Firmware and Hacking - Cyber Security Informer

Hacking the Sony Playstation 5

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The two exploits are particularly notable due to the level of access they theoretically give to the PS5’s software.

Hacking

Hacking Firmware Engineering Software

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware

Firmware Telecommunications System Administration Malware

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast.

Firmware

Firmware Hacking Internet Internet

Conti ransomware targeted Intel firmware for stealthy attacks

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware

Firmware Ransomware Cybercrime Hacking

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware

Firmware Firewall Internet Internet

Hacking a Power Supply

Schneier on Security

JULY 21, 2020

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Hacking

Hacking Firmware

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The three buffer overflow vulnerabilities in UEFI firmware, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, were discovered by researchers from ESET. SecurityAffairs – hacking, Lenovo).

Firmware

Firmware Hacking Technology Information Security

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware

Firmware Cybersecurity Encryption Financial Services

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S.

Firmware

Firmware Hacking Software Surveillance

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Security Affairs

JULY 25, 2022

Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. SecurityAffairs – hacking, CosmicStrand).

Firmware

Firmware Malware Hacking Information Security

Exploiting embedded APIs by dumping firmware

Security Boulevard

FEBRUARY 14, 2023

Hack the hardware to find the firmware and swipe the source code of APIs under security testing. The post Exploiting embedded APIs by dumping firmware appeared first on Dana Epp's Blog. The post Exploiting embedded APIs by dumping firmware appeared first on Security Boulevard.

Firmware

Firmware Hacking

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. SecurityAffairs – hacking, iLOBleed). ” reads the report published by the expers.

Firmware

Firmware Malware System Administration Technology

Some firmware bugs in HP business devices are yet to be fixed

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware

Firmware Hacking Information Security

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

. “The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SonicWall)

Firewall

Firewall Hacking Firmware Internet

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware). Pierluigi Paganini.

Firmware

Firmware Manufacturing Malware Hacking

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

Crashing iPhones with a Flipper Zero

Schneier on Security

NOVEMBER 6, 2023

The Flipper Zero is an incredibly versatile hacking device. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups.

Firmware

Firmware Hacking Software

Hacking Hardware Security Modules

Schneier on Security

JUNE 20, 2019

Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials.

Firmware

Firmware Hacking Manufacturing Banking

Playstation 5 hacked—twice!

Malwarebytes

NOVEMBER 10, 2021

Fa i l0verflow , the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen , a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks. A root key is used to decrypt and reverse engineer the console’s firmware.

Hacking

Hacking Firmware Retail Engineering

Security News in Review: Google’s Project Zero Shuts Down Counterterrorist Hacking Team; Enterprises See Rise in Firmware Attacks

Security Boulevard

APRIL 3, 2021

This weekend on security news in review, we have some new data on firmware attacks against global enterprises, insights into how much damage ransomware has caused the healthcare industry, and the Department of Homeland Security laying out a new cybersecurity strategy. .

Firmware

Firmware Hacking Healthcare Ransomware

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Security Affairs

MARCH 9, 2022

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The most severe of the vulnerabilities discovered by the researchers are memory corruption issues affecting the System Management Mode (SMM) of the firmware.

Firmware

Firmware Hacking Technology Cybersecurity

Intel addresses 2 high-severity issues in BIOS firmware of several processors

Security Affairs

NOVEMBER 16, 2021

Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel disclosed two high-severity vulnerabilities that affect the BIOS firmware in several processor families, both vulnerabilities have received a CVSS v3 score of 8.2.

Firmware

Firmware Risk Hacking

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Encryption Ransomware Advertising

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack

Security Affairs

JANUARY 27, 2023

Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560, that impacts more than 100 printer models.

Firmware

Firmware Hacking

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking

Hacking IoT Firmware Cybersecurity

SecTor Episode MMXXI: Return of The Hack Lab

Security Boulevard

OCTOBER 10, 2021

I’m happy to announce that arrangements have now been finalized for the Tripwire team to return for the Tripwire VERT Hack Lab at the MTCC! We will be bringing some new hardware devices as well as a new virtualized hack target. This new virtual target, an ASUS DSL modem with recent firmware, can be compromised […]… Read More.

Hacking

Hacking Firmware

SonicWall devices infected by malware that survives firmware upgrades

Bleeping Computer

MARCH 9, 2023

A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns. [.]

Firmware

Firmware Malware Mobile Hacking

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT

IoT Government Firmware Hacking

SonicWall releases second firmware updates for SMA 100 vulnerability

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. Early February, SonicWall released the first firmware updates (version 10.2.0.5-29sv)

Firmware

Firmware Mobile Hacking Information Security

Hackers infect TP-Link router firmware to attack EU entities

Bleeping Computer

MAY 16, 2023

A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to attack European foreign affairs organizations. [.]

Firmware

Firmware Malware Hacking

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Hacking Group Has PS5 Root Encryption Keys

Heimadal Security

NOVEMBER 15, 2021

A hacking group dubbed Fail0verflow announced on Twitter that they have got the PS5 root encryption keys. These types of keys are usually used to perform PS5’s firmware decryption. The post Hacking Group Has PS5 Root Encryption Keys appeared first on Heimdal Security Blog.

Encryption

Encryption Hacking Firmware Software

Intel addresses High-Severity flaws in NUC Firmware and other tools

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware

Firmware Authentication Advertising Hacking

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

BlackLotus Malware Hijacks Windows Secure Boot Process

Schneier on Security

MARCH 8, 2023

These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.

Malware

Malware Firmware Software Hacking

Hacking the Sony Playstation 5

Android devices shipped with backdoored firmware as part of the BADBOX network

Trending Sources

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Conti ransomware targeted Intel firmware for stealthy attacks

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Hacking a Power Supply

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Firmware attacks, a grey area in cybersecurity of organizations

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Exploiting embedded APIs by dumping firmware

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Some firmware bugs in HP business devices are yet to be fixed

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Crashing iPhones with a Flipper Zero

Hacking Hardware Security Modules

Playstation 5 hacked—twice!

Security News in Review: Google’s Project Zero Shuts Down Counterterrorist Hacking Team; Enterprises See Rise in Firmware Attacks

Western Digital customers have to update their My Cloud devices to latest firmware version

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Intel addresses 2 high-severity issues in BIOS firmware of several processors

QNAP urges users to update NAS firmware and app to prevent infections

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

SecTor Episode MMXXI: Return of The Hack Lab

SonicWall devices infected by malware that survives firmware upgrades

Japanese Government Will Hack Citizens' IoT Devices

SonicWall releases second firmware updates for SMA 100 vulnerability

Hackers infect TP-Link router firmware to attack EU entities

Hikvision cameras could be remotely hacked due to critical flaw

Hacking IoT & RF Devices with BürtleinaBoard

Over 80,000 Hikvision cameras can be easily hacked

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Hacking Group Has PS5 Root Encryption Keys

Intel addresses High-Severity flaws in NUC Firmware and other tools

An RCE in Annke video surveillance product allows hacking the device

BlackLotus Malware Hijacks Windows Secure Boot Process

Stay Connected