Tag: firmware
-
SonicWall warns of an exploitable SonicOS vulnerability
SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is >>susceptible to actual exploitation.
-
DNA sequencer vulnerabilities signal firmware issues across medical device industry
Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windowsIn highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
-
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/
-
DNA sequencers found running ancient BIOS, posing risk to clinical research
Devices on six-year-old firmware vulnerable to takeover and destruction First seen on theregister.com Jump to article: www.theregister.com/2025/01/08/dna_sequencer_vulnerabilities/
-
Critical BIOS/UEFI Vulnerabilities Allow Attackers To Overwrite System Firmware
Researchers discovered critical BIOS/UEFI vulnerabilities in the Illumina iSeq 100 DNA sequencer, where the device utilizes an outdated firmware implementation with CSM mode lacking essential security features like Secure Boot and firmware write protections. The vulnerability window allows attackers to exploit the system, potentially overwriting the firmware to either disable the device or install malicious…
-
DNA sequencer company notifying customers of vulnerabilities in popular device
The iSeq 100 genetic sequencer has vulnerabilities that could allow attackers to tamper with its operations or install a firmware implant, researchers from cybersecurity firm Eclypsium say.]]> First seen on therecord.media Jump to article: therecord.media/dna-sequencer-vulnerabilities-iseq100-eclypsium
-
Genetic Engineering Meets Reverse Engineering: DNA Sequencer’s Vulnerable BIOS
Eclypsium’s research team has identified BIOS/UEFI vulnerabilities in a popular DNA gene sequencer made by Illumina, a leading genomics and healthcare technology vendor. More specifically, we found that the Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM mode and without Secure Boot or standard firmware write protections. This would allow……
-
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.”The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard First…
-
Report: Flaws in Illumina DNA Sequencer Devices Allows Hacks
Eclypsium Report Describes BIOS/UEFI Issues in Illumina iSeq 100 Firmware. Certain vulnerabilities in device maker Illumina’s iSeq 100 DNA gene sequencer could allow hackers to overwrite the system’s firmware to render the device unusable or to install a firmware implant for ongoing attacker persistence, said researchers at Eclypsium who identified the flaws. First seen on…
-
Widely used DNA sequencer still doesn’t enforce Secure Boot
A firmware-dwelling bootkit in the iSeq 100 could be a key win for threat actors. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/widely-used-dna-sequencer-still-doesnt-enforce-secure-boot/
-
Moxa router flaws pose serious risks to industrial environmets
Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected…
-
Stimmen die Voraussetzungen, kann Schadcode auf Asus-Router gelangen
Angreifer können Router von Asus ins Visier nehmen und attackieren. Dagegen sind abgesicherte Firmwares erschienen. First seen on heise.de Jump to article: www.heise.de/news/Stimmen-die-Voraussetzungen-kann-Schadcode-auf-Asus-Router-gelangen-10226829.html
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
-
How are you securing your communications in the wake of the Volt Typhoon revelations?
Tags: access, advisory, android, apple, apt, attack, authentication, business, china, cisa, cisco, cloud, communications, computer, control, cyber, cybersecurity, detection, email, endpoint, espionage, exploit, firewall, firmware, government, group, Hardware, infrastructure, Internet, Intruder, microsoft, network, phishing, ransomware, risk, service, software, technology, threat, tool, update, vpn, vulnerability, windows, zero-dayThe FBI recently released information that text messages between Apple and Android texting systems were insecure and that attackers could listen in and access those communications, more fallout from the revelation that a Chinese-affiliated threat actor had breached telecommunications companies.The announcement that the group known as Salt Typhoon had compromised networks of major global telecommunications…
-
Hacker knacken das Smart Home
Tags: android, bsi, cyber, cyersecurity, data, dora, firmware, germany, hacker, incident response, Internet, mail, malware, passkey, password, resilience, risk, security-incident, service, update, vulnerabilityloading=”lazy” width=”400px”>Im Smart Home werkeln immer mehr Devices mit Internet-Anschluss für Hacker ein lohnendes Ziel. Andrey Suslov shutterstock.comIoT-Geräte wie digitale Bilderrahmen oder Mediaplayer sind immer häufiger das Ziel von Cyberkriminellen. Viele dieser mit dem Internet verbundenen Geräte weisen Schwachstellen auf und können leicht mit Schadsoftware infiziert werden. Das Bundesamt für Sicherheit in der Informationstechnik (BSI)…
-
Critical Flaws Expose 25,000 SonicWall Devices to Hackers
Many SonicWall Firewalls Are Unsupported or Lack Patches for Known Vulnerabilities. Thousands of SonicWall network security devices remain exposed with critical security flaws, including 20,000 running outdated firmware that no longer receives vendor support. Despite patches available for some of these flaws, many organizations continue to run the outdated firmware. First seen on govinfosecurity.com Jump…
-
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-firewalls-exposed-to-critical-flaws/
-
Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices
Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods… First seen on hackread.com Jump to article: hackread.com/firmware-security-identifying-risks-cybersecurity-practices/
-
Overlooking platform security weakens long-term cybersecurity posture
Platform security securing the hardware and firmware of PCs, laptops and printers is often overlooked, weakening cybersecurity posture for years to come, according to HP. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/platform-security-concerns/
-
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting…
-
IT pros say hackers could compromise device supply chain, firmware security
First seen on scworld.com Jump to article: www.scworld.com/news/it-pros-say-hackers-could-compromise-device-supply-chain-firmware-security
-
Sechs Sicherheitslücken in SAG Sonicwall behebt Schwachstellen in Firewall und Firmware
First seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
HP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threequarters-security-leaders/
-
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
Tags: access, advisory, attack, best-practice, cloud, cve, data, encryption, exploit, finance, firmware, flaw, germany, Hardware, mitigation, monitoring, reverse-engineering, software, update, vulnerabilityAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and…
-
Critical OpenWrt bug enabling malicious firmware image installation addressed
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-openwrt-bug-enabling-malicious-firmware-image-installation-addressed
-
OpenWrt Update Flaw Exposed Devices to Malicious Firmware
Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
-
Black Hat: Latest news and insights
The infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets
Researchers found a way to disrupt AMD server hardware using $10 worth of off-the-shelf items. The company has issued a firmware update. There’s no evidence of exploitation in the wild. ]]> First seen on therecord.media Jump to article: therecord.media/amd-security-flaw-badram