firmware

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)

CVE, Don't miss, Eclypsium, firmware, hardware, Hot stuff, Intel, Lenovo, News, vulnerability /

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) 2024-06-21 at 14:31 By Zeljka Zorz A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime. “This type of low-level exploitation is typical of firmware backdoors (e.g., […]

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) Read More »

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Binarly, firmware, Funding/M&A, seed-stage, supply chain, Supply Chain Security /

Binarly Attracts $10.5M to Tackle Software Supply Chain Security 2024-03-26 at 22:47 By SecurityWeek News Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from

Binarly Attracts $10.5M to Tackle Software Supply Chain Security Read More »

Quantum risk is real now: How to navigate the evolving data harvesting threat

Artificial Intelligence, backdoor, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, firmware, Hot stuff, machine learning, News, opinion, Qrypt, threat /

Quantum risk is real now: How to navigate the evolving data harvesting threat 13/10/2023 at 07:32 By Help Net Security In an era where data security is paramount, the recent revelations about firmware backdoors implanted by Chinese government-backed hackers serve as a stark reminder of the evolving threat landscape. BlackTech is infiltrating routers to gain

Quantum risk is real now: How to navigate the evolving data harvesting threat Read More »

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

0-day, Android, Arm, Don't miss, firmware, Google, Hot stuff, Huawei, News, Samsung, security update, smartphones /

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) 03/10/2023 at 14:16 By Zeljka Zorz A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm’s Mali GPUs are used on a

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) Read More »

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

Cisco, firmware, Malware & Threats, MoonBounce, Nation-State, routers, Security Infrastructure /

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware 27/09/2023 at 21:02 By Ryan Naraine The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies. The post Chinese Gov Hackers Caught

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware Read More »

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)

critical infrastructure, Don't miss, Dragos, energy sector, firmware, Hot stuff, ICS/SCADA, manufacturing sector, News, PLC, Rockwell Automation, security update, vulnerability /

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) Read More »

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

bootkit, firmware, Malware & Threats, NSA, UEFI, Vulnerabilities /

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections 23/06/2023 at 20:58 By Ionut Arghire The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections Read More »

Asus Patches Highly Critical WiFi Router Flaws

Asus, CVE-2018-1160, CVE-2022-26376, firmware, Mobile & Wireless, router, Vulnerabilities /

Asus Patches Highly Critical WiFi Router Flaws 20/06/2023 at 00:17 By Ryan Naraine Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks. The post Asus Patches Highly Critical WiFi Router Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Asus Patches Highly Critical WiFi Router Flaws Read More »

Western Digital Blocks Unpatched Devices From Cloud Services

CVE-2022-36327, Endpoint Security, firmware, Vulnerabilities, Western Digital /

Western Digital Blocks Unpatched Devices From Cloud Services 19/06/2023 at 18:08 By Ionut Arghire Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability. The post Western Digital Blocks Unpatched Devices From Cloud Services appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Western Digital Blocks Unpatched Devices From Cloud Services Read More »

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

Don't miss, enterprise, firewall, firmware, Hot stuff, News, PoC, Rapid7, security update, SMBs, vulnerability, Zyxel /

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) 22/05/2023 at 14:05 By Zeljka Zorz A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) Read More »

MSI’s firmware, Intel Boot Guard private keys leaked

Binarly, code signing, data breach, Data leak, Don't miss, firmware, Hot stuff, Intel, MSI, News, public-key cryptography, Ransomware /

MSI’s firmware, Intel Boot Guard private keys leaked 08/05/2023 at 15:07 By Zeljka Zorz The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells computers (laptops, desktops, all-in-one PCs, servers,

MSI’s firmware, Intel Boot Guard private keys leaked Read More »

Scroll to Top