Firmware and Penetration Testing - Cyber Security Informer

I-O DATA Routers Under Attack: Urgent Firmware Update Needed!

Penetration Testing

DECEMBER 3, 2024

JPCERT/CC, a Japanese cybersecurity organization, issued a warning that these vulnerabilities leave... The post I-O DATA Routers Under Attack: Urgent Firmware Update Needed! Multiple vulnerabilities have been discovered in I-O DATA routers UD-LT1 and UD-LT1/EX, and active exploitation is already underway.

Firmware

Firmware Cybersecurity

Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update

Penetration Testing

MARCH 8, 2024

Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8)

Firmware

Firmware Penetration Testing Risk

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords. I am interested in the results of this survey.

IoT

IoT Government Firmware Hacking

CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware

Penetration Testing

MARCH 19, 2025

Synology has updated its security advisories to disclose details of a critical vulnerability affecting its camera firmware. The The post CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity

How to Maximize the Value of Penetration Tests

eSecurity Planet

JUNE 23, 2023

All organizations should perform penetration tests, yet many worry about not receiving the full value of their investment. Organizations have two choices: perform penetration tests with their internal teams, or hire an external vendor and find ways to lower costs.

Penetration Testing

Penetration Testing Social Engineering Risk Data breaches

Urgent Firmware Alert: NVIDIA Tackles Critical DGX A100/H100 Flaws

Penetration Testing

JANUARY 14, 2024

Recently, NVIDIA has released a crucial firmware security update for its advanced computing systems, the DGX A100 and H100.

Firmware

Firmware Penetration Testing

Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware

Penetration Testing

SEPTEMBER 30, 2024

Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware

Firmware Risk Cybersecurity

Secret Backdoors Found in German-made Auerswald VoIP System

The Hacker News

DECEMBER 21, 2021

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

Penetration Testing

Penetration Testing Firmware Telecommunications Manufacturing

CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks

Penetration Testing

APRIL 6, 2024

A serious vulnerability has been uncovered in Brocade Fabric OS, the firmware used by popular Fibre Channel switches found in numerous enterprise data centers.

Penetration Testing

Penetration Testing Firmware

LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions at Risk

Penetration Testing

DECEMBER 1, 2023

Numerous security vulnerabilities collectively known as LogoFAIL enable malefactors to interfere with the booting process of computer devices and implant bootkits, owing to issues related to image analysis components used by motherboard manufacturers for... The post LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions (..)

Firmware

Firmware Penetration Testing Risk Manufacturing

Intel Unveils 34 New Security Vulnerabilities: Urgent Thunderbolt Updates Required

Penetration Testing

FEBRUARY 19, 2024

Recently, Intel disclosed a total of 34 security vulnerabilities, encompassing 32 software issues and 2 firmware issues.

Penetration Testing

Penetration Testing Firmware Software

PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised

Penetration Testing

SEPTEMBER 30, 2024

These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware

Firmware Technology Cybersecurity

Firmware Guide for Pen Testers

Security Boulevard

AUGUST 13, 2024

Introduction Penetration tests come in many different varieties with the scope varying from all-inclusive to highly specific. When the penetration testing engagement includes devices there is an opportunity to both highlight weaknesses and weaponize the firmware.

Firmware

Firmware Penetration Testing

CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development

Penetration Testing

JULY 11, 2024

The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.

Firmware

Firmware Wireless Risk Cybersecurity

Cisco IP Phones Exposed: Vulnerabilities Allow Hackers to Disrupt, Spy, and Even Make Calls

Penetration Testing

MAY 2, 2024

Cisco has issued a security advisory highlighting multiple vulnerabilities in the firmware of several IP Phone models that could allow unauthenticated, remote attackers to engage in detrimental activities ranging from denial of service (DoS)... The post Cisco IP Phones Exposed: Vulnerabilities Allow Hackers to Disrupt, Spy, and Even Make (..)

