firmware

Overlooking platform security weakens long-term cybersecurity posture

cyber risk, cybercrime, cybersecurity, data security, firmware, hardware, HP, News, report, survey /

Overlooking platform security weakens long-term cybersecurity posture 2024-12-16 at 06:04 By Help Net Security Platform security – securing the hardware and firmware of PCs, laptops and printers – is often overlooked, weakening cybersecurity posture for years to come, according to HP. The report, based on a global study of 800+ IT and security decision-makers (ITSDMs) […]

React to this headline:

Loading spinner

Overlooking platform security weakens long-term cybersecurity posture Read More »

ESET researchers analyze first UEFI bootkit for Linux systems

Don't miss, firmware, Hot stuff, Linux, News, research /

ESET researchers analyze first UEFI bootkit for Linux systems 2024-11-27 at 18:18 By Help Net Security ESET Research has discovered the first UEFI bootkit designed for Linux systems, named Bootkitty by its creators. Researchers believe this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in

React to this headline:

Loading spinner

ESET researchers analyze first UEFI bootkit for Linux systems Read More »

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

CVE, Don't miss, firmware, Hot stuff, NAS, News, SMBs, vulnerability, Zyxel /

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) 2024-09-10 at 12:02 By Zeljka Zorz Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data

React to this headline:

Loading spinner

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) Read More »

Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws

Android, firmware, Google, memory corruption, rust, Security Architecture, Vulnerabilities /

Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 2024-09-09 at 23:01 By Ryan Naraine Google’s adoption of memory safe programming languages now includes the deployment of Rust in legacy low-level firmware codebases. The post Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws Read More »

Damn Vulnerable UEFI: Simulate real-world firmware attacks

Don't miss, firmware, GitHub, Hot stuff, News, open source, software /

Damn Vulnerable UEFI: Simulate real-world firmware attacks 2024-09-02 at 07:31 By Help Net Security Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform for unveiling and fixing UEFI firmware vulnerabilities. Simulate real-world firmware attacks DVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into UEFI

React to this headline:

Loading spinner

Damn Vulnerable UEFI: Simulate real-world firmware attacks Read More »

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)

CVE, Don't miss, Eclypsium, firmware, hardware, Hot stuff, Intel, Lenovo, News, vulnerability /

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) 2024-06-21 at 14:31 By Zeljka Zorz A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime. “This type of low-level exploitation is typical of firmware backdoors (e.g.,

React to this headline:

Loading spinner

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) Read More »

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Binarly, firmware, Funding/M&A, seed-stage, supply chain, Supply Chain Security /

Binarly Attracts $10.5M to Tackle Software Supply Chain Security 2024-03-26 at 22:47 By SecurityWeek News Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Binarly Attracts $10.5M to Tackle Software Supply Chain Security Read More »

Quantum risk is real now: How to navigate the evolving data harvesting threat

Artificial Intelligence, backdoor, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, firmware, Hot stuff, machine learning, News, opinion, Qrypt, threat /

Quantum risk is real now: How to navigate the evolving data harvesting threat 13/10/2023 at 07:32 By Help Net Security In an era where data security is paramount, the recent revelations about firmware backdoors implanted by Chinese government-backed hackers serve as a stark reminder of the evolving threat landscape. BlackTech is infiltrating routers to gain

React to this headline:

Loading spinner

Quantum risk is real now: How to navigate the evolving data harvesting threat Read More »

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

0-day, Android, Arm, Don't miss, firmware, Google, Hot stuff, Huawei, News, Samsung, security update, smartphones /

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) 03/10/2023 at 14:16 By Zeljka Zorz A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm’s Mali GPUs are used on a

React to this headline:

Loading spinner

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) Read More »

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

Cisco, firmware, Malware & Threats, MoonBounce, Nation-State, routers, Security Infrastructure /

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware 27/09/2023 at 21:02 By Ryan Naraine The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies. The post Chinese Gov Hackers Caught

React to this headline:

Loading spinner

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware Read More »

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)

critical infrastructure, Don't miss, Dragos, energy sector, firmware, Hot stuff, ICS/SCADA, manufacturing sector, News, PLC, Rockwell Automation, security update, vulnerability /

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an

React to this headline:

Loading spinner

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) Read More »

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

bootkit, firmware, Malware & Threats, NSA, UEFI, Vulnerabilities /

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections 23/06/2023 at 20:58 By Ionut Arghire The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections Read More »

Asus Patches Highly Critical WiFi Router Flaws

Asus, CVE-2018-1160, CVE-2022-26376, firmware, Mobile & Wireless, router, Vulnerabilities /

Asus Patches Highly Critical WiFi Router Flaws 20/06/2023 at 00:17 By Ryan Naraine Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks. The post Asus Patches Highly Critical WiFi Router Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Asus Patches Highly Critical WiFi Router Flaws Read More »

Western Digital Blocks Unpatched Devices From Cloud Services

CVE-2022-36327, Endpoint Security, firmware, Vulnerabilities, Western Digital /

Western Digital Blocks Unpatched Devices From Cloud Services 19/06/2023 at 18:08 By Ionut Arghire Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability. The post Western Digital Blocks Unpatched Devices From Cloud Services appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Western Digital Blocks Unpatched Devices From Cloud Services Read More »

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

Don't miss, enterprise, firewall, firmware, Hot stuff, News, PoC, Rapid7, security update, SMBs, vulnerability, Zyxel /

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) 22/05/2023 at 14:05 By Zeljka Zorz A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a

React to this headline:

Loading spinner

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) Read More »

MSI’s firmware, Intel Boot Guard private keys leaked

Binarly, code signing, data breach, Data leak, Don't miss, firmware, Hot stuff, Intel, MSI, News, public-key cryptography, Ransomware /

MSI’s firmware, Intel Boot Guard private keys leaked 08/05/2023 at 15:07 By Zeljka Zorz The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells computers (laptops, desktops, all-in-one PCs, servers,

React to this headline:

Loading spinner

MSI’s firmware, Intel Boot Guard private keys leaked Read More »

Scroll to Top