware 1.0: Flipper Zero spielt nun Walkie-Talkie und hält länger durch
by
in SecurityNews
Tags: firmwareFirst seen on golem.de Jump to article: www.golem.de/news/firmware-1-0-flipper-zero-spielt-nun-walkie-talkie-und-haelt-laenger-durch-2409-188891.html
-
Firmware-Update für D-Link-Router schließt Schwachstellen
by
in SecurityNewsBestimmte Router-Modelle von D-Link weisen diverse kritische Schwachstellen (u.a. fest Passwörter für Zugänge) auf, die durch Firmware-Updates beseiti… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/21/firmware-update-fuer-d-link-router-schliesst-schwachstellen/
-
Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure
by
in SecurityNewsTo prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate ha… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/hardware-supply-chain-threats-can-undermine-endpoint-infrastructure
-
PKfail Secure Boot bypass remains a significant risk two months later
by
in SecurityNewsRoughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-remains-a-significant-risk-two-months-later/