Security Affairs

MAY 19, 2020

“There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012. ” concludes Palo Alto Networks.

IoT 141

IoT DDOS Authentication Advertising 141

Security Affairs

JULY 10, 2022

According to the experts, the issue affects all Honda vehicles on the market (From the Year 2012 up to the Year 2022). But the recommended mitigation strategy is to upgrade the vulnerable BCM firmware through Over-the-Air (OTA) Updates if feasible. Therefore, those commands can be used later to unlock the car at will.”

Firmware 100

Firmware Marketing Engineering Hacking 100

Security Affairs

DECEMBER 25, 2018

The flaw tracked as CVE-2018-20377 is known at least since 2012 when Rick Murray described it in a blog post. . “This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. Mursch also reported that many exposed devices use default credentials (i.e. admin/admin).

Passwords 110

Passwords Wireless Advertising Firmware 110

Malwarebytes

JANUARY 12, 2022

Patches that can cause problems include the following: KB5009624 for Server 2012 R2 KB5009595 for Server 2012 R2 KB5009546 for Server 2016 KB5009557 for Server 2019. The Windows Platform Binary Table is a fixed firmware ACPI (Advanced Configuration and Power Interface) table. It’s unclear if Server 2022 is similarly impacted.

Authentication 123

Authentication Firmware Passwords Technology 123

Malwarebytes

APRIL 28, 2022

of Netatalk was released in July 2012. Western Digital removed Netatalk from its firmware, released on January 10, 2022. Netatalk is a free, open-source implementation of AFP that allows the Unix-like operating systems (that frequently power NAS devices) to serve as a file server for macOS systems. Version 3.0 Not just QNAP.

Firmware 95

Firmware Backups Internet Internet 95

Security Affairs

OCTOBER 20, 2018

CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware 94

Firmware IoT VPN Authentication 94

Thales Cloud Protection & Licensing

JUNE 26, 2024

has stated the following transition timeline, outlining the urgent use cases to implement PQC and by what date: Software and firmware signing: begin transitioning immediately, support and prefer CNSA 2.0 Incorporation of ISO standards for broader compatibility (aligned with ISO/IEC 19790:2012(E)). Announced in September 2022, CNSA 2.0

Firmware 62

Firmware Encryption Software Engineering 62

eSecurity Planet

FEBRUARY 15, 2022

Update and patch operating systems, software, and firmware as soon as updates and patches are released. or Windows Server (2008 R2 SP1, 2012 Gold) allows attackers to execute arbitrary code via crafted HTTP requests. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.

Ransomware 129

Ransomware Encryption Backups Accountability 129

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile. 8, 15.0.0.0/8, 8, 16.0.0.0/8,

Malware 144

Malware DNS Encryption Ransomware 144

eSecurity Planet

JUNE 10, 2024

The fix: Zyxel issued firmware patches 5.21(AAZF.17)C0 This vulnerability ( CVE-2024-4577 ) exploits a Windows encoding conversion feature to bypass CVE-2012-1823 protections. 17)C0 for NAS326 and 5.21(ABAG.14)C0 14)C0 for NAS542 to address serious issues CVE-2024-29972 , CVE-2024-29973 , and CVE-2024-29974.

Malware 81

Malware Authentication Software Telecommunications 81

SecureList

MARCH 1, 2021

The manufacturer of the mobile device preloads an adware application or a component with the firmware. It could only make its way there via another Trojan that exploited system privileges or as part of the firmware. This is a typical example of the kind of old-school text-message scams that were popular in 2011 and 2012.

Mobile 145

Mobile Malware Adware Banking 145

NopSec

DECEMBER 7, 2016

Remember Shamoon, the malware that disabled some 35,000 computers at one of the world’s largest oil companies in 2012? Perhaps most troubling, attackers occasionally target the device firmware of industrial control systems. If you’ve read cybersecurity news lately, you’ve probably heard that it’s back.

Cyber threats 40

Cyber threats Ransomware Cyber Attacks Government 40

eSecurity Planet

NOVEMBER 7, 2022

Firmware Rootkit. A firmware rootkit uses device or platform firmware to create a persistent malware image in the router, network card, hard drive or the basic input/output system (BIOS). The rootkit is able to remain hidden because firmware is not usually inspected for code integrity.

Firmware 118

Firmware Malware Antivirus Firewall 118

Veracode Security

SEPTEMBER 23, 2021

On the other hand, static application security testing (SAST) or a manual code review would have found it. My first stint at Veracode was in 2012, after six years working as an application security consultant. The name of the parameter was undocumented and not easy to guess. Here's an example of a CycloneDX SBOM in JSON format: ?

Software 93

Software Penetration Testing Firmware Government 93

Security Boulevard

SEPTEMBER 23, 2021

My first stint at Veracode was in 2012, after six years working as an application security consultant. The name of the parameter was undocumented and not easy to guess. On the other hand, static application security testing (SAST) or a manual code review would have found it. . Application . Container . Framework . Operating System .

Software 59

Software Penetration Testing Firmware Government 59

ForAllSecure

AUGUST 2, 2022

And people are talking about hacking control system tackling PLCs and what we quickly realize is they don't they've never touched to be able to say they have no idea what these control systems are how they work their security researchers, you know that that maybe the firmware or maybe they found a program or something somewhere.

Hacking 40

Hacking Computers and Electronics InfoSec Software 40

SecureList

NOVEMBER 14, 2022

In both cases, we described new UEFI firmware bootkits that managed to propagate malicious components from the deepest layers of the machine up to Windows’ user-land. CobaltStrike, released in 2012, is a threat emulation tool designed to help red teams understand the methods an attacker can use to penetrate a network.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

ForAllSecure

FEBRUARY 10, 2021

” So should analyzing a device’s firmware for security flaws be considered illegal? In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. As Stuart Brand said back in 1984 “information wants to be free.”

InfoSec 52

InfoSec Manufacturing Technology Software 52

ForAllSecure

FEBRUARY 10, 2021

” So should analyzing a device’s firmware for security flaws be considered illegal? In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. As Stuart Brand said back in 1984 “information wants to be free.”

InfoSec 52

InfoSec Manufacturing Technology Software 52