Tag: firmware
-
OpenWrt: Upgrade-Schwachstelle CVE-2024-54143 gefährdet Firmware-Updates
Kurze Information für Benutzer der OpenWrt-Firmware für Router. Der Update-Service für die Firmware weist in älteren Versionen die Schwachstelle CVE-2024-54143 auf. Angreifer könnten diese Schwachstelle ausnutzen, um Schadsoftware per Firmware-Update einzuschleusen. Es gibt aber bereits eine gepatchte Firmware-Version. Die Open-Source-Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/openwrt-upgrade-schwachstelle-cve-2024-54143-gefaehrdet-firmware-updates/
-
Critical OpenWrt Bug: Update Your Gear!
ASU 48-bit trash hash: Open source router firmware project fixes dusty old code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/openwrt-cve-2024-54143-richixbw/
-
Enthält potenziell Schadcode: Kritische Upgrade-Lücke gefährdet Openwrt-Firmware
In einem Upgrade-Dienst von Openwrt hat es eine Schwachstelle gegeben. Sie wurde zwar schnell gefixt; zuvor erstellte Firmware-Images sind aber potenziell kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/enthaelt-potenziell-schadcode-kritische-upgrade-luecke-gefaehrdet-openwrt-firmware-2412-191574.html
-
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/
-
Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation
The CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images. The post Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-openwrt-flaw-exposes-firmware-update-server-to-exploitation/
-
Update your OpenWrt router! Security issue made supply chain attack possible
A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
-
OpenWrt orders router firmware updates after supply chain attack scare
A couple of bugs lead to a potentially bad time First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
-
TPM 2.0: The new standard for secure firmware
Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/trusted-computing-group-trusted-platform-module-tpm-2-0/
-
CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative
The open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular”, but expensive”, Flipper Zero, a multifunctional tool for penetration testers, ethical hackers, and tech enthusiasts. With its affordable hardware requirements and flexible firmware, CapibaraZero…
-
Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code
SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances. These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity. SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks. These issues…
-
8 biggest cybersecurity threats manufacturers face
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISOs still cautious about adopting autonomous patch management solutions
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
First-ever Linux UEFI bootkit turns out to be student project
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
First-ever Linux UEFI bootkit turns out to be research project
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
Open source router firmware project OpenWrt ships its own entirely repairable hardware
‘Forever unbrickable’ Wi-Fi 6 box from Banana Pi comes packaged or in kit form First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/openwrt_one_foss_wifi_router/
-
Bosch-Thermostate anfällig für Hackerangriffe
Eine Schwachstelle in der Firmware der Bosch-Thermostate des Modells BCC100 macht sie anfällig für Hackerangriffe und Malware. Wer nicht frieren will,… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/bosch-thermostate-anfallig-fur-hackerangriffe
-
Zyxel Firewall Vulnerability Actively Exploited in Attacks
Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats, aiming to safeguard its users through vital firmware updates and security enhancements. CVE-2024-11667: The Vulnerability…
-
>>Bootkitty<< A First Ever UEFI Bootkit Attack Linux Systems
Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Firmware Interface) threat landscape has seen considerable evolution over the past decade. Evolution of UEFI Threats Initially, in 2012,…
-
Bootkitty is the first UEFI Bootkit designed for Linux systems
ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF…
-
QNAP NAS users locked out after firmware update snafu
Affected customers gripe about storage biz’s tech support First seen on theregister.com Jump to article: www.theregister.com/2024/11/25/qnap_faulty_update/
-
Researchers Discover “Bootkitty” First UEFI Bootkit Targeting Linux Kernels
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems.Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in…
-
QNAP pulls buggy QTS firmware causing widespread NAS issues
QNAP has pulled a recently released firmware update after widespread customer reports that it’s breaking connectivity and, in some cases, locking users out of their devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/qnap-pulls-buggy-qts-firmware-causing-widespread-nas-issues/
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
IntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, which are primarily deployed through Tunisie Telecom and Topnet ISPs. Similar variants of the router used in Algeria and Morocco are…
-
The Global Effort to Maintain Supply Chain Security – Part Two
Various Cybersecurity Experts, CISO Global A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory”, every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are…
-
Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code
Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks. These vuln… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-ata-190-telephone-adapter-vulnerabilities/
-
Western Digital releases firmware fix for SSDs blighted by Windows 11 24H2 BSODs
First seen on theregister.com Jump to article: www.theregister.com/2024/10/17/western_digital_releases_a_firmware/
-
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
Cisco has released patches for multiple vulnerabilities in ATA 190 series firmware, including two high-severity flaws. The post Cisco Patches High-Sev… First seen on securityweek.com Jump to article: www.securityweek.com/cisco-patches-high-severity-vulnerabilities-in-analog-telephone-adapters/