Penetration Testing

MARCH 19, 2025

Synology has updated its security advisories to disclose details of a critical vulnerability affecting its camera firmware. The The post CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware appeared first on Cybersecurity News.

Firmware 121

Firmware Cybersecurity 121

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. XR1000v2, the issue was fixed in firmware version 1.1.0.22 XR1000v2, the issue was fixed in firmware version 1.1.0.22 Click Downloads.

Firmware 108

Firmware Authentication Hacking Information Security 108

Schneier on Security

JULY 28, 2022

From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.

Firmware 339

Firmware Software Malware 339

Tech Republic Security

MARCH 14, 2023

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates. The post Attack campaign on edge appliance: undetected since 2021 and resists firmware update appeared first on TechRepublic.

Firmware 154

Firmware Cybersecurity 154

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 133

Firmware Mobile Technology Hacking 133

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

The Hacker News

JUNE 13, 2024

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

Firmware 131

Firmware 131

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 135

Firmware Telecommunications System Administration Malware 135

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40 The manufacturer released firmware updates addressing these flaws.” ” reads the analysis published by GreyNoise.

Firmware 120

Firmware Manufacturing IoT Healthcare 120

The Hacker News

JANUARY 23, 2025

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News.

Firmware 142

Firmware Firewall 142

Security Affairs

JANUARY 8, 2025

” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.”

Firewall 113

Firewall Firmware VPN Authentication 113

Schneier on Security

NOVEMBER 10, 2021

The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 350

Hacking Firmware Engineering Software 350

The Hacker News

OCTOBER 5, 2023

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 136

Firmware 136

Security Affairs

OCTOBER 22, 2024

. “By interacting with the IOCTL M2M1SHOT_IOC_PROCESS , the driver which provides hardware acceleration for media functions like JPEG decoding and image scaling may map the userspace pages to I/O pages, execute a firmware command and tear down mapped I/O pages.” ” continues Google Project Zero.

Firmware 144

Firmware Mobile Spyware Media 144

Troy Hunt

OCTOBER 2, 2020

This week there's all the above and, on a more personal note, my relationship with Charlotte. References My shoes are connected!

Firmware 333

Firmware Phishing Accountability 333

Schneier on Security

JULY 26, 2024

In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

Firmware 338

Firmware Encryption Manufacturing Passwords 338

Schneier on Security

JULY 1, 2019

government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. that reduced the randomness of the cryptographic keys it generates.

Firmware 274

Firmware Passwords Government Encryption 274

Schneier on Security

NOVEMBER 6, 2018

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. EDITED TO ADD: The NSA is known to attack firmware of SSDs.

Encryption 269

Encryption Firmware Advertising Software 269

Schneier on Security

JUNE 20, 2019

Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials.

Firmware 266

Firmware Hacking Manufacturing Banking 266

Penetration Testing

SEPTEMBER 30, 2024

Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware 127

Firmware Risk Cybersecurity 127

Schneier on Security

MARCH 9, 2023

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. The malware also adds a backdoor root user to the mounted file.

Malware 261

Malware Firmware Backups 261

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Researchers from firmware security firm Binarly now report that Bootkitty Linux UEFI bootkit exploits the LogoFAIL flaw CVE-2023-40238 to compromise systems running on vulnerable firmware.

Firmware 106

Firmware Manufacturing Malware Authentication 106

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 123

Firmware Spyware Hacking Information Security 123

Kali Linux

JANUARY 21, 2024

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. non-free-firmware is already enabled in your sources.list.

Firmware 104

Firmware 104

Penetration Testing

MARCH 8, 2024

Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8)

Firmware 139

Firmware Penetration Testing Risk 139

Schneier on Security

MAY 18, 2022

t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.

Malware 311

Malware Firmware Encryption Risk 311

Krebs on Security

JULY 2, 2021

That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device. A statement published on its support site March 12, 2021 says the company will no longer provide further security updates to the MyCloud OS 3 firmware.

Firmware 362

Firmware Passwords Internet Internet 362

Security Affairs

JANUARY 17, 2025

The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions.

Firmware 107

Firmware Technology Software Manufacturing 107

Schneier on Security

JULY 21, 2020

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Hacking 240

Hacking Firmware 240

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 129

Firmware Firewall Internet Internet 129

Schneier on Security

JULY 11, 2019

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions : Start with your bulb off for at least 5 seconds.

Firmware 274

Firmware Software 274

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall 302

Firewall Firmware VPN IoT 302

The Hacker News

DECEMBER 13, 2024

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity.

Firmware 106

Firmware 106

Schneier on Security

AUGUST 22, 2022

“Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. . “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […]. Luck held out, in a way. “

Encryption 349

Encryption Firmware Manufacturing Software 349

Security Affairs

JANUARY 31, 2025

“This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. ” The vulnerabilities impact the following products: CMS8000 Patient Monitor: Firmware version smart3250-2.6.27-wlan2.1.7.cramfs cramfs CMS8000 Patient Monitor: Firmware version CMS7.820.075.08/0.74(0.75)

Firmware 93

Firmware Healthcare Cybersecurity Internet 93

Schneier on Security

NOVEMBER 6, 2023

The capabilities generally required expensive SDRs­—short for software-defined radios­—that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal transmissions and receptions.

Firmware 330

Firmware Hacking Software 330

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT 262

IoT Government Firmware Hacking 262