Security Affairs

JANUARY 17, 2025

The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions.

Firmware 107

Firmware Technology Software Manufacturing 107

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware 107

Firmware Hacking Information Security 107

SecureList

JULY 25, 2022

In our APT predictions for 2022 , we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools. In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. an evil maid attack scenario).

Firmware 145

Firmware DNS Malware Technology 145

Krebs on Security

JUNE 8, 2023

More alarmingly, the company said it appears attackers first started exploiting the flaw in October 2022. “One of the goals of malware is to be hard to remove, and this suggests the malware compromised the firmware itself to make it really hard to remove and really stealthy,” Weaver said.

Firmware 341

Firmware Malware Software Ransomware 341

Security Affairs

MARCH 9, 2022

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. High CVE-2022-23924 BRLY-2021-032 SMM heap buffer overflow (arbitrary code execution) 8.2 ” reads the analysis published by Binarly. .

Firmware 98

Firmware Hacking Technology Cybersecurity 98

The Hacker News

JANUARY 12, 2023

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them.

Firmware 105

Firmware Architecture 105

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware 98

Firmware Hacking Cybersecurity Internet 98

The Hacker News

SEPTEMBER 12, 2022

A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure.

Firmware 98

Firmware 98

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware 105

Firmware Engineering Ransomware Malware 105

The Hacker News

DECEMBER 9, 2022

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition.

Firmware 98

Firmware 98

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019).

Phishing 134

Phishing Spyware Firmware Malware 134

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. SOCKS tunneling — Relay communication between different clients.

Firmware 98

Firmware Encryption Government Malware 98

SecureWorld News

DECEMBER 8, 2024

The threat to modern encryption In December 2022, a team of Chinese researchers claimed to have developed a quantum algorithm capable of factoring large integers used in RSA encryption. Ensure quantum-ready hardware: Require that new infrastructure device purchases, such as routers and firewalls, have quantum-resistant or upgradable firmware.

Encryption 116

Encryption Firewall Education Firmware 116

SecureList

APRIL 27, 2022

This is our latest installment, focusing on activities that we observed during Q1 2022. In late February 2022, we identified two archives submitted from network addresses in Ukraine to an online multi-scanner service. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology.

Malware 145

Malware Firmware Government Phishing 145

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. Similarly, at the beginning of February 2022, we noticed a huge spike in the amount of activity related to Gamaredon C&C servers. It directly affected satellite modems firmwares , but was still to be understood as of mid-March.

DDOS 145

DDOS Ransomware Government Energy and Utilities 145

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) If possible, enable automatic firmware updates. Commands are executed as the nobody user.”

Firewall 98

Firewall VPN Firmware Internet 98

The Hacker News

MARCH 22, 2022

Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI).

Firmware 110

Firmware Software 110

Bleeping Computer

NOVEMBER 7, 2021

Microsoft said that the new Windows Update for Business deployment service for drivers and firmware will be available in Microsoft Endpoint Manager and in Microsoft Graph as a public preview starting with the first half of 2022. [.].

Firmware 131

Firmware 131

Malwarebytes

MARCH 24, 2022

CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 CVE-2022-24291 (CVSS 7.5 out of 10) CVE-2022-24292 (CVSS 9.8 out of 10) CVE-2022-24293 (CVSS 9.8 Link-Local Multicast Name Resolution. This is a set of three vulnerabilities, of which two have been rated as critical and one rated “high”. out of 10).

Firmware 145

Firmware DNS Software 145

Security Affairs

JANUARY 9, 2023

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. The most severe flaw is an integer overflow to buffer overflow in Automotive tracked as CVE-2022-33219 (CVSS Score 9.3). ” reads the advisory. .” ” reads the advisory.

Firmware 98

Firmware Manufacturing Software Hacking 98

The Hacker News

APRIL 22, 2022

The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. and earlier

Firmware 103

Firmware 103

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Non-mobile statistics.

Malware 123

Malware Computers and Electronics Adware Cryptocurrency 123

Malwarebytes

MAY 6, 2022

April 2022 was most notable for the emergence of three new ransomware-as-a-service ( RaaS ) groups— Onyx , Mindware , and Black Basta —as well as the unwelcome return of REvil , one of the world’s most notorious and dangerous ransomware operations. Ransomware attacks in April 2022. Known ransomware attacks in April 2022 by country.

Ransomware 95

Ransomware Encryption Accountability Technology 95

The Hacker News

SEPTEMBER 7, 2022

Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. A format string vulnerability was found in a

Firmware 101

Firmware 101

Security Affairs

FEBRUARY 1, 2023

On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw.

Internet 98

Internet Internet Firmware IoT 98

Malwarebytes

JULY 13, 2022

Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. LockBit was the most widely-distributed ransomware in March, April, and May 2022, and its total of 263 spring attacks was more than double the number of Conti, the variant in second place.

Ransomware 122

Ransomware Manufacturing Government Computers and Electronics 122

eSecurity Planet

JULY 8, 2022

“With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS. The post Best Disaster Recovery Solutions for 2022 appeared first on eSecurityPlanet. Also see the Best Business Continuity Solutions.

Backups 142

Backups Ransomware Technology Marketing 142

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal).

Ransomware 88

Ransomware Phishing Accountability Technology 88

Malwarebytes

APRIL 11, 2022

In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. The post Ransomware: March 2022 review appeared first on Malwarebytes Labs.

Ransomware 90

Ransomware Accountability Technology Firmware 90

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware 98

Firmware VPN Risk Cybersecurity 98

Malwarebytes

AUGUST 1, 2022

This web server is present in Arris firmware which can be found in several router models. released June 1, 2022). Unfortunately the Arris firmware is based on the vulnerable version of muhttpd. Derek Abdine found several vulnerabilities, one of which is: CVE-2022-31793 : Path traversal from the filesystem root.

Firmware 145

Firmware Internet Internet Passwords 145

Security Affairs

NOVEMBER 9, 2022

Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Firmware 107

Firmware Manufacturing Hacking Software 107

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. “CVE-2022-22071 was included in our May 2022 public bulletin. ” reads the advisory.

Firmware 124

Firmware Surveillance Authentication Manufacturing 124

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. ” concludes the report.

Firewall 143

Firewall Hacking Firmware Internet 143

Malwarebytes

DECEMBER 18, 2022

Which brings us to our first example: CVE-2022-34718 , a Windows TCP/IP Remote Code Execution (RCE) vulnerability with a CVSS rating of 9.8. The most accepted definition is: “A zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.”

Software 93

Software Risk Firmware Internet 93

Bleeping Computer

DECEMBER 12, 2023

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [.]

Firewall 105

Firewall Firmware 105