Penetration Testing

Penetration Testing Firmware

Hikvision Patches Security Flaw in Network Cameras, Preventing Cleartext Credential Transmission

Penetration Testing

OCTOBER 31, 2024

Hikvision, a leading provider of network cameras and surveillance systems, has released firmware updates to address a security vulnerability that could expose users’ Dynamic DNS credentials.

Firmware

Firmware DNS Surveillance Cybersecurity

Critical Vulnerabilities Found in Popular Smart Locks

Penetration Testing

MARCH 8, 2024

Kontrol and Elock locks, both utilizing firmware from the company Sciener, have been found riddled with... The post Critical Vulnerabilities Found in Popular Smart Locks appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Firmware Technology

Cisco ATA 190 Series Analog Telephone Adapter Firmware Flaws Exposed: Patch Now!

Penetration Testing

OCTOBER 17, 2024

Cisco has recently disclosed a series of high-severity vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter firmware, including both on-premises and multiplatform variants. These vulnerabilities present a significant... The post Cisco ATA 190 Series Analog Telephone Adapter Firmware Flaws Exposed: Patch Now!

Firmware

Firmware Cybersecurity

Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238)

Penetration Testing

DECEMBER 1, 2024

This new threat exploits the LogoFAIL vulnerability (CVE-2023-40238), a UEFI firmware flaw,... The post Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238) appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity Malware

Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks

Penetration Testing

OCTOBER 18, 2024

Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W.

Firmware

Firmware Cybersecurity

Critical Vulnerabilities Found in Phoenix Contact Charging Controllers

Penetration Testing

MARCH 14, 2024

Industrial automation leader Phoenix Contact has issued an urgent security alert regarding multiple critical vulnerabilities discovered within the firmware of their CHARX SEC charge controllers.

Penetration Testing

Penetration Testing Firmware

Critical Vulnerabilities Found in Sungrow iSolarCloud App and WiNet Firmware

Penetration Testing

MARCH 18, 2025

In a recent security advisory, the Cybersecurity and Infrastructure Security Agency (CISA) revealed multiple critical vulnerabilities impacting Sungrows The post Critical Vulnerabilities Found in Sungrow iSolarCloud App and WiNet Firmware appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity

EFF Discovers Corejava Malware Embedded in Dragon Touch KidzPad Y88X 10 Devices

Penetration Testing

NOVEMBER 21, 2023

Researchers from the Electronic Frontier Foundation (EFF) have discovered that the firmware of the popular U.S.-based

Penetration Testing

Penetration Testing Malware Firmware

Protect Your Network: Zyxel Issues Firmware Updates

Penetration Testing

DECEMBER 3, 2024

Zyxel Networks has released firmware updates to address multiple vulnerabilities affecting a range of its networking products, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, fiber ONTs, and WiFi extenders. The... The post Protect Your Network: Zyxel Issues Firmware Updates appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity

efiXplorer v6.0 releases: IDA plugin for UEFI firmware analysis and reverse engineering automation

Penetration Testing

JULY 7, 2020

efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: every time we focus on the last versions of IDA and Decompiler because trying to use the most... The post efiXplorer v6.0

Firmware

Firmware Engineering Penetration Testing

HPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update

Penetration Testing

JULY 25, 2024

could allow remote attackers... The post HPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update appeared first on Cybersecurity News. A critical security vulnerability, CVE-2021-38578, has been discovered in a wide range of HPE ProLiant, Alletra, Synergy, Apollo, and Edgeline servers.

Firmware

Firmware Cybersecurity

GL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates Required

Penetration Testing

AUGUST 10, 2024

The vulnerabilities, tracked under CVE-2024-39225 through CVE-2024-39229 and CVE-2024-3661, expose users to severe... The post GL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates Required appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

The “Showcase.apk” package, developed by Smith Micro, is part of the firmware image on millions of Android Pixel phones, potentially enhancing sales in Verizon stores. The app is preinstalled in Pixel firmware and included in Google’s OTA updates for Pixel devices. . ” concludes the report.

