Tag: Hardware
-
Raspberry-Robin Vielschichtige Verschlüsselung
by
in SecurityNewsDas Zscaler-ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry-Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. Hauptaufgabe von Raspberry-Robin ist das Nachladen und Ausführen der Payload auf einem kompromittierten…
-
Raspberry Robin: Vielschichtige Verschlüsselung
by
in SecurityNewsDas Zscaler ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/raspberry-robin-vielschichtige-verschluesselung
-
BadRAM-ifications: A Low-Cost Attack on Trusted Execution Environments
by
in SecurityNewsRecent research has uncovered a concerning vulnerability in modern Trusted Execution Environments (TEEs) that challenges fundamental assumptions about memory security. The BadRAM attack, detailed in a paper by De Meulemeester et al., demonstrates how a low-cost hardware manipulation can compromise the integrity guarantees of systems like AMD SEV-SNP (Secure Encrypted Virtualization and Secure Nested Paging)….…
-
Opswat Expands Critical Infrastructure Defense With Fend Buy
by
in SecurityNewsData Diodes Enhance Air-Gapped Network Security, Deliver Advanced Network Isolation. Opswat’s acquisition of Fend integrates advanced hardware-based security with Opswat’s platform, delivering robust protection against cyberattacks on critical infrastructure like power grids and water systems. Fend’s small-form-factor data diodes meet the demand for affordable, scalable solutions. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/opswat-expands-critical-infrastructure-defense-fend-buy-a-27099
-
Boffins trick AI model into giving up its secrets
by
in SecurityNewsAll it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique “¦ and several days First seen on theregister.com Jump to article: www.theregister.com/2024/12/18/ai_model_reveal_itself/
-
That cheap webcam? HiatusRAT may be targeting it, FBI warns
by
in SecurityNewsWebcams have been a key part of business and home offices everywhere, especially since the COVID pandemic hit. But they are not often high-quality products, especially if used only sporadically, as many consumers and remote workers are content with a cheap one from China. This not only causes regular hardware problems, but it can also be…
-
Für Pentester und Sicherheitsforscher: Kali Linux 2024.4 mit 14 neuen Tools
by
in SecurityNewsDie aktuelle Kali-Linux-Ausgabe bringt neue Werkzeuge mit und lässt sich noch flexibler auf Raspberry Pis installieren. First seen on heise.de Jump to article: www.heise.de/news/Fuer-Pentester-und-Sicherheitsforscher-Kali-Linux-2024-4-mit-14-neuen-Tools-10203399.html
-
Overlooking platform security weakens long-term cybersecurity posture
by
in SecurityNewsPlatform security securing the hardware and firmware of PCs, laptops and printers is often overlooked, weakening cybersecurity posture for years to come, according to HP. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/platform-security-concerns/
-
Breaking the Air Gap Through Hardware Implants
IoT security assessments expose diverse technologies, use cases, and protocols. While wireless components like WiFi and Bluetooth enhance functionality and enable features like OTA updates, they also increase the attack surface. This blog explores the challenges of assessing non-wireless IoT devices and considers the potential of adding wireless capabilities for comprehensive security testing. First seen…
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
by
in SecurityNewsHP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threequarters-security-leaders/
-
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
by
in SecurityNews
Tags: access, advisory, attack, best-practice, cloud, cve, data, encryption, exploit, finance, firmware, flaw, germany, Hardware, mitigation, monitoring, reverse-engineering, software, update, vulnerabilityAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and…
-
BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets
Researchers found a way to disrupt AMD server hardware using $10 worth of off-the-shelf items. The company has issued a firmware update. There’s no evidence of exploitation in the wild. ]]> First seen on therecord.media Jump to article: therecord.media/amd-security-flaw-badram
-
