Tag: firmware
-
IT pros say hackers could compromise device supply chain, firmware security
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/it-pros-say-hackers-could-compromise-device-supply-chain-firmware-security
-
Sechs Sicherheitslücken in SAG Sonicwall behebt Schwachstellen in Firewall und Firmware
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
by
in SecurityNewsHP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threequarters-security-leaders/
-
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
by
in SecurityNews
Tags: access, advisory, attack, best-practice, cloud, cve, data, encryption, exploit, finance, firmware, flaw, germany, Hardware, mitigation, monitoring, reverse-engineering, software, update, vulnerabilityAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and…
-
Critical OpenWrt bug enabling malicious firmware image installation addressed
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/critical-openwrt-bug-enabling-malicious-firmware-image-installation-addressed
-
OpenWrt Update Flaw Exposed Devices to Malicious Firmware
by
in SecurityNewsEmbedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
-
Black Hat: Latest news and insights
by
in SecurityNewsThe infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets
Researchers found a way to disrupt AMD server hardware using $10 worth of off-the-shelf items. The company has issued a firmware update. There’s no evidence of exploitation in the wild. ]]> First seen on therecord.media Jump to article: therecord.media/amd-security-flaw-badram
-
OpenWrt: Upgrade-Schwachstelle CVE-2024-54143 gefährdet Firmware-Updates
by
in SecurityNewsKurze Information für Benutzer der OpenWrt-Firmware für Router. Der Update-Service für die Firmware weist in älteren Versionen die Schwachstelle CVE-2024-54143 auf. Angreifer könnten diese Schwachstelle ausnutzen, um Schadsoftware per Firmware-Update einzuschleusen. Es gibt aber bereits eine gepatchte Firmware-Version. Die Open-Source-Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/openwrt-upgrade-schwachstelle-cve-2024-54143-gefaehrdet-firmware-updates/
-
Critical OpenWrt Bug: Update Your Gear!
by
in SecurityNewsASU 48-bit trash hash: Open source router firmware project fixes dusty old code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/openwrt-cve-2024-54143-richixbw/
-
Enthält potenziell Schadcode: Kritische Upgrade-Lücke gefährdet Openwrt-Firmware
by
in SecurityNewsIn einem Upgrade-Dienst von Openwrt hat es eine Schwachstelle gegeben. Sie wurde zwar schnell gefixt; zuvor erstellte Firmware-Images sind aber potenziell kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/enthaelt-potenziell-schadcode-kritische-upgrade-luecke-gefaehrdet-openwrt-firmware-2412-191574.html
-
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
by
in SecurityNewsA flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/
-
Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation
by
in SecurityNewsThe CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images. The post Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-openwrt-flaw-exposes-firmware-update-server-to-exploitation/
-
Update your OpenWrt router! Security issue made supply chain attack possible
by
in SecurityNewsA security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
-
OpenWrt orders router firmware updates after supply chain attack scare
by
in SecurityNewsA couple of bugs lead to a potentially bad time First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
-
TPM 2.0: The new standard for secure firmware
by
in SecurityNewsConnected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/trusted-computing-group-trusted-platform-module-tpm-2-0/
-
CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative
by
in SecurityNewsThe open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular”, but expensive”, Flipper Zero, a multifunctional tool for penetration testers, ethical hackers, and tech enthusiasts. With its affordable hardware requirements and flexible firmware, CapibaraZero…
-
Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code
by
in SecurityNewsSonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances. These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity. SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks. These issues…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISOs still cautious about adopting autonomous patch management solutions
by
in SecurityNews
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
First-ever Linux UEFI bootkit turns out to be student project
by
in SecurityNews
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
First-ever Linux UEFI bootkit turns out to be research project
by
in SecurityNews
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
Open source router firmware project OpenWrt ships its own entirely repairable hardware
by
in SecurityNews‘Forever unbrickable’ Wi-Fi 6 box from Banana Pi comes packaged or in kit form First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/openwrt_one_foss_wifi_router/
-
Bosch-Thermostate anfällig für Hackerangriffe
by
in SecurityNewsEine Schwachstelle in der Firmware der Bosch-Thermostate des Modells BCC100 macht sie anfällig für Hackerangriffe und Malware. Wer nicht frieren will,… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/bosch-thermostate-anfallig-fur-hackerangriffe
-
Zyxel Firewall Vulnerability Actively Exploited in Attacks
by
in SecurityNewsZyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats, aiming to safeguard its users through vital firmware updates and security enhancements. CVE-2024-11667: The Vulnerability…
-
>>Bootkitty<< A First Ever UEFI Bootkit Attack Linux Systems
by
in SecurityNewsCybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Firmware Interface) threat landscape has seen considerable evolution over the past decade. Evolution of UEFI Threats Initially, in 2012,…
-
Bootkitty is the first UEFI Bootkit designed for Linux systems
by
in SecurityNewsESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF…
-
QNAP NAS users locked out after firmware update snafu
by
in SecurityNewsAffected customers gripe about storage biz’s tech support First seen on theregister.com Jump to article: www.theregister.com/2024/11/25/qnap_faulty_update/