Penetration Testing

SEPTEMBER 30, 2024

Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware 135

Firmware Risk Cybersecurity 135

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Security Affairs

JANUARY 31, 2025

Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) warned that three flaws in Contec CMS8000 and Epsimed MN-120 patient monitors could endanger patients when connected to the internet. cramfs CMS8000 Patient Monitor: Firmware version CMS7.820.075.08/0.74(0.75) ” reads the advisory.

Firmware 92

Firmware Healthcare Cybersecurity Internet 92

The Hacker News

MARCH 8, 2022

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. have been uncovered in HP's UEFI firmware. The shortcomings, which have CVSS scores ranging from 7.5

Firmware 132

Firmware Cybersecurity 132

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware 143

Firmware Malware System Administration Technology 143

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty.

Firmware 106

Firmware Manufacturing Malware Authentication 106

Heimadal Security

APRIL 20, 2022

Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use. By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices.

Firmware 122

Firmware Cybersecurity 122

SecureWorld News

JANUARY 9, 2025

military fiscal year 2025 dedicates approximately $30 billion to cybersecurity , marking it as a crucial focus in the broader $895.2 Richard Staynings , Chief Security Strategist for IoT security company Cylera and teaching professor for cybersecurity at the University of Denver, provides comments throughout. billion military budget.

Cybersecurity 108

Cybersecurity Manufacturing Surveillance Ransomware 108

The Hacker News

JULY 13, 2022

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models.

Firmware 121

Firmware Cybersecurity 121

Penetration Testing

SEPTEMBER 30, 2024

These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware 114

Firmware Technology Cybersecurity 114

SecureWorld News

NOVEMBER 7, 2024

The journey from sensors in the field to servers in the control room is a cybersecurity tightrope journey. Firmware integrity checks: Regularly check that each device's firmware is up to date and verified—especially when outdated firmware is one of the most common entry points for attackers.

IoT 108

IoT Firmware Encryption Authentication 108

Penetration Testing

JULY 11, 2024

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware 114

Firmware Wireless Risk Cybersecurity 114

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. ” concludes the report.

Firmware 120

Firmware Government Firewall Malware 120

Penetration Testing

OCTOBER 31, 2024

Hikvision, a leading provider of network cameras and surveillance systems, has released firmware updates to address a security vulnerability that could expose users’ Dynamic DNS credentials.

Firmware 80

Firmware DNS Surveillance Cybersecurity 80

The Hacker News

MAY 31, 2023

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023.

Firmware 98

Firmware Cybersecurity 98

Security Affairs

NOVEMBER 6, 2024

Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest. Midnight Blue assumes all Synology firmware versions before the patch are vulnerable, so users should apply the patch immediately. 10053 or above) Synology Photos 1.6

Firmware 123

Firmware Manufacturing Hacking Media 123

Penetration Testing

DECEMBER 1, 2024

This new threat exploits the LogoFAIL vulnerability (CVE-2023-40238), a UEFI firmware flaw,... The post Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238) appeared first on Cybersecurity News.

Firmware 64

Firmware Cybersecurity Malware 64

The Last Watchdog

AUGUST 26, 2024

The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware 100

Firmware IoT Manufacturing Cyber Risk 100

Penetration Testing

OCTOBER 17, 2024

Cisco has recently disclosed a series of high-severity vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter firmware, including both on-premises and multiplatform variants. These vulnerabilities present a significant... The post Cisco ATA 190 Series Analog Telephone Adapter Firmware Flaws Exposed: Patch Now!

Firmware 83

Firmware Cybersecurity 83

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware 98

Firmware Encryption Government Malware 98

Penetration Testing

OCTOBER 18, 2024

Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W.

Firmware 78

Firmware Cybersecurity 78

Penetration Testing

MARCH 18, 2025

In a recent security advisory, the Cybersecurity and Infrastructure Security Agency (CISA) revealed multiple critical vulnerabilities impacting Sungrows The post Critical Vulnerabilities Found in Sungrow iSolarCloud App and WiNet Firmware appeared first on Cybersecurity News.

Firmware 64

Firmware Cybersecurity 64

Schneier on Security

OCTOBER 3, 2019

Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. They look at the actual firmware. It represents a wide range of either found in the home, enterprise or government deployments.

IoT 240

IoT Firmware Data collection Architecture 240

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware 76

Ransomware Backups Firmware Insurance 76

The Last Watchdog

MAY 16, 2022

You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach. The same technologies that make supply chains faster and more effective also threaten their cybersecurity,” writes David Lukic , a privacy, security, and compliance consultant.

Cyber Attacks 273

Cyber Attacks Firmware Artificial Intelligence Manufacturing 273

Dark Reading

APRIL 28, 2023

Software bugs are ubiquitous, and we're familiar with hardware threats. But what about the gap in the middle? Two researchers at Black Hat Asia will attempt to focus our attention there.

Firmware 99

Firmware Cybersecurity Software 99

Penetration Testing

DECEMBER 3, 2024

Zyxel Networks has released firmware updates to address multiple vulnerabilities affecting a range of its networking products, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, fiber ONTs, and WiFi extenders. The... The post Protect Your Network: Zyxel Issues Firmware Updates appeared first on Cybersecurity News.

Firmware 64

Firmware Cybersecurity 64

The Hacker News

DECEMBER 30, 2021

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.

Firmware 144

Firmware Technology Malware Cybersecurity 144

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Follow SecureWorld News for more stories related to cybersecurity.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” The foundation of Silicon Valley was set, and today comparable technology development pieces are being laid in Maryland on the cybersecurity front.

Cybersecurity 193

Cybersecurity Computers and Electronics Technology Marketing 193

SecureWorld News

OCTOBER 31, 2024

From zombie botnets to phishing phantoms, these threats might sound like campfire tales, but they're some of the most sinister forces in cybersecurity today. Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns.

IoT 119

IoT Phishing DDOS Backups 119

Penetration Testing

JULY 25, 2024

could allow remote attackers... The post HPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update appeared first on Cybersecurity News. This vulnerability, rated with a severity score of 9.8,

Firmware 67

Firmware Cybersecurity 67

The Hacker News

JANUARY 7, 2025

Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.

Firmware 124

Firmware Malware Cybersecurity 124

Penetration Testing

AUGUST 10, 2024

The vulnerabilities, tracked under CVE-2024-39225 through CVE-2024-39229 and CVE-2024-3661, expose users to severe... The post GL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates Required appeared first on Cybersecurity News.

Firmware 70

Firmware Cybersecurity 70

Security Affairs

FEBRUARY 18, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Firewall 64

Firewall Firmware Authentication VPN 64

The Hacker News

JUNE 20, 2024

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors.

Firmware 142

Firmware Mobile Cybersecurity 142

CyberSecurity Insiders

JULY 16, 2021

SonicWall that offers next generation firewalls and various Cybersecurity solutions has announced that its customers using certain products are at a risk of being cyber attacked with ransomware. x firmware is going to reach its EOL aka End of Life. x firmware is going to reach its EOL aka End of Life.

Ransomware 145

Ransomware Firmware Cyber Attacks Firewall 145