Hacking

Hacking Firmware Mobile Penetration Testing

How Hackers Use Reconnaissance – and How to Protect Against It

eSecurity Planet

APRIL 18, 2022

Also read: Best Penetration Testing Tools. Top Open Source Penetration Testing Tools. Antivirus and EDR tools, SIEM systems (security information and event management), security vendors, software, hardware, firmware, and operating systems. What Data Do Hackers Collect? Financial data and intellectual property.

Penetration Testing

Penetration Testing DNS Firmware Antivirus

emba v1.3.2 releases: analyzer for Linux-based firmware of embedded devices

Penetration Testing

MARCH 28, 2021

emba, an analyzer for Linux-based firmware of embedded devices Why? emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. releases: analyzer for Linux-based firmware of embedded devices appeared first on Penetration Testing.

Firmware

Firmware Penetration Testing IoT

ME Analyzer v1.304.4 r338 releases: Intel Engine Firmware Analysis Tool

Penetration Testing

AUGUST 26, 2019

ME Analyzer is a tool which parses Intel Engine firmware images from the Converged Security Management Engine, Converged Security Trusted Execution Engine, Converged Security Server Platform Services, Management Engine, Trusted Execution Engine & Server... The post ME Analyzer v1.304.4

Firmware

Firmware Engineering Penetration Testing

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The backdoors were discovered as part of penetration testing, they allow attackers to gain full administrative access to the impacted devices. The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A “Firmware Update 8.2B

Firmware

Firmware Manufacturing Passwords Penetration Testing

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. ” reads the advisory.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required

Penetration Testing

OCTOBER 10, 2024

Attackers are exploiting previously known vulnerabilities in the... The post Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity VPN

PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model

Penetration Testing

AUGUST 21, 2024

A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version (DUT-Wi-FiTestSuite-9.0.0).

Firmware

Firmware Cybersecurity

Multiple Critical Vulnerabilities Found in D-Link WiFi Routers: Immediate Firmware Updates Advised

Penetration Testing

SEPTEMBER 16, 2024

TWCERT/CC, Taiwan’s cybersecurity agency, has issued urgent advisories, urging users to update their firmware immediately... The post Multiple Critical Vulnerabilities Found in D-Link WiFi Routers: Immediate Firmware Updates Advised appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity

Patch Management vs Vulnerability Management: What’s the Difference?

eSecurity Planet

APRIL 28, 2023

Third-party vendor systems include Operating Systems (OS), firmware (software installed on hardware), and applications. Vulnerability management uses periodic, proactive testing to locate new vulnerabilities and continuously tracks older vulnerabilities. and installed software (browsers, accounting software, etc.),

Penetration Testing

Penetration Testing IoT Firmware Software

Stealthy UEFI Bootkit Targets Windows Kernel, Raising Security Concerns

Penetration Testing

DECEMBER 30, 2024

Security researchers NSG650 and Pdawg have unveiled a proof-of-concept UEFI bootkit that exploits a critical firmware function to compromise the Windows kernel during the boot process.

Firmware

Firmware Cybersecurity Malware

CVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade Server Allows for Firmware Poisoning

Penetration Testing

DECEMBER 9, 2024

OpenWrt, a popular open-source operating system for embedded devices, has disclosed a critical vulnerability (CVE-2024-54143) that could allow attackers to compromise the integrity of firmware updates delivered through its Attended... The post CVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade Server Allows for (..)

Firmware

Firmware Cybersecurity

CVE-2024-54085: AMI SPx Vulnerability Scores Critical CVSS 10

Penetration Testing

MARCH 12, 2025

AMI, a leading provider of BIOS and BMC firmware, has announced security advisories addressing multiple vulnerabilities affecting its The post CVE-2024-54085: AMI SPx Vulnerability Scores Critical CVSS 10 appeared first on Cybersecurity News.

