Kali Linux

JANUARY 21, 2024

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. non-free-firmware is already enabled in your sources.list.

Firmware 119

Firmware 119

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 139

Firmware Mobile Technology Hacking 139

Tech Republic Security

MARCH 14, 2023

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates. The post Attack campaign on edge appliance: undetected since 2021 and resists firmware update appeared first on TechRepublic.

Firmware 153

Firmware Cybersecurity 153

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 141

Firmware Telecommunications System Administration Malware 141

The Hacker News

JUNE 13, 2024

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

Firmware 136

Firmware 136

Schneier on Security

DECEMBER 17, 2024

By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.

Firmware 190

Firmware Hacking Software 190

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Penetration Testing

MARCH 8, 2024

Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8)

Firmware 142

Firmware Penetration Testing Risk 142

The Hacker News

OCTOBER 5, 2023

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 142

Firmware 142

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Conclusions.

Firmware 145

Firmware DNS Malware Technology 145

Penetration Testing

SEPTEMBER 30, 2024

Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware 136

Firmware Risk Cybersecurity 136

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 131

Firmware Spyware Hacking Information Security 131

The Hacker News

DECEMBER 13, 2024

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity.

Firmware 104

Firmware 104

Troy Hunt

OCTOBER 2, 2020

This week there's all the above and, on a more personal note, my relationship with Charlotte. References My shoes are connected!

Firmware 320

Firmware Phishing Accountability 320

Schneier on Security

NOVEMBER 10, 2021

The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 320

Hacking Firmware Engineering Software 320

Dark Reading

SEPTEMBER 27, 2023

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.

Firmware 131

Firmware 131

Schneier on Security

JULY 26, 2024

In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

Firmware 320

Firmware Encryption Manufacturing Passwords 320

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 137

Firmware Firewall Internet Internet 137

Schneier on Security

MAY 18, 2022

t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.

Malware 311

Malware Firmware Encryption Risk 311

Schneier on Security

JULY 1, 2019

government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. that reduced the randomness of the cryptographic keys it generates.

Firmware 254

Firmware Passwords Government Encryption 254

Bleeping Computer

JANUARY 14, 2024

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [.]

Firmware 108

Firmware Software Mobile 108

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 359

Firmware Passwords Internet Internet 359

Schneier on Security

JUNE 20, 2019

Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials.

Firmware 241

Firmware Hacking Manufacturing Banking 241

Schneier on Security

AUGUST 22, 2022

“Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. . “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […]. Luck held out, in a way. “

Encryption 351

Encryption Firmware Manufacturing Software 351

Penetration Testing

SEPTEMBER 30, 2024

These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware 117

Firmware Technology Cybersecurity 117

Schneier on Security

MARCH 9, 2023

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. The malware also adds a backdoor root user to the mounted file.

Malware 234

Malware Firmware Backups 234

Bleeping Computer

MARCH 7, 2024

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [.]

Firmware 104

Firmware 104

Penetration Testing

JULY 11, 2024

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware 117

Firmware Wireless Risk Cybersecurity 117

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall 283

Firewall Firmware VPN IoT 283

Schneier on Security

JULY 11, 2019

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions : Start with your bulb off for at least 5 seconds.

Firmware 256

Firmware Software 256

Schneier on Security

JULY 21, 2020

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Hacking 218

Hacking Firmware 218

Penetration Testing

DECEMBER 3, 2024

JPCERT/CC, a Japanese cybersecurity organization, issued a warning that these vulnerabilities leave... The post I-O DATA Routers Under Attack: Urgent Firmware Update Needed! Multiple vulnerabilities have been discovered in I-O DATA routers UD-LT1 and UD-LT1/EX, and active exploitation is already underway.

Firmware 78

Firmware Cybersecurity 78

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 356

IoT Firmware Risk Encryption 356

Schneier on Security

NOVEMBER 6, 2023

The capabilities generally required expensive SDRs­—short for software-defined radios­—that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal transmissions and receptions.

Firmware 311

Firmware Hacking Software 311

Schneier on Security

MARCH 8, 2023

These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.

Malware 266

Malware Firmware Software Hacking 266

The Last Watchdog

AUGUST 26, 2024

The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware 100

Firmware IoT Manufacturing Cyber Risk 100

Troy Hunt

JULY 13, 2021

Almost - there's still that cloud dependency and there's really only 2 ways around that: Control the existing device locally with the original firmware Flash the device with 3rd party firmware that supports local control Let's explore these more starting with the first option because it feels like the most low-friction path.

Internet 358

Internet Internet IoT Firmware 358