Firmware and Hacking - Cyber Security Informer

Hacking the Sony Playstation 5

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The two exploits are particularly notable due to the level of access they theoretically give to the PS5’s software.

Hacking

Hacking Firmware Engineering Software

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware

Firmware Mobile Technology Hacking

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware

Firmware Telecommunications System Administration Malware

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

Google fixed an actively exploited zero-day in the Pixel Firmware

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware

Firmware Spyware Hacking Information Security

Flipper Zero gets a big firmware upgrade, and some amazing new features

Zero Day

SEPTEMBER 11, 2024

After three years of development, the portable hacking tool gets its first major firmware update - to version 1.0!

Firmware

Firmware Hacking

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. CVE-2024-8356 : Unsigned code vulnerability in VIP MCU, allowing unauthorized firmware uploads that could impact vehicle subsystems. ” concludes the report.

Hacking

Hacking Firmware Software Manufacturing

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast.

Firmware

Firmware Hacking Internet Internet

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Locking down firmware. Starks Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks. telecoms by Chinese tech giant Huawei.

Firmware

Firmware Cybersecurity Technology Engineering

Hacking a Power Supply

Schneier on Security

JULY 21, 2020

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Hacking

Hacking Firmware

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The three buffer overflow vulnerabilities in UEFI firmware, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, were discovered by researchers from ESET. SecurityAffairs – hacking, Lenovo).

Firmware

Firmware Hacking Technology Information Security

Conti ransomware targeted Intel firmware for stealthy attacks

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware

Firmware Ransomware Cybercrime Hacking

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware

Firmware Cybersecurity Encryption Financial Services

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware

Firmware Firewall Internet Internet

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S.

Firmware

Firmware Hacking Software Surveillance

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. SecurityAffairs – hacking, iLOBleed). ” reads the report published by the expers.

Firmware

Firmware Malware System Administration Technology

Some firmware bugs in HP business devices are yet to be fixed

Security Affairs

SEPTEMBER 12, 2022

Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.

Firmware

Firmware Hacking Information Security

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Security Affairs

JULY 25, 2022

Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. SecurityAffairs – hacking, CosmicStrand).

Firmware

Firmware Malware Hacking Information Security

Exploiting embedded APIs by dumping firmware

Security Boulevard

FEBRUARY 14, 2023

Hack the hardware to find the firmware and swipe the source code of APIs under security testing. The post Exploiting embedded APIs by dumping firmware appeared first on Dana Epp's Blog. The post Exploiting embedded APIs by dumping firmware appeared first on Security Boulevard.

Firmware

Firmware Hacking

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. SecurityAffairs – hacking, EUFI firmware). Pierluigi Paganini.

Firmware

Firmware Manufacturing Malware Hacking

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. In most recent attacks observed by Check Point, the threat actors employed custom firmware implant designed explicitly for TP-Link routers. ” reads the report published by Check point.

Firmware

Firmware Encryption Government Malware

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Firmware

Firmware Engineering Ransomware Malware

Hacking Wireless Bicycle Shifters

Schneier on Security

AUGUST 20, 2024

This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.

Wireless

Wireless Hacking Internet Internet

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Hacking Hardware Security Modules

Schneier on Security

JUNE 20, 2019

Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials.

Firmware

Firmware Hacking Manufacturing Banking

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

JANUARY 15, 2024

. “The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SonicWall)

Firewall

Firewall Hacking Firmware Internet

Intel addresses 2 high-severity issues in BIOS firmware of several processors

Security Affairs

NOVEMBER 16, 2021

Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel disclosed two high-severity vulnerabilities that affect the BIOS firmware in several processor families, both vulnerabilities have received a CVSS v3 score of 8.2.