Firmware

Firmware Cybersecurity

How Hackers Use Payloads to Take Over Your Machine

eSecurity Planet

NOVEMBER 18, 2021

This penetration testing can generate a payload and, above all, emulate incoming connections with the infected machine once the hacker is in. It can even attack the chip’s firmware and provide root access on the device, which gives more privileges and capabilities than the user. How to Protect against Payloads.

Penetration Testing

Penetration Testing Social Engineering Software Wireless

Canada revisits decision to ban Flipper Zero

Malwarebytes

MARCH 22, 2024

The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. Flipper Zero made headlines in October because versions running third-party firmware could be used to crash iPhones running iOS 17 (since resolved in iOS 17.2).

Penetration Testing

Penetration Testing Wireless Firmware Technology

ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8)

Penetration Testing

JUNE 16, 2024

ASUS has released an urgent firmware update to address a critical security vulnerability affecting seven of its router models. The flaw, tracked as CVE-2024-3080 with a CVSS v3.1 score of 9.8, allows unauthenticated remote... The post ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8)

Firmware

Firmware Cybersecurity

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

The Last Watchdog

SEPTEMBER 4, 2018

DeSanto: So before people did the simulated event in a lab setting, tied to a performance test, and so they were doing it as a spot check. It was done, for instance, while upgrading a device, to check to make sure the firmware didn’t have any bugs and that all the necessary signatures were in place, where needed. LW: Engagements?

Penetration Testing

Penetration Testing Firewall Data breaches Malware

I-O DATA Routers Under Attack: Urgent Firmware Update Needed!

Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update

Trending Sources

Japanese Government Will Hack Citizens' IoT Devices

CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware

How to Maximize the Value of Penetration Tests

Urgent Firmware Alert: NVIDIA Tackles Critical DGX A100/H100 Flaws

Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware

Secret Backdoors Found in German-made Auerswald VoIP System

CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks

LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions at Risk

Intel Unveils 34 New Security Vulnerabilities: Urgent Thunderbolt Updates Required

PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised

Firmware Guide for Pen Testers

CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development

Cisco IP Phones Exposed: Vulnerabilities Allow Hackers to Disrupt, Spy, and Even Make Calls

Hikvision Patches Security Flaw in Network Cameras, Preventing Cleartext Credential Transmission

Critical Vulnerabilities Found in Popular Smart Locks

Cisco ATA 190 Series Analog Telephone Adapter Firmware Flaws Exposed: Patch Now!

Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238)

Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks

Critical Vulnerabilities Found in Phoenix Contact Charging Controllers

Critical Vulnerabilities Found in Sungrow iSolarCloud App and WiNet Firmware

EFF Discovers Corejava Malware Embedded in Dragon Touch KidzPad Y88X 10 Devices

Protect Your Network: Zyxel Issues Firmware Updates

efiXplorer v6.0 releases: IDA plugin for UEFI firmware analysis and reverse engineering automation

HPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update

GL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates Required

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

How Hackers Use Reconnaissance – and How to Protect Against It

emba v1.3.2 releases: analyzer for Linux-based firmware of embedded devices

ME Analyzer v1.304.4 r338 releases: Intel Engine Firmware Analysis Tool

Experts found backdoors in a popular Auerswald VoIP appliance

HID Mercury Access Controller flaws could allow to unlock Doors

Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required

PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model

Multiple Critical Vulnerabilities Found in D-Link WiFi Routers: Immediate Firmware Updates Advised

Patch Management vs Vulnerability Management: What’s the Difference?

Stealthy UEFI Bootkit Targets Windows Kernel, Raising Security Concerns

CVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade Server Allows for Firmware Poisoning

CVE-2024-54085: AMI SPx Vulnerability Scores Critical CVSS 10

How Hackers Use Payloads to Take Over Your Machine

Canada revisits decision to ban Flipper Zero

ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8)

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

Stay Connected