Remove 2021 Remove Firmware Remove Information Security
article thumbnail

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware 145
article thumbnail

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Some firmware bugs in HP business devices are yet to be fixed

Security Affairs

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. When a code is sent to the SMM, the operating system is suspended and a portion of the UEFI/BIOS firmware executes various commands with elevated privileges and with access to all the data and hardware.

Firmware 115
article thumbnail

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Security Affairs

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. High CVE-2021-39298 BRLY-2021-004 SMM callout (privilege escalation) 8.8 High CVE-2022-23932 BRLY-2021-040 SMM callout (privilege escalation) 8.2

article thumbnail

SonicWall releases second firmware updates for SMA 100 vulnerability

Security Affairs

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. ” reads the security advisory. reads the advisory.

Firmware 111
article thumbnail

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

Firmware 145
article thumbnail

CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

Security Affairs

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware 135