Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware 145

Firmware Cybersecurity Encryption Financial Services 145

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 139

Firmware Mobile Technology Hacking 139

Schneier on Security

NOVEMBER 6, 2023

The Flipper Zero is an incredibly versatile hacking device. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups.

Firmware 311

Firmware Hacking Software 311

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 141

Firmware Telecommunications System Administration Malware 141

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145

Firmware Mobile Malware Retail 145

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The three buffer overflow vulnerabilities in UEFI firmware, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, were discovered by researchers from ESET. SecurityAffairs – hacking, Lenovo).

Firmware 143

Firmware Hacking Technology Information Security 143

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. SecurityAffairs – hacking, iLOBleed). ” reads the report published by the expers.

Firmware 145

Firmware Malware System Administration Technology 145

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 131

Firmware Spyware Hacking Information Security 131

Schneier on Security

AUGUST 20, 2024

This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.

Wireless 275

Wireless Hacking Internet Internet 275

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware 139

Firmware Architecture Internet Internet 139

Malwarebytes

NOVEMBER 10, 2021

Fa i l0verflow , the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen , a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks. A root key is used to decrypt and reverse engineer the console’s firmware.

Hacking 141

Hacking Firmware Retail Engineering 141

Security Affairs

NOVEMBER 16, 2021

Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel disclosed two high-severity vulnerabilities that affect the BIOS firmware in several processor families, both vulnerabilities have received a CVSS v3 score of 8.2.

Firmware 131

Firmware Hacking Risk 131

Krebs on Security

JULY 2, 2021

Researchers Radek Domanski and Pedro Ribeiro originally planned to present their findings at the Pwn2Own hacking competition in Tokyo last year. That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device.

Firmware 359

Firmware Passwords Internet Internet 359

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 137

Firmware Firewall Internet Internet 137

Schneier on Security

JUNE 28, 2021

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.

Firmware 296

Firmware Retail Hacking Ransomware 296

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware 113

Firmware Hacking Information Security 113

Security Affairs

JANUARY 15, 2024

. “The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SonicWall)

Firewall 145

Firewall Hacking Firmware Internet 145

Security Affairs

NOVEMBER 9, 2024

As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. CVE-2024-8356 : Unsigned code vulnerability in VIP MCU, allowing unauthorized firmware uploads that could impact vehicle subsystems. ” concludes the report.

Hacking 136

Hacking Firmware Software Manufacturing 136

Schneier on Security

MARCH 8, 2023

These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.

Malware 266

Malware Firmware Software Hacking 266

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 137

Hacking Firmware IoT Internet 137

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. score of 6.8.

Hacking 141

Hacking Firmware Encryption Manufacturing 141

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT 356

IoT Firmware Risk Manufacturing 356

Troy Hunt

JULY 13, 2021

Almost - there's still that cloud dependency and there's really only 2 ways around that: Control the existing device locally with the original firmware Flash the device with 3rd party firmware that supports local control Let's explore these more starting with the first option because it feels like the most low-friction path.

Internet 358

Internet Internet IoT Firmware 358

Security Affairs

MAY 19, 2021

Anyway, the experts didn’t find a way to compromise the T-Box, they only demonstrated how to send arbitrary CAN messages from T-Box and bypass the code signing mechanism to fash a custom SH2A MCU firmware by utilizing a vulnerability in SH2A firmware on a debug version T-Box. SecurityAffairs – hacking, Mercedes).

Hacking 139

Hacking Firmware Engineering Software 139

Schneier on Security

MAY 12, 2020

All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summer­or the virtual conference that may replace it. "All

Firmware 252

Firmware Manufacturing Encryption Hacking 252

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking 131

Hacking Firmware Internet Internet 131

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware 98

Firmware Encryption Government Malware 98

Security Affairs

MAY 28, 2021

Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices. The flaw impacts SIMATIC S7-1200 and S7-1500 CPUs, the vendor has already released firmware updates for the impacted systems. SecurityAffairs – hacking, Siemens PLCs).

Hacking 145

Hacking Firmware Cybersecurity Engineering 145

Security Affairs

AUGUST 16, 2024

The “Showcase.apk” package, developed by Smith Micro, is part of the firmware image on millions of Android Pixel phones, potentially enhancing sales in Verizon stores. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices.

Hacking 145

Hacking Firmware Mobile Penetration Testing 145

Zero Day

SEPTEMBER 11, 2024

After three years of development, the portable hacking tool gets its first major firmware update - to version 1.0!

Firmware 75

Firmware Hacking 75

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking 125

Hacking IoT Firmware Cybersecurity 125

Security Affairs

JANUARY 22, 2021

Experts also published a video PoC of the KindleDRIP exploit chain on a new Kindle 10 running firmware version 5.13.2. SecurityAffairs – hacking, KindleDRIP). The post KindleDrip exploit – Hacking a Kindle device with a simple email appeared first on Security Affairs. Pierluigi Paganini.

Hacking 145

Hacking Authentication Firmware Phishing 145

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall 145

Firewall VPN Firmware Passwords 145

Security Affairs

MARCH 24, 2022

A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. Pierluigi Paganini.

Hacking 122

Hacking Firmware Internet Internet 122

Security Affairs

JUNE 25, 2024

The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0

Firmware 131

Firmware Hacking Cybercrime Information Security 131

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40 The manufacturer released firmware updates addressing these flaws.” used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63.”

Firmware 128

Firmware Manufacturing Healthcare IoT 128

Bleeping Computer

MAY 16, 2023

A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to attack European foreign affairs organizations. [.]

Firmware 113

Firmware Malware Hacking 113