Tag: firmware
-
UEFI Firmware Exploit Evades EDR
As endpoint security tools improve, attackers target lower level firmware components to evade detection. This demo shows how malware targeting UEFI fi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/uefi-firmware-exploit-evades-edr/
-
Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers
The post Eclypsium … First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/06/eclypsium-ceo-yuriy-bulygin-beware-compromised-firmware-and-baseboard-management-controllers/
-
Intel Microcode Vulnerabilities Addressed in Ubuntu Systems
Intel Microcode, the firmware responsible for controlling the behavior of Intel CPUs, has recently been found to have several vulnerabilities. These i… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/intel-microcode-vulnerabilities-addressed-in-ubuntu-systems/
-
Eclypsium and Panasonic Connect North America Partner to Protect Against Digital Infrastructure Threats Below the Surface With Smart Compliance
Portland, OR June 6, 2024 Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software, today announced its coll… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/eclypsium-and-panasonic-connect-north-america-partner-to-protect-against-digital-infrastructure-threats-below-the-surface-with-smart-compliance/
-
Automata in Action: New Vulnerabilities Discovered in HP UEFI
Eclypsium has discovered new vulnerabilities in a particular Unified Extensible Firmware Interface (UEFI) implementation from HP. This is the first vu… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/automata-in-action-new-vulnerabilities-discovered-in-hp-uefi/
-
Yubikey: Neue Firmware unterstützt bis zu 100 Passkeys auf FIDO-Sticks
First seen on heise.de Jump to article: www.heise.de/news/Yubikey-FIDO2-Sicherheitsschluessel-kuenftig-mit-Platz-fuer-100-Passkeys-9712346.html
-
BTS #29 Supply Chains, Firmware, And Patching Jason Kikta
Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current ch… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/bts-29-supply-chains-firmware-and-patching-jason-kikta/
-
Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack
Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers t… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-ip-phone-vulnerability-2/
-
Neue Warnung vor Schwachstelle CVE-2024-3400 in Palo Alto Networks Firewalls
Anfang April 2024 gab es bereits eine Warnung zu einer ungepatchte Sicherheitslücke (CVE-2024-3400) in der PAN-Firmware, die in Palo Alto Networks Fir… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/04/27/neue-warnung-vor-schwachstelle-cve-2024-3400-in-palo-alto-networks-firewalls/
-
Lenovo: Sicherheitslücken in Server-Enclosure-Firmware
Tags: firmwareDie Firmware von Lenovos Server-Enclosures hat Sicherheitslecks, die etwa eine Rechteerhöhung ermöglichen. Recovery-Bootloader alter PCs sind auch ver… First seen on heise.de Jump to article: www.heise.de/news/Lenovo-Sicherheitsluecken-in-Server-Enclosure-Firmware-9686547.html
-
Ohne angepasste Firmware: Pretendo ermöglicht weiterhin Online-Gaming auf Wii U
Pretendo hat einen SSL-Exploit lange Zeit geheim gehalten. Wii-U-Besitzer können darüber weiterhin online spielen, obwohl Nintendo die Server abgescha… First seen on golem.de Jump to article: www.golem.de/news/ohne-angepasste-firmware-pretendo-ermoeglicht-weiterhin-online-gaming-auf-wii-u-2404-183964.html
-
Schwachstellen in Wärmepumpen aufgedeckt – Forscher entdecken hardcodierte Passwörter in Wärmepumpen-Firmware
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsrisiken-bei-vernetzten-waermepumpen-a-081fee5b903c8f3ac0777227dc3b3108/
-
USENIX Security ’23 Lukas Seidel, Dominik Maier, Marius Muench Forming Faster Firmware Fuzzers
Tags: firmwarewww.infosecurity.us/blog/2024/4/8/usenix-security-23-lukas-seidel-dominik-maier-marius-muench-forming-faster-firmware-fuzzers>Permalink The po… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/usenix-security-23-lukas-seidel-dominik-maier-marius-muench-forming-faster-firmware-fuzzers/
-
USENIX Security ’23 Hoedur: Embedded Firmware Fuzzing using Multi-Stream Inputs
Tags: firmwareAuthors/Presenters: Tobias Scharnowski, Simon Wörner, Felix Buchmann, Nils Bars, Moritz Schloegel, Thorsten Holz Presenters: Tobias Schar… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/usenix-security-23-hoedur-embedded-firmware-fuzzing-using-multi-stream-inputs/
