article thumbnail

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Security Affairs

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. ” concludes the report.

Firmware 130
article thumbnail

Hacking the Sony Playstation 5

Schneier on Security

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The two exploits are particularly notable due to the level of access they theoretically give to the PS5’s software.

Hacking 308
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The state-sponsored hackers was observed using a custom firmware backdoor which was enabled and disabled by sending specially crafted TCP or UDP packets to the devices.

Firmware 135
article thumbnail

Google fixed an actively exploited zero-day in the Pixel Firmware

Security Affairs

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 122
article thumbnail

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware 144
article thumbnail

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 145
article thumbnail

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. All the vulnerable devices are running end-of-life (EOL) firmware.

Firmware 126