article thumbnail

New Windows/Linux Firmware Attack

Schneier on Security

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure (..)

Firmware 322
article thumbnail

The great non-free-firmware transition

Kali Linux

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. non-free-firmware is already enabled in your sources.list.

Firmware 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware

Penetration Testing

Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware 136
article thumbnail

BTS #39 – The Art of Firmware Scraping – Edwin Shuttleworth

Security Boulevard

In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The post BTS #39 – The Art of Firmware Scraping – Edwin Shuttleworth appeared first on Security Boulevard.

article thumbnail

Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks

Penetration Testing

Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W.

article thumbnail

Security Vulnerabilities in Android Firmware

Schneier on Security

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. And since they're firmware bugs, in many cases there is no ability to patch them. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker.

Firmware 224
article thumbnail

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware 100