Firmware

Firmware Hacking Risk

Security News in Review: Google’s Project Zero Shuts Down Counterterrorist Hacking Team; Enterprises See Rise in Firmware Attacks

Security Boulevard

APRIL 3, 2021

This weekend on security news in review, we have some new data on firmware attacks against global enterprises, insights into how much damage ransomware has caused the healthcare industry, and the Department of Homeland Security laying out a new cybersecurity strategy. .

Firmware

Firmware Hacking Healthcare Ransomware

Crashing iPhones with a Flipper Zero

Schneier on Security

NOVEMBER 6, 2023

The Flipper Zero is an incredibly versatile hacking device. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups.

Firmware

Firmware Hacking Software

Playstation 5 hacked—twice!

Malwarebytes

NOVEMBER 10, 2021

Fa i l0verflow , the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen , a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks. A root key is used to decrypt and reverse engineer the console’s firmware.

Hacking

Hacking Firmware Retail Engineering

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Security Affairs

MARCH 9, 2022

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The most severe of the vulnerabilities discovered by the researchers are memory corruption issues affecting the System Management Mode (SMM) of the firmware.

Firmware

Firmware Hacking Technology Cybersecurity

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March.

Firmware

Firmware Hacking Cybersecurity Internet

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

The “Showcase.apk” package, developed by Smith Micro, is part of the firmware image on millions of Android Pixel phones, potentially enhancing sales in Verizon stores. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices.

Hacking

Hacking Firmware Mobile Penetration Testing

CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack

Security Affairs

JANUARY 27, 2023

Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560, that impacts more than 100 printer models.

Hacking

Hacking Firmware

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

Security Affairs

OCTOBER 4, 2022

North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell firmware driver dbutil_2_3.sys, SecurityAffairs – hacking, Lazarus).

Firmware

Firmware Malware Phishing Hacking

SonicWall releases second firmware updates for SMA 100 vulnerability

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. Early February, SonicWall released the first firmware updates (version 10.2.0.5-29sv)

Firmware

Firmware Mobile Hacking Information Security

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT

IoT Government Firmware Hacking

SecTor Episode MMXXI: Return of The Hack Lab

Security Boulevard

OCTOBER 10, 2021

I’m happy to announce that arrangements have now been finalized for the Tripwire team to return for the Tripwire VERT Hack Lab at the MTCC! We will be bringing some new hardware devices as well as a new virtualized hack target. This new virtual target, an ASUS DSL modem with recent firmware, can be compromised […]… Read More.

Hacking

Hacking Firmware

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. his majesty, the Firmware).

IoT

IoT Hacking Firmware Advertising

Hacking the Sony Playstation 5

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Trending Sources

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Android devices shipped with backdoored firmware as part of the BADBOX network

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Google fixed an actively exploited zero-day in the Pixel Firmware

Flipper Zero gets a big firmware upgrade, and some amazing new features

Mazda Connect flaws allow to hack some Mazda vehicles

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Hacking a Power Supply

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Conti ransomware targeted Intel firmware for stealthy attacks

Firmware attacks, a grey area in cybersecurity of organizations

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Some firmware bugs in HP business devices are yet to be fixed

CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China?

Exploiting embedded APIs by dumping firmware

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Hacking Wireless Bicycle Shifters

Western Digital customers have to update their My Cloud devices to latest firmware version

Hacking Hardware Security Modules

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Intel addresses 2 high-severity issues in BIOS firmware of several processors

Security News in Review: Google’s Project Zero Shuts Down Counterterrorist Hacking Team; Enterprises See Rise in Firmware Attacks

Crashing iPhones with a Flipper Zero

Playstation 5 hacked—twice!

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

QNAP urges users to update NAS firmware and app to prevent infections

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

SonicWall releases second firmware updates for SMA 100 vulnerability

Hikvision cameras could be remotely hacked due to critical flaw

Japanese Government Will Hack Citizens' IoT Devices

SecTor Episode MMXXI: Return of The Hack Lab

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Over 80,000 Hikvision cameras can be easily hacked

Hacking IoT & RF Devices with BürtleinaBoard

Stay Connected