Tag: firmware
-
Will the FDA Start Banning Chinese-Made Medical Devices?
by
in SecurityNewsInterview with Joe Silvia, CEO of MedWare Cyber Click here to listen. In late January, the FDA issued a safety warning on Contec CMS8000 patient monitors and those relabeled as MN-120. The Chinese-made devices, used by thousands of medical institutions across the world, contain back doors in the firmware that could put patients at risk.”¦…
-
Hm, why are so many DrayTek routers stuck in a bootloop?
by
in SecurityNewsTime to update your firmware, if you can, to one with the security fixes, cough cough First seen on theregister.com Jump to article: www.theregister.com/2025/03/25/draytek_routers_bootloop/
-
HP Inc settles printer toner lockout lawsuit with a promise to make firmware updates optional
by
in SecurityNewsDynamic Security update blocks 3rd-party cartridges, but keeps printing money First seen on theregister.com Jump to article: www.theregister.com/2025/03/19/hp_printer_lawsuit_settled/
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
by
in SecurityNews
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover
by
in SecurityNewsA critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks. The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-ami-bmc-vulnerability-exposes-servers-to-disruption-takeover/
-
Schwachstelle in Tenda-AC7-Routern
by
in SecurityNewsCVE-2025-1851 ist eine schwerwiegende Sicherheitslücke, die Tenda-AC7-Router mit Firmware-Versionen bis 15.03.06.44 betrifft. Tenda-AC7 ist ein drahtloser Dualband-Router für den Einsatz in Privathaushalten sowie kleinen und mittelständischen Unternehmen. Die Schwachstelle beim Pufferüberlauf innerhalb der Funktion formSetFirewallCfg ermöglicht es einem Angreifer, eine speziell gestaltete Payload an die Webschnittstelle des Routers zu senden. Bei erfolgreicher Ausnutzung können Angreifer…
-
Tenda AC7 Vulnerability Lets Hackers Execute Malicious Payloads for Root Access
by
in SecurityNewsA vulnerability has been discovered in the Tenda AC7 router, firmware version V15.03.06.44, which allows attackers to execute malicious payloads and gain root access. As per a report in Github, the vulnerability, identified through experimental setup and exploitation, revolves around a stack overflow issue in the formSetFirewallCfg function. This exploit is significant, as it not only enables…
-
Fehlercode 11: Neue Firmware macht HP-Laserdrucker unbrauchbar
by
in SecurityNews
Tags: firmwareIm HP-Supportforum gibt es zahlreiche Beschwerden von Laserjet-Nutzern, die trotz Originaltoner mit der neuesten Firmware nicht mehr drucken können. First seen on golem.de Jump to article: www.golem.de/news/fehlercode-11-neue-firmware-macht-hp-laserdrucker-unbrauchbar-2503-194158.html
-
Researcher Hacks Embedded Devices to Uncover Firmware Secrets
by
in SecurityNewsIn a recent exploration of embedded device hacking, a researcher demonstrated how to extract firmware from flash memory using the flashrom tool. This process is crucial for understanding device operation and identifying potential vulnerabilities. However, it involves risks that can damage the equipment if not executed carefully. The Importance of Firmware Extraction Firmware is essential…
-
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
by
in SecurityNews
Tags: attack, conference, cyber, firmware, office, rce, remote-code-execution, risk, router, vulnerabilityA recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical security controls. These findings, disclosed by researchers at DEFCON 32 HHV and Ekoparty 2024, highlight systemic risks in widely used small office/home office (SOHO) routers due to outdated firmware, weak…
-
So werden PV-Anlagen digital angegriffen und geschützt
by
in SecurityNews
Tags: access, ai, authentication, backup, best-practice, bug, china, cyber, cyberattack, cybersecurity, cyersecurity, firmware, framework, germany, iot, risk, software, technology, update, usa, vulnerabilityUnternehmen setzen vermehrt auf Solaranlagen mit Batteriespeichern, um hohe Energiekosten und Netzstabilitätsrisiken zu minimieren. Diese Systeme sind allerdings oft nicht gehärtet und damit ein immer beliebteres Ziel bei Cyberkriminellen. Quality Stock ArtsSteigen die Energiepreise, werden kostenintensive Projekte wie Rechenzentren für Künstliche Intelligenz (KI) ebenfalls teurer. Große Unternehmen suchen deshalb verstärkt nach Möglichkeiten, ihren Energiehaushalt günstiger…
-
NVIDIA Issues Warning About Severe Security Flaws Enabling Code Attacks
by
in SecurityNewsNVIDIA has issued an urgent security bulletin urging customers using itsHopper HGX 8-GPU High-Performance Computing (HMC) systemsto immediately install firmware updates addressing two critical vulnerabilities. Released on February 28, 2025, the patches target flaws that could allow attackers to execute malicious code, escalate privileges, or cripple enterprise GPU infrastructure through denial-of-service (DoS) attacks. The advisories…
-
Privacy Roundup: Week 9 of Year 2025
