The Hacker News

JANUARY 12, 2023

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them.

Firmware 105

Firmware Architecture 105

Security Affairs

AUGUST 17, 2022

The ÆPIC Leak ( CVE-2022-21233 ) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs. Unlike Meltdown and Spectre , ÆPIC Leak is an architectural bug , which means that the sensitive data are disclosed without relying on side channel attacks.

Architecture 100

Architecture Firmware Software Information Security 100

Security Affairs

FEBRUARY 18, 2025

we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior. Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs!

Firewall 63

Firewall Firmware Authentication VPN 63

SecureWorld News

FEBRUARY 20, 2025

Experts warn that organizations must act decisively to protect against this growing threat by implementing Zero Trust architectures, patching vulnerabilities, and strengthening identity security. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware 132

Firmware Architecture Advertising Manufacturing 132

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0.

Firmware 145

Firmware Technology Advertising Authentication 145

Google Security

OCTOBER 15, 2024

In Android, which runs on billions of devices and is one of our most critical platforms, we've already made strides in adopting MSLs, including Rust, in sections of our network, firmware and graphics stacks. The security architecture of the chromium browser." link] ↩ [link] ↩ Kern, C. ACM 67, 6 (June 2024), 52–60.

Computers and Electronics 116

Computers and Electronics Software Risk Architecture 116

Security Boulevard

AUGUST 17, 2021

But Zero Trust Architecture is incomplete without device firmware and hardware verification. The post Three Steps to Complete Your Zero Trust Architecture appeared first on Security Boulevard. Three simple checks on device […].

Architecture 59

Architecture Firmware Accountability 59

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 145

Firmware Architecture Malware Hacking 145

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware 145

Firmware Spyware Surveillance Hacking 145

CSO Magazine

FEBRUARY 13, 2023

However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware could enable deep lateral movement through the point-to-point and other non-routable connections they maintain to other low-level devices. To read this article in full, please click here

Firmware 116

Firmware Architecture Technology Risk 116

Google Security

OCTOBER 9, 2023

As part of our efforts to harden firmware on Android devices , we are increasingly using Rust in these bare-metal environments too. To that end, we have rewritten the Android Virtualization Framework’s protected VM (pVM) firmware in Rust to provide a memory safe foundation for the pVM root of trust.

Firmware 140

Firmware Architecture Engineering 140

ForAllSecure

DECEMBER 16, 2020

Whether it be routers, IoT devices or SCADA systems, they are very varied in architecture, use case, and purpose. Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. Non-x86 processor architecture.

Firmware 52

Firmware Engineering Architecture Authentication 52

ForAllSecure

DECEMBER 15, 2020

Whether it be routers, IoT devices or SCADA systems, they are very varied in architecture, use case, and purpose. Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. Non-x86 processor architecture.

Firmware 52

Firmware Engineering Architecture Authentication 52

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system.

Firmware 129

Firmware DNS Advertising Architecture 129

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices.

Architecture 145

Architecture DDOS Advertising DNS 145

Security Boulevard

APRIL 17, 2025

These weaknesses, combined with increased attacker sophistication, demand more than incremental improvements and require architectural change. Real-World Relevance: Fortinet & Palo Alto Compromises The recent Fortinet and PAN-OS compromises underscore why this architectural shift matters. Download now.

Firewall 59

Firewall VPN Encryption Architecture 59

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence.

Malware 111

Malware Firmware Architecture Firewall 111

eSecurity Planet

NOVEMBER 4, 2021

The unranked list contains 12 entries that categorize data found in hardware programming, design, and architecture. CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. The most popular firmware is BIOS and UEFI.

Software 117

Software Firmware Computers and Electronics Risk 117

CSO Magazine

OCTOBER 4, 2022

These include a new Zero Trust Center of Excellence for validating a zero-trust architecture for commercial enterprises, as well as new security advisory/vulnerability management services and products designed to enhance cybersecurity across hardware, firmware, software, and object storage.

Cybersecurity 79

Cybersecurity Firmware Architecture Technology 79

The Last Watchdog

JUNE 27, 2023

The models of the EM-30 and S-56(u) series, which are available as an embedded component in the form of an e.MMC or as flexible, interchangeable SD memory cards, offer maximum reliability due to proven firmware architecture. They also guarantee 100% data security. specifications and is fully backward compatible.

