eSecurity Planet

AUGUST 20, 2024

Third-Party Application Package Installed on Pixel Devices Type of vulnerability: Third-party application package installed on Pixel device firmware, with insufficient security controls. The problem: Mobile security vendor iVerify’s EDR product discovered an unsecured Android device at data analytics firm Palantir Technologies.

Authentication 108

Authentication Firmware Technology Software 108

eSecurity Planet

JUNE 24, 2024

Cybersecurity researchers discovered a buffer overflow flaw in Intel Core processor firmware causing Phoenix Technology to release patches. The fix: Immediately update your router firmware to the most recent versions offered by ASUS to mitigate these vulnerabilities. Over 147,000 routers are possibly susceptible.

Firmware 64

Firmware Passwords Software Risk 64

eSecurity Planet

AUGUST 13, 2024

If exploited, the vulnerability would allow a threat actor to execute their own code within the processor’s firmware using System Management Mode (SMM). This can happen even when SMM is locked. The threat actor must get there first before they can exploit this flaw; this could be part of the reason it hasn’t been heavily exploited.

Firmware 111

Firmware Software Wireless Security Defenses 111

eSecurity Planet

AUGUST 13, 2024

If exploited, the vulnerability would allow a threat actor to execute their own code within the processor’s firmware using System Management Mode (SMM). This can happen even when SMM is locked. The threat actor must get there first before they can exploit this flaw; this could be part of the reason it hasn’t been heavily exploited.

Firmware 105

Firmware Software Wireless Security Defenses 105

eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. Twelve drivers can subvert security mechanisms, while seven enable firmware erasure in SPI flash memory, rendering the system unbootable.

Software 114

Software Education Ransomware Firmware 114

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. Ivanti received a mention in last week’s recap , too, for its Connect Secure VPN and Policy Secure zero-days. EPMM versions 11.10, 11.9 are affected.

Authentication 116

Authentication Malware VPN Mobile 116

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

IoT 119

IoT Internet Internet Ransomware 119

eSecurity Planet

OCTOBER 24, 2023

Strengthen Router Security: Enhance your router’s security by changing default login credentials. Regularly update router firmware to patch vulnerabilities and close potential avenues of attack. It is critical to provide staff with a thorough grasp of cybersecurity risks in order to strengthen the company’s cyber defenses.

Malware 124

Malware Antivirus Software Passwords 124

eSecurity Planet

JULY 1, 2024

Apple AirPods Firmware Update Fixes Major Flaws Type of vulnerability: Authentication bypass. The fix: Apple issued firmware patches (6A326 for AirPods and 6F8 for Beats) to address the vulnerability and enhance state management. To avoid unwanted access, update your firmware immediately. affects the “ask” function.

Risk 64

Risk Authentication Firmware Software 64

eSecurity Planet

DECEMBER 10, 2023

It simplifies operations by lowering the chance of configuration conflicts and misconfigurations or oversights that could affect security. Automate Patches and Updates Ensure strong network security by automating regular updates of firewall firmware and installing security patches as soon as they become available.

Firewall 122

Firewall Network Security Backups Education 122

eSecurity Planet

SEPTEMBER 22, 2023

Barracuda started in the early 2000s with an appliance to provide email security and filter out SPAM. These one, three, and five year subscriptions provide enhanced support for the hardware, firmware maintenance, security updates, and optional participation in early-release firmware updates. Who is Barracuda?

Firewall 98

Firewall Marketing Firmware Technology 98

Security Boulevard

JUNE 23, 2022

Some risks specifically affecting IoT include : Built-in vulnerabilities : IoT devices are often shipped specifically for consumer use, without enterprise-grade encryption or security controls. To implement a Zero Trust strategy , organizations with mature cybersecurity programs use machine identity management. Related Posts.