-
AMD to open source Micro Engine Scheduler firmware for Radeon GPUs
First seen on theregister.com Jump to article: www.theregister.com/2024/04/05/amd_mes_open_source/
-
New XZ backdoor scanner detects implant in any Linux binary
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/
-
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post les firmware and softw… First seen on securityweek.com Jump to article: www.securityweek.com/binarly-attracts-10-5m-to-tackle-software-supply-chain-security/
-
Linux Supply Chain Validation Cheat Sheet
Linux provides several tools and techniques that allow users to query systems for information about hardware and firmware (This post builds on our pre… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/linux-supply-chain-validation-cheat-sheet/
-
AnyCubic fixes exploited 3D printer zero day flaw with new firmware
First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/anycubic-fixes-exploited-3d-printer-zero-day-flaw-with-new-firmware/
-
Eclypsium: Ivanti firmware has ‘plethora’ of security issues
In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several y… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366569938/Eclypsium-Ivanti-firmware-has-plethora-of-security-issues
-
Qnap: Sicherheitslücken in Firmware erlauben Einschleusen von Befehlen
Tags: firmwareFirst seen on heise.de Jump to article: heise.de/news/Qnap-Sicherheitsluecken-NAS-lassen-sich-Befehle-aus-dem-Netz-unterschieben-9626319.html
-
Alpha Innotec und Novelan: Passwort in Firmware für Wärmepumpensteuerung entdeckt
Das Passwort ist zwar verschlüsselt, lässt sich aber wohl in wenigen Sekunden knacken. Angreifer können sich per SSH einen Root-Zugriff auf die Steuer… First seen on golem.de Jump to article: www.golem.de/news/alpha-innotec-und-novelan-passwort-in-firmware-fuer-waermepumpensteuerung-entdeckt-2402-181980.html
-
Check Point enttarnt bösartige Firmware für TPRouter
Aus der Vergangenheit ist bekannt, dass Router-Implantate oft auf beliebigen Geräten ohne besonderes Interesse installiert werden, um eine Verbindung … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-enttarnt-boesartige-firmware-fuer-tp-link-router/a34334/
-
Absolute Software bringt neues Application Health Monitoring
Die patentierte Persistence-Technologie von Absolute Software ist in die Firmware von mehr als 600 Millionen Geräten eingebettet und stellt eine siche… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/absolute-software-bringt-neues-application-health-monitoring/a35674/
-
o2- und Alice-Router mit kritischer Schwachstelle
Durch einen Firmware-Fehler konnte man einen Standard-WLAN-Router der Provider aus der Ferne umkonfigurieren und vertrauliche Daten wie Anrufprotokoll… First seen on http: Jump to article: www.heise.de/meldung/Router-von-o2-und-Alice-mit-kritischem-Firmware-Fehler-1759265.html
-
US-CERT: Samsung Printer Firmware Contains Backdoor
First seen on http: Jump to article: darkreading.com/vulnerability-management/167901026/security/vulnerabilities/240142864/us-cert-samsung-printer-firmware-contains-backdoor.html
-
US_CERT: Samsung Printer Firmware Contains Backdoor
First seen on http: Jump to article: darkreading.com/vulnerability-management/167901026/security/vulnerabilities/240142864/us_cert-samsung-printer-firmware-contains-backdoor.html
-
Samsung Printers Contain Hardcoded Backdoor Account, US-CERT Warns
Printers manufactured by Samsung have a backdoor administrator account hard coded in their firmware that could enable attackers to change their config… First seen on http: Jump to article: www.computerworld.in/news/samsung-printers-contain-hardcoded-backdoor-account-us-cert-warns-43942012
-
Android Smishing Vulnerability Found in Android Open Source Project Firmware
A vulnerability discovered in the Android Open Source Project enables malicious applications to send SMS messages without user permission across all r… First seen on http: Jump to article: threatpost.com/en_us/blogs/android-symbian-malware-rise-110512
-
[News] Hackers leak PlayStation 3 decryption keys, opening reportedly unpatchable security hole
A group of hackers called “The Three Tuskateers†has published the PlayStation 3’s LV0 decryption keys, making PS3 firmware easier … First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/sBaSUoKlKdc/950