SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware 145

Firmware Malware Encryption Passwords 145

Security Boulevard

JANUARY 4, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). For EOL devices, depending on model and/or submodel, users may be able to flash firmware (such as OpenWRT) to extend the life of the device.

Data breaches 52

Data breaches Firmware Healthcare Malware 52

Malwarebytes

OCTOBER 5, 2021

United Extensible Firmware Interface (UEFI). UEFI is a specification for the firmware that controls the first stages of booting up a computer, before the operating system is loaded. (It’s It’s been a feature of the Xbox One gaming console since 2013, but doesn’t exit in PCs… yet.

Firmware 128

Firmware Technology Software Social Engineering 128

Pen Test Partners

MARCH 30, 2025

Mitigations include using complex passwords, isolating IPMI on restricted networks, and regularly updating firmware despite infrequent patches. A large portion of these vulnerabilities are through buffer overflow which has been a trend all the way from 2013 to 2017. What is IPMI and how is it used?

Passwords 72

Passwords Firmware Authentication Media 72

Pen Test Partners

SEPTEMBER 9, 2024

Encryption: End-to-end encryption isn’t enabled by default for doorbells but should be activated. Ring started in 2013, offering video doorbells that let you see and talk to visitors from your phone. Enhanced encryption protocols now provide better protection against unauthorised access to Wi-Fi credentials.

Firmware 64

Firmware Encryption Passwords Authentication 64

Malwarebytes

FEBRUARY 1, 2023

When American store Target found a Trojan designed to steal card details on its POS (point-of-sale) systems in 2013, no one expected that the route into its secure environment was its heating, ventilation, and air conditioning (HVAC) supplier, Fazio Mechanical Services. Think of it as Let's Encrypt for code signing.

Software 87

Software Risk Backups Technology 87

NopSec

DECEMBER 7, 2016

Modern variants of ransomware, called crypto ransomware, entomb the files stored on a hard drive using strong encryption. Perhaps most troubling, attackers occasionally target the device firmware of industrial control systems. If the victim wishes them back, they will have to pay a ransom.

Cyber threats 40

Cyber threats Ransomware Cyber Attacks Government 40