Mobotix-Store bietet Partner und Kunden mehr Flexibilität
by
in SecurityNews
Tags: HardwareMobotix hat einen neuen Online-Shop, den , gelauncht, der es Partnern und Kunden ermöglicht, die gesamte Produktpalette des Unternehmens auf einfache Weise zu durchsuchen und zu erwerben. Mit dem neuen Shop will Mobotix nicht nur den Zugang zu seinen Produkten, sondern auch den gesamten Bestellprozess für seine Partner deutlich erleichtern. Alle Hardware- und Softwareprodukte […]…
-
Zukunft schenken und die Hacker School unterstützen
Mitmachen und Zukunft schenken. In einer Zeit, in der IT-Technik und digitale Tools alle Facetten unseres Arbeitens und unseres Lebens beeinflussen, gehören digitale Skills einfach dazu. Es geht um Programmieren, Future Skills, KI-Kompetenz und IT-Berufsorientierung für die nächste Generation. Deshalb macht digitale Bildung den Unterschied. Seit über zehn Jahren engagiert sich die Hacker School für digitale…
-
Raspberry Pi 500 Monitor, Complete Desktop Setup at $190
by
in SecurityNewsRaspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game with the launch of theRaspberry Pi 500alongside an officialRaspberry Pi Monitor. This much-anticipated release offers enthusiasts and learners a complete desktop setup priced at just $190, continuing Raspberry Pi’s mission to make computing accessible to everyone. Raspberry Pi 500 TheRaspberry…
-
Raspberry Pi 500 Monitor, Complete Desktop Setup at $190
by
in SecurityNewsRaspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game with the launch of theRaspberry Pi 500alongside an officialRaspberry Pi Monitor. This much-anticipated release offers enthusiasts and learners a complete desktop setup priced at just $190, continuing Raspberry Pi’s mission to make computing accessible to everyone. Raspberry Pi 500 TheRaspberry…
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
by
in SecurityNews
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
Microsoft confirms there will be no U-turn on Windows 11 hardware requirements
by
in SecurityNewsTPM 2.0 ‘non-negotiable’ for latest OS, says software giant First seen on theregister.com Jump to article: www.theregister.com/2024/12/04/microsoft_windows_11_tpm/
-
CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative
by
in SecurityNewsThe open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular”, but expensive”, Flipper Zero, a multifunctional tool for penetration testers, ethical hackers, and tech enthusiasts. With its affordable hardware requirements and flexible firmware, CapibaraZero…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, ProjectSend Flaws Exploited in Wild
by
in SecurityNews
Tags: cisa, cve, cyber, cybersecurity, exploit, firewall, flaw, Hardware, infrastructure, mitigation, software, vulnerability, zyxelThe Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being actively exploited in the wild. The vulnerabilities affect popular software and hardware products, including Zyxel firewalls, CyberPanel, North Grid, and ProjectSend. Organizations using these products are urged to apply mitigations immediately or discontinue usage if fixes are unavailable. CVE-2024-51378: CyberPanel Incorrect…
-
Bug Bounties: Bringing Hackers and Manufacturers Together
by
in SecurityNewsResearcher Lennert Wouters on Benefits of Device Hacking Contests, Collaboration. Lennert Wouters, a researcher at KU Leuven University in Belgium, has spent the past eight years studying embedded security, analyzing the vulnerabilities of everyday devices and commercial products. He shares his greatest hacks and insights on hardware security industry trends. First seen on govinfosecurity.com Jump…
-
Open source router firmware project OpenWrt ships its own entirely repairable hardware
by
in SecurityNews‘Forever unbrickable’ Wi-Fi 6 box from Banana Pi comes packaged or in kit form First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/openwrt_one_foss_wifi_router/
-
Axians gibt Tipps für NISkonforme Cybersecurity im Gesundheitswesen
by
in SecurityNewsUm Unternehmen und Institutionen im Gesundheitsbereich erfolgreich gegen Cyberangriffe abzusichern, braucht es mehr als in Hardware und Software zu in… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/axians-gibt-tipps-fuer-nis-2-konforme-cybersecurity-im-gesundheitswesen/a36789/