Architecture, Firmware and Surveillance

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. In 2015, the hacker who breached the systems of the Italian surveillance firm Hacking Team leaked a 400GB package containing hacking tools and exploits codes.

Firmware

Firmware Spyware Surveillance Hacking

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

SecureWorld News

JANUARY 9, 2025

Also of concern is the firmware and ROM found on many components that go into the manufacture of systems, nearly of all which are manufactured today in mainland China. Limiting cyberwar funding Development of the Joint Cyber Warfighting Architecture (JCWA) will be restricted until U.S. Cyber Command.

Cybersecurity

Cybersecurity Manufacturing Surveillance Ransomware

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

Zero-Click Attacks a Growing Threat

eSecurity Planet

FEBRUARY 22, 2022

It can even access the chip’s firmware to gain root access on the device, a significant privilege escalation. Standard approaches such as endpoint protection , aggressive patch management, and zero-trust architectures are effective ways to mitigate zero-click threats.

Spyware

Spyware Software Government Social Engineering

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

SEPTEMBER 9, 2024

Patch management: Keeping software and firmware up to date to close security gaps. Ransomware can cripple essential functions until a ransom is paid, while malware may lead to unauthorized control or surveillance of the system. Role-based access control (RBAC): Restricting system access based on user roles and responsibilities.

Firmware

Firmware Encryption Manufacturing Risk

APT trends report Q1 2022

SecureList

APRIL 27, 2022

While we were unable to obtain the same results by analyzing the CERT-UA samples, we subsequently identified a different WhiteBlackCrypt sample matching the WhisperKill architecture and sharing similar code. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology.

Malware

Malware Firmware Government Phishing

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

See translation Will buy 0day/1day RCE in IoT Escrow See translation Hi, I want to buy IoT exploits with devices located in Korea Any architecture There are also offers to purchase and sell IoT malware on dark web forums, often packaged with infrastructure and supporting utilities. Therefore, we did not issue a certificate.

IoT

IoT DDOS Passwords Malware

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

The Mirai botnet contributed to a massive denial of service attack that brought parts of the Internet to a standstill, what was remarkable was that Mariah was constructed from 1000s of Internet of Things devices, namely surveillance cameras. In some cases the artists simply don't have the resources to be updated.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

The Mirai botnet contributed to a massive denial of service attack that brought parts of the Internet to a standstill, what was remarkable was that Mariah was constructed from 1000s of Internet of Things devices, namely surveillance cameras. In some cases the artists simply don't have the resources to be updated.

IoT

IoT Hacking Internet Internet

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

ForAllSecure

OCTOBER 5, 2021

It was for 1000s of compromised, Internet of Things, enabled devices, such as surveillance cameras, residential gateways, internet connected printers, and even in home baby monitors these devices themselves are often thought of as not having much in the way of resources, and really they don't have many computing resources. Probably not.

IoT

IoT DDOS Malware Internet

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

In May, Ars Technica reported that BootGuard private keys had been stolen following a ransomware attack on Micro-Star International (MSI) in March this year (firmware on PCs with Intel chips and BootGuard enabled will only run if it is digitally signed using the appropriate keys).

Hacking

Hacking Energy and Utilities Media Malware

Cyber Security Informer

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Second-ever UEFI rootkit used in North Korea-themed attacks

Trending Sources

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Zero-Click Attacks a Growing Threat

What Is Industrial Control System (ICS) Cyber Security?

APT trends report Q1 2022

Overview of IoT threats in 2023

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

Advanced threat predictions for 2024

Stay Connected