Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware 143

Firmware Hacking Authentication Advertising 143

Security Boulevard

JUNE 21, 2024

ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8

Authentication 59

Authentication Firmware 59

Security Boulevard

APRIL 27, 2021

Cigent Technology today launched Cigent Data Defense, an offering that combines existing multifactor authentication and encryption capabilities to secure sensitive data residing on solid-state drives (SSDs). The post Cigent Technology Extends Firmware to Secure SSDs appeared first on Security Boulevard.

Firmware 102

Firmware Technology Encryption Authentication 102

Bleeping Computer

JUNE 15, 2024

ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. [.]

Authentication 104

Authentication Firmware 104

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. It offers a combined single-sign-on (SSO) web portal to authenticate users, so intercepting user credentials would give an attacker that is after sensitive information a huge advantage.

Firmware 94

Firmware Malware Encryption Authentication 94

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 116

Firmware Technology Authentication IoT 116

Threatpost

JULY 1, 2021

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.

Authentication 95

Authentication Firmware 95

Heimadal Security

OCTOBER 10, 2022

On Friday, a Twitter account going by the handle “freak” shared links to what they claimed to be the UEFI firmware source code for Intel Alder Lake, which they claim was made available by 4chan. Intel confirms the source code leak for the UEFI BIOS is authentic. Alder Lake is the name of the company’s […].

Authentication 84

Authentication Firmware Accountability Cybersecurity 84

SC Magazine

FEBRUARY 3, 2021

x firmware. x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. . SonicWall’s firmware update to version 10.2.0.5-29sv The post SonicWall issues firmware patch after attackers exploited critical bugs appeared first on SC Media. SonicWall). 31 and Feb.

Firmware 95

Firmware Mobile InfoSec Passwords 95

Security Boulevard

NOVEMBER 19, 2021

As you might expect, that company “strongly recommends that you download the latest firmware as soon as possible”. That sounds normal until you consider the totality of vulnerable products versus the ones getting updates (those models under active … Continue reading NETGEAR meltdown: CVE-2021-34991 “Pre-Authentication Buffer Overflow” ?.

Authentication 83

Authentication Firmware Network Security 83

Security Affairs

AUGUST 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

Firmware 104

Firmware Authentication Advertising Hacking 104

The Hacker News

JUNE 26, 2024

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Firmware 135

Firmware Authentication 135

Bleeping Computer

JULY 12, 2024

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [.]

Firmware 97

Firmware Authentication 97

Security Affairs

NOVEMBER 5, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Organizations using VHD PTZ camera firmware < 6.3.40 reads the analysis published by GreyNoise.

Firmware 122

Firmware Manufacturing Authentication Healthcare 122

Bleeping Computer

JUNE 11, 2023

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. [.]

VPN 145

VPN Firmware Authentication 145

ForAllSecure

DECEMBER 16, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware 52

Firmware Architecture Engineering Authentication 52

ForAllSecure

DECEMBER 15, 2020

Netgear N300 MIPS firmware image. What's Special about Firmware? Fuzzing firmware presents a specific set of challenges that are not often present together in other targets. In this post, we will cover how to deal with each one of these challenges in the firmware fuzzing context. Is a MIPS Linux firmware.

Firmware 52

Firmware Architecture Engineering Authentication 52

Bleeping Computer

JULY 12, 2024

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [.]

Firmware 84

Firmware Authentication 84

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. . “Organizations using VHD PTZ camera firmware < 6.3.40 CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware 120

Firmware Manufacturing Healthcare IoT 120

Security Affairs

DECEMBER 30, 2022

The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. “NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability” reads the advisory published by the company.

Firmware 98

Firmware Wireless Authentication Hacking 98

SecureWorld News

NOVEMBER 7, 2024

Strong authentication: Each device, no matter how small, should have strong, unique authentication measures to prevent unauthorized access. Firmware integrity checks: Regularly check that each device's firmware is up to date and verified—especially when outdated firmware is one of the most common entry points for attackers.

IoT 79

IoT Firmware Encryption Authentication 79

Security Boulevard

JANUARY 31, 2024

Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration. The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration.

IoT 119

IoT Firmware Authentication Risk 119

SecureList

JUNE 11, 2024

Second, terminals can be connected to other scanners, such as electronic pass readers, or support other authentication methods using built-in hardware. External appearance of the device The device has several physical interfaces, supporting four authentication methods: biometric (facial recognition), password, electronic pass, and QR code.

Firmware 99

Firmware Authentication Passwords Risk 99

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 77

Authentication Risk Mobile Computers and Electronics 77

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall 98

Firewall Firmware VPN Authentication 98

Schneier on Security

SEPTEMBER 17, 2020

When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.

Authentication 363

Authentication Social Engineering Firmware Engineering 363

Penetration Testing

JULY 14, 2024

Netgear, a leading provider of networking hardware, has issued a security advisory urging users to update the firmware on several of its popular product models.

Firmware 65

Firmware Authentication Cybersecurity 65

Tech Republic Security

MARCH 22, 2021

The security key is built on open source hardware and firmware, making it a universal factor authentication device instead of a two-factor authentication device.

Firmware 128

Firmware Authentication Cybersecurity 128

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 62

Authentication Risk Mobile Computers and Electronics 62

Security Affairs

JUNE 14, 2024

CVE-2024-4358 is an authentication bypass vulnerability that an unauthenticated attacker can exploit to gain access to Telerik Report Server restricted functionality. CVE-2024-26169 is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges.

Firmware 130

Firmware Authentication Hacking Cybersecurity 130

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 143

Firmware Authentication Hacking Software 143

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The flaws affected multiple products including the following smart switches, below is the list of the impacted devices and related firmware fixes: GC108P fixed in firmware version 1.0.8.2

Firmware 128

Firmware Authentication Passwords Hacking 128

Schneier on Security

NOVEMBER 15, 2019

In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsecVPN that uses a TPM to generate the digital signatures for authentication. Intel has a firmware update.

Firmware 223

Firmware Authentication Manufacturing 223

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 98

Firmware Authentication Software Hacking 98

Security Affairs

JUNE 5, 2024

CVE-2024-29975 : This improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 and NAS542 devices could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. The vulnerabilities affect NAS326 running firmware versions 5.21(AAZF.16)C0

Firmware 127

Firmware Authentication Manufacturing Hacking 127

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords 352

Passwords Authentication Firmware Accountability 352

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall 275

Firewall Firmware VPN IoT 275