Firmware and Whitepaper - Cyber Security Informer

New Windows/Linux Firmware Attack

Schneier on Security

DECEMBER 12, 2023

“Once arbitrary code execution is achieved during the DXE phase, it’s game over for platform security,” researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper.

Firmware

Firmware Manufacturing Internet Internet

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Malwarebytes

AUGUST 23, 2022

However, according to a whitepaper published by CYFIRMA , tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update, and are therefore vulnerable to exploitation. The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021.

Firmware

Firmware Internet Internet VPN

ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Security Affairs

DECEMBER 1, 2018

In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices. Experts recommend users to install routers update and patched firmware to mitigate the threat.

Hacking

Hacking Internet Internet Advertising

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices. ” Experts suggest disabling the UPnP feature if possible to prevent abuses and are uring users of running firmware up to date.

Cyber Attacks

Cyber Attacks Advertising Firmware Data collection

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices. Experts recommend users installing routers update and patched firmware to mitigate the threat.

Internet

Internet Internet Firmware Hacking

How to ensure security and trust in connected cars

CyberSecurity Insiders

MARCH 16, 2021

This includes securing the firmware and software applications of the car using public key infrastructure (PKI) among other tools, key management services and identity issuance. Find out more about vehicle connectivity and cybersecurity in this automotive whitepaper.

Manufacturing

Manufacturing IoT Technology Cybersecurity

Private AI For All: Our End-To-End Approach to AI Privacy on Android

Google Security

AUGUST 13, 2024

This ensures anyone can rebuild the trusted firmware base and verify that the resulting binaries match what is remotely attested as running in production and published in public transparency logs. Keep a lookout for more information about our end-to-end approach to AI privacy in an upcoming whitepaper.

Artificial Intelligence

Artificial Intelligence Technology Engineering Firmware

A Spectre proof-of-concept for a Spectre-proof web

Google Security

MARCH 12, 2021

In 2019, the team responsible for V8, Chrome’s JavaScript engine, published a blog post and whitepaper concluding that such attacks can’t be reliably mitigated at the software level. While the CPU state is rolled back once the misprediction is noticed, this behavior leaves observable side effects which can leak data to an attacker.

Engineering

Engineering Architecture Software Firmware

Address Sanitizer for Bare-metal Firmware

Google Security

MARCH 26, 2024

Posted by Eugene Rodionov and Ivan Lozano, Android Team With steady improvements to Android userspace and kernel security, we have noticed an increasing interest from security researchers directed towards lower level firmware. Despite the narrow application implied by its name, KASan is applicable to a wide-range of firmware targets.

Firmware

Firmware Accountability

Back to the Fuzz: Fuzzing for Command Injections

ForAllSecure

MARCH 2, 2021

Download the Whitepaper More Resources. Check out my previous blog post, Firmware Fuzzing 101 , for a more detailed overview. If you want to learn more about LD_PRELOAD and hacking on binaries that are traditionally difficult to fuzz, check out the Fuzzing Firmware 101 blog post as well. Happy Hacking!

Firmware

Firmware Hacking Software

The Cybersecurity Executive Order: the first 120 days

Security Boulevard

SEPTEMBER 13, 2021

As a result of this workshop, NIST released a whitepaper on June 25, 2021, “ Definition of Critical Software under the Executive Order (EO) 14028.”. Since the Executive Order seeks to enhance the security and integrity of “critical software,” defining the term needed to be one of the first agenda items completed.

Cybersecurity

Cybersecurity Software Technology Risk

Cyber Security Informer

New Windows/Linux Firmware Attack

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Trending Sources

ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

How to ensure security and trust in connected cars

Private AI For All: Our End-To-End Approach to AI Privacy on Android

A Spectre proof-of-concept for a Spectre-proof web

Address Sanitizer for Bare-metal Firmware

Back to the Fuzz: Fuzzing for Command Injections

The Cybersecurity Executive Order: the first 120 days

Stay Connected