by
in SecurityNews
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Why cyber attackers are targeting your solar energy systems, and how to stop them
by
in SecurityNews
Tags: access, attack, authentication, automation, awareness, backup, best-practice, china, communications, control, credentials, cyber, cybercrime, cybersecurity, data, detection, exploit, firmware, framework, group, infrastructure, iot, mfa, monitoring, network, password, penetration-testing, regulation, risk, russia, service, software, technology, threat, update, vulnerabilitySmart inverter vulnerabilities threaten the electric grid: The biggest risk occurs during high-demand times. If enough solar DERs suddenly go offline during a critical period, there might not be adequate alternative energy sources that can come online immediately, or the available alternatives are much more expensive to operate. Attackers can produce similar results merely by…
-
Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA
by
in SecurityNews
Tags: cisa, cybersecurity, exploit, firmware, group, infrastructure, ransomware, software, vulnerabilityA ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). First seen on therecord.media Jump to article: therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert
-
Privacy Roundup: Week 7 of Year 2025
by
in SecurityNews
Tags: access, antivirus, api, apple, attack, breach, business, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, law, leak, malware, microsoft, military, network, password, phishing, privacy, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, windows, zero-dayThis is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 – 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Lexmark warnt vor Sicherheitslücken in Drucker-Software und -Firmware
by
in SecurityNewsLexmark hat Sicherheitslücken in Drucker-Firmware und Begleitsoftware gefunden. Updates stehen bereit, um sie zu schließen. First seen on heise.de Jump to article: www.heise.de/news/Lexmark-warnt-vor-Sicherheitsluecken-in-Drucker-Software-und-Firmware-10282090.html
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
by
in SecurityNews
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
Intel Patched 374 Vulnerabilities in 2024
by
in SecurityNewsIntel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects. The post Intel Patched 374 Vulnerabilities in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/intel-patched-374-vulnerabilities-in-2024/
-
Privacy Roundup: Week 6 of Year 2025
by
in SecurityNews
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
The Explosion of Hardware-Hacking Devices
Due to the growing popularity of the ESP32 IoT platform adoption by security professionals, this article raises several security concerns addressing firmware attacks that could target this user population and what you can do to protect yourself. Introduced in August 2020 following a $4.8 million Kickstarter campaign, the FlipperZero quickly became one of the most……
-
BTS #45 Understanding Firmware Vulnerabilities in Network Appliances
by
in SecurityNewsIn this episode, Paul, Vlad, and Chase discuss the security challenges associated with Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating……
-
Netgear Patches Critical Vulnerabilities in Multiple WiFi Router Models
by
in SecurityNewsNetgear has released security updates addressing two critical vulnerabilities affecting several WiFi router models and has strongly urged users to update their firmware immediately. These vulnerabilities could allow unauthenticated attackers to execute remote code or bypass authentication, creating a serious… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/netgear-patches-critical-vulnerabilities-in-multiple-wifi-router-models/
-
Netgear warns users to patch critical WiFi router vulnerabilities
by
in SecurityNewsNetgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-critical-wifi-router-vulnerabilities/
-
AMD Epyc – Kritisches Sicherheitsleck in Server-CPUs geschlossen
by
in SecurityNewsSicherheitsforscher von Google haben bei Epyc-Prozessoren von AMD eine Sicherheitslücke entdeckt, die per Firmware-Update geschlossen wird. First seen on computerbase.de Jump to article: www.computerbase.de/news/prozessoren/amd-epyc-kritisches-sicherheitsleck-in-server-cpus-geschlossen.91275
-
Patch coming for reported firmware bugs in Palo Alto firewalls
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/patch-coming-for-reported-firmware-bugs-in-palo-alto-firewalls
-
Geräte-Lifecycle im Griff – Sicherheit von Hardware und Firmware kommt zu kurz
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-it-sicherheitsherausforderungen-unternehmen-2025-a-b26dd91a2c45062499c15e8e5ff097c5/
-
TP-Link Router Web Interface XSS Vulnerability PoC Exploit Released
by
in SecurityNewsA recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the router’s web interface, potentially leading to malicious exploitation. Discovery of the Vulnerability The vulnerability stems…