Remove 2013 Remove Firmware Remove Surveillance
article thumbnail

MoonBounce: the dark side of UEFI firmware

SecureList

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware 145
article thumbnail

APT trends report Q1 2022

SecureList

In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology. Further analysis showed that the attackers modified a single component within the firmware to append a payload to one of its sections and incorporate inline hooks within particular functions.

Malware 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Hacker Mind: Hacking IoT

ForAllSecure

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. So that could be one of the things that affects that we're seeing a lot of firmware that is being reused across different devices, or are the same libraries like all over these across different projects.

IoT 52
article thumbnail

The Hacker Mind: Hacking IoT

ForAllSecure

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. So that could be one of the things that affects that we're seeing a lot of firmware that is being reused across different devices, or are the same libraries like all over these across different projects.

IoT 52
article thumbnail

Over 100 million Hikvision devices hit by critical cyber vulnerability

CyberSecurity Insiders

China-based video surveillance related product offering company Hikvision has issued a security advisory saying that all those using their security cameras and NVRs must know a critical vulnerability on its devices that could allow hackers to take control of the cameras and use them as bots to launch DDoS or other related attacks.