Tag: firmware
-
Firmware, Supply Chain, and Frameworks NIST SP 800-53
NIST Special Publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is one of the most important and influ… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/firmware-supply-chain-and-frameworks-nist-sp-800-53/
-
Firmware update hides Bluetooth fingerprints
A smartphone’s unique Bluetooth fingerprint could be used to track the device’s useruntil now. A team of researchers has developed a simple firmware u… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/16/firmware-hide-bluetooth-fingerprint/
-
USENIX Security ’23 Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation
Authors/Presenters:Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S. Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-greenhouse-single-service-rehosting-of-linux-based-firmware-binaries-in-user-space-emulation/
-
Netgear warns users to patch auth bypass, XSS router flaws
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-authentication-bypass-xss-router-flaws/
-
Eclypsium and Everfox Partner to Deliver Enhanced Security for the Technology Supply Chain of the U.S. Government
Portland, OR July 11, 2024 Eclypsium, the leader in digital supply chain security for enterprise hardware, firmware and software infrastructure, today… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/eclypsium-and-everfox-partner-to-deliver-enhanced-security-for-the-technology-supply-chain-of-the-u-s-government/
-
PCs mit Intel-Prozessoren: UEFI-Sicherheitslücke lässt Schadcode passieren
Aufgrund eines Fehlers in der UEFI-Firmware von Phoenix können Angreifer Computer attackieren. Davon sind unter anderem Lenovo-Geräte mit Intel-CPU be… First seen on heise.de Jump to article: www.heise.de/news/PCs-mit-Intel-Prozessoren-UEFI-Sicherheitsluecke-laesst-Schadcode-passieren-9773023.html
-
Researchers Uncover UEFI Vulnerability Affecting Intel CPUs
Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/researchers-uncover-uefi-vulnerability-affecting-intel-cpus/
-
Sicherheitslücke: Die UEFI-Firmware unzähliger Intel-Systeme ist angreifbar
Angreifer können die Sicherheitslücke beispielsweise ausnutzen, um ein Bootkit einzuschleusen und sich damit auf Zielsystemen eine Backdoor zu schaffe… First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-die-uefi-firmware-unzaehliger-intel-systeme-ist-angreifbar-2406-186321.html
-
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of … First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html
-
D-Link: Versteckte Backdoor in 16 Routermodellen entdeckt
Angreifer können aus der Ferne den Telnet-Dienst betroffener D-Link-Router aktivieren. Auch die Admin-Zugangsdaten sind offenbar in der Firmware hinte… First seen on golem.de Jump to article: www.golem.de/news/d-link-versteckte-backdoor-in-16-routermodellen-entdeckt-2406-186277.html
-
Patch or Perish: Secure Your Data Center with Firmware Management
In the dynamic world of data centers, where uptime and security are paramount, firmware management often goes under the radar. However, as data center… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/patch-or-perish-secure-your-data-center-with-firmware-management/
-
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)
A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privile… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/21/cve-2024-0762/
-
Google Pixel Firmware Zero-Day Flaw Exploited And Patched
Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-d… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/google-pixel-firmware-zero-day-flaw-exploited-and-patched/
-
UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models
A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware securit… First seen on securityaffairs.com Jump to article: securityaffairs.com/164771/hacking/phoenix-securecore-uefi-firmware-cve-2024-0762.html
-
Phoenix UEFI vulnerability impacts hundreds of Intel PC models
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
-
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day.The high-severity vulnerability, tagged a… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/google-warns-of-pixel-firmware-security.html
-
Phoenix SecureCore UEFI Flaw Exposes Intel Processors to ‘UEFIcanhazbufferoverflow'<< Vulnerability
A newly discovered vulnerability, CVE-2024-0762, dubbed UEFIcanhazbufferoverflow, has recently come to light in the Phoenix SecureCore UEFI firmware, … First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ueficanhazbufferoverflow-vulnerability/
-
Mystery miscreant remotely bricked 600,000 SOHO routers with malicious firmware update
First seen on theregister.com Jump to article: www.theregister.com/2024/05/31/pumoking_eclipse_remote_router_attack/
-
Phoenix SecureCode UEFI firmware bug could affect millions of Intel-based laptops
Tags: firmwareFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/phoenix-securecode-uefi-firmware-bug-could-affect-millions-of-intel-based-laptops
-
CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different var… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-3080-asus-warns-customers-about-the-latest-authentication-bypass-vulnerability-detected-across-seven-router-models/
-
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
-
Critical UEFI Flaw in Phoenix Firmware Hits Major PC Brands
Buffer Overflow Vulnerability Lets Attackers Control Devices. A vulnerability in a common implementation of the firmware booting up desktop computers … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/critical-uefi-flaw-in-phoenix-firmware-hits-major-pc-brands-a-25570
-
Channel Brief: SentinelOne Earns Pax8 Awards, ASUS Releases Firmware Updates
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/channel-brief-sentinelone-earns-pax8-awards-asus-releases-firmware-updates
-
ASUS warns of critical remote authentication bypass on 7 routers
ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices…. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/asus-warns-of-critical-remote-authentication-bypass-on-7-routers/
-
Google fixed an actively exploited zero-day in the Pixel Firmware
Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned o… First seen on securityaffairs.com Jump to article: securityaffairs.com/164500/security/google-fixed-pixel-firmware-zero-day.html
-
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached … First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/zyxel-releases-patches-for-firmware.html
-
Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation
The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware. The post -day is tagged as CVE-2024-32896… First seen on securityweek.com Jump to article: www.securityweek.com/google-warns-of-pixel-firmware-zero-day-under-limited-targeted-exploitation/
-
Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targ… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
-
Attacking an Internal Windows Medical Device from the Internet
This firmware attack scenario demonstrates the type of attacks seen in the wild and showcases how an attacker can target, implant, or even destroy an … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/attacking-an-internal-windows-medical-device-from-the-internet/