IoT 98

IoT Social Engineering Firmware Risk 98

eSecurity Planet

FEBRUARY 21, 2024

Check the Firewall Hardware & Operating System After you’ve prepared all the documentation and know everyone’s roles, one of the early steps in a firewall audit process is a hardware and firmware check. Look at the hardware to see whether it fits your company’s standards and security requirements.

Firewall 116

Firewall Firmware Software Risk 116

eSecurity Planet

AUGUST 22, 2023

Cybersecurity can be difficult to implement, and to make matters worse, the security professionals needed to do it right are in short supply. Managed IT security service providers (MSSPs) make life easier for organizations by providing outsourced expertise and tools at a fraction of the cost, time, and trouble of doing it yourself.

Firewall 98

Firewall Telecommunications Penetration Testing Cybersecurity 98

eSecurity Planet

SEPTEMBER 2, 2024

The fix: Upgrade to SonicWall’s firmware updates for Gen 5 (to version 5.9.2.14-13o), Threat actors exploited this weakness to incorporate devices into botnets, affecting devices running firmware versions up to FullImg-1023-1007-1011-1009. 13o), Gen 6 (to version 6.5.4.15.116n), and Gen 7 (to any version above 7.0.1-5035).

Risk 59

Risk Firewall Firmware Engineering 59

eSecurity Planet

JUNE 10, 2024

Timothy Hjort discovered these vulnerabilities , which allow the execution of OS commands and the uploading of malicious files, compromising the security of affected devices. The fix: Zyxel issued firmware patches 5.21(AAZF.17)C0 17)C0 for NAS326 and 5.21(ABAG.14)C0 Users should apply these updates right away to protect their devices.

Malware 82

Malware Authentication Software Telecommunications 82

eSecurity Planet

JULY 8, 2024

To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. The fix: Traeger has enabled automated firmware updates for grills using the D2 Wi-Fi Controller. Update your routers to the most recent versions ( 5.6.15, 6.1.9-lts,

Risk 64

Risk Authentication Firmware Surveillance 64

SecureList

NOVEMBER 25, 2024

This year the cybersecurity community has also discovered several vulnerabilities in MFT systems that are being exploited in the wild. However, this year the cybersecurity community was much better prepared to counter attacks on MFT systems, so the consequences of attacks involving these vulnerabilities have not been as drastic as last year.

IoT 115

IoT Energy and Utilities Phishing Cryptocurrency 115

eSecurity Planet

APRIL 30, 2024

Set Secure Firewall Rules & ACLs To prevent unwanted access and ensure effective traffic management, secure your firewall through updating firmware to resolve vulnerabilities and adopting proper configurations prior to installing firewalls in production. Sample Windows Defender Firewall prompts for firewall activation 2.

Firewall 64

Firewall Architecture Firmware Risk 64

eSecurity Planet

MAY 20, 2024

Note that some DIR-600 devices are end of life, so D-Link won’t release any firmware updates for these. CVE-2021-40655 is an information disclosure vulnerability that allows an attacker to forge a request and steal credentials; it affects DIR-605 routers.

VPN 64

VPN Firmware Malware Software 64

eSecurity Planet

MAY 27, 2024

Immediately update your QNAP devices to the most recent firmware to mitigate these issues. The fix: QNAP has released an emergency upgrade ( QTS 5.1.7.2770 version 20240520 ) that addresses CVE-2024-27130 and other issues. Check for future updates and be cautious while sharing download links to avoid exploitation.

Backups 69

Backups Authentication DDOS Engineering 69

eSecurity Planet

DECEMBER 7, 2023

Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. This feature can be included in firmware, in operating systems, or as a feature in open-source, shareware, or commercial applications. It was updated by Chad Kime on December 7, 2023.

Encryption 111

Encryption Passwords Authentication Password Management 111

eSecurity Planet

SEPTEMBER 11, 2023

The fix: ASUS released firmware updates to address the vulnerabilities. Attackers target certain administrative API functions on these devices using specially crafted input. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

VPN 116

VPN Authentication Firmware Phishing 116