IoT 184

IoT Manufacturing Media Technology 184

Malwarebytes

FEBRUARY 24, 2022

But the NCSC warns that it is likely that Sandworm is capable of compiling the same or very similar malware for other architectures and firmware. When it comes to infected appliances, Cyclops Blink persists on reboot and throughout the legitimate firmware update process.

Malware 145

Malware Firewall Firmware DDOS 145

Security Affairs

DECEMBER 13, 2021

Threat actors can execute code by exploiting an unpatched or new security issue over-the-air, or abusing the local OS firmware update mechanism. For example, a new firmware version will not physically remove shared memory from a chip or adjust for arbitrary jitter in a serial protocol. ” concludes the paper. Pierluigi Paganini.

Wireless 113

Wireless Firmware Mobile Passwords 113

Kali Linux

MARCH 18, 2025

Raspberry Pi There has been various Raspberry Pi image changes for 2025.1a: A newer package, raspi-firmware , is now being used. We now use the same raspi-firmware package as Raspberry Pi OS. However, the Nexmon firmware is not included in this release. A new kernel , which is based on version 6.6.74

Firmware 119

Firmware Architecture Hacking Software 119

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT 145

IoT DDOS Architecture Passwords 145

Krebs on Security

JUNE 15, 2023

On June 11, Fortinet released a half-dozen security updates for its FortiOS firmware, including a weakness that researchers said allows an attacker to run malware on virtually any Fortinet SSL VPN appliance. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk 269

Risk VPN Internet Internet 269

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS 98

DDOS Firmware VPN Firewall 98

Security Affairs

JUNE 18, 2019

.” The RCE flaw affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered. The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered.

Architecture 97

Architecture Advertising Firmware IoT 97

SecureList

SEPTEMBER 29, 2022

By mid-August 2022, Schneider Electric had released an update for the EcoStruxure™ Control Expert software, as well as for Modicon M340 and Modicon M580 PLC firmware, that fixes the vulnerability. UMAS is based on a client-server architecture. UMAS also inherits the Modbus client-server architecture.

Firmware 108

Firmware Passwords Authentication Engineering 108

Pen Test Partners

AUGUST 4, 2024

TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. You’re stuck disassembling yet another firmware blob stripped of symbols and lacking any handy reference strings. With firmware dumps, it’s rare we know these specifics. Background Oh no! requires a new FID database.

Firmware 80

Firmware Architecture Engineering Accountability 80

SC Magazine

APRIL 9, 2021

“Then you’ve got to figure out how to integrate the solutions into a much broader architecture around 5G that would provide the connectivity,” he said. “So, So, for example, if you’re enclaving off a bunch of IoT devices so that they are protected from the internet, you may also be protecting them from firmware updates.

Manufacturing 114

Manufacturing IoT Firmware Architecture 114

Security Boulevard

SEPTEMBER 1, 2023

Permalink The post BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition appeared first on Security Boulevard. Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel.

Firmware 45

Firmware Architecture CISO Education 45

Security Affairs

APRIL 14, 2022

“The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices. . “The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices.

Passwords 139

Passwords Backups Architecture Cyber Attacks 139

Malwarebytes

OCTOBER 5, 2021

United Extensible Firmware Interface (UEFI). UEFI is a specification for the firmware that controls the first stages of booting up a computer, before the operating system is loaded. (It’s Windows 11 comes ready to embrace the impressively-named Pluton TPM architecture.

Firmware 131

Firmware Technology Software Social Engineering 131

Security Affairs

MARCH 21, 2020

Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 “Upon execution, the zi script downloads different architectures of Mirai bot, runs the downloaded binaries, and removes the binaries. are vulnerable to this pre-authentication command injection vulnerability. The vendor advisory is also available.

DDOS 134

DDOS Authentication Advertising Firmware 134

Security Affairs

MARCH 18, 2022

In fact, Ericsson Network Manager is an Operations support system (‘OSS’ according to network jargon) , which allows the management of all the devices interconnected to it, ensuring the management of configurations, firmware updates and all automation and maintenance operations of an advanced mobile radio network.

Mobile 116

Mobile Firmware Architecture Technology 116