Tag: firmware
-
So werden PV-Anlagen digital angegriffen und geschützt
Tags: access, ai, authentication, backup, best-practice, bug, china, cyber, cyberattack, cybersecurity, cyersecurity, firmware, framework, germany, iot, risk, software, technology, update, usa, vulnerabilityUnternehmen setzen vermehrt auf Solaranlagen mit Batteriespeichern, um hohe Energiekosten und Netzstabilitätsrisiken zu minimieren. Diese Systeme sind allerdings oft nicht gehärtet und damit ein immer beliebteres Ziel bei Cyberkriminellen. Quality Stock ArtsSteigen die Energiepreise, werden kostenintensive Projekte wie Rechenzentren für Künstliche Intelligenz (KI) ebenfalls teurer. Große Unternehmen suchen deshalb verstärkt nach Möglichkeiten, ihren Energiehaushalt günstiger…
-
NVIDIA Issues Warning About Severe Security Flaws Enabling Code Attacks
NVIDIA has issued an urgent security bulletin urging customers using itsHopper HGX 8-GPU High-Performance Computing (HMC) systemsto immediately install firmware updates addressing two critical vulnerabilities. Released on February 28, 2025, the patches target flaws that could allow attackers to execute malicious code, escalate privileges, or cripple enterprise GPU infrastructure through denial-of-service (DoS) attacks. The advisories…
-
Privacy Roundup: Week 9 of Year 2025
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Why cyber attackers are targeting your solar energy systems, and how to stop them
Tags: access, attack, authentication, automation, awareness, backup, best-practice, china, communications, control, credentials, cyber, cybercrime, cybersecurity, data, detection, exploit, firmware, framework, group, infrastructure, iot, mfa, monitoring, network, password, penetration-testing, regulation, risk, russia, service, software, technology, threat, update, vulnerabilitySmart inverter vulnerabilities threaten the electric grid: The biggest risk occurs during high-demand times. If enough solar DERs suddenly go offline during a critical period, there might not be adequate alternative energy sources that can come online immediately, or the available alternatives are much more expensive to operate. Attackers can produce similar results merely by…
-
Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA
Tags: cisa, cybersecurity, exploit, firmware, group, infrastructure, ransomware, software, vulnerabilityA ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). First seen on therecord.media Jump to article: therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert
-
Privacy Roundup: Week 7 of Year 2025
Tags: access, antivirus, api, apple, attack, breach, business, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, law, leak, malware, microsoft, military, network, password, phishing, privacy, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, windows, zero-dayThis is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 – 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Lexmark warnt vor Sicherheitslücken in Drucker-Software und -Firmware
Lexmark hat Sicherheitslücken in Drucker-Firmware und Begleitsoftware gefunden. Updates stehen bereit, um sie zu schließen. First seen on heise.de Jump to article: www.heise.de/news/Lexmark-warnt-vor-Sicherheitsluecken-in-Drucker-Software-und-Firmware-10282090.html
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
Intel Patched 374 Vulnerabilities in 2024
Intel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects. The post Intel Patched 374 Vulnerabilities in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/intel-patched-374-vulnerabilities-in-2024/
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
The Explosion of Hardware-Hacking Devices
Due to the growing popularity of the ESP32 IoT platform adoption by security professionals, this article raises several security concerns addressing firmware attacks that could target this user population and what you can do to protect yourself. Introduced in August 2020 following a $4.8 million Kickstarter campaign, the FlipperZero quickly became one of the most……
-
BTS #45 Understanding Firmware Vulnerabilities in Network Appliances
In this episode, Paul, Vlad, and Chase discuss the security challenges associated with Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating……
-
Netgear Patches Critical Vulnerabilities in Multiple WiFi Router Models
Netgear has released security updates addressing two critical vulnerabilities affecting several WiFi router models and has strongly urged users to update their firmware immediately. These vulnerabilities could allow unauthenticated attackers to execute remote code or bypass authentication, creating a serious… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/netgear-patches-critical-vulnerabilities-in-multiple-wifi-router-models/
-
Netgear warns users to patch critical WiFi router vulnerabilities
Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-critical-wifi-router-vulnerabilities/
-
AMD Epyc – Kritisches Sicherheitsleck in Server-CPUs geschlossen
Sicherheitsforscher von Google haben bei Epyc-Prozessoren von AMD eine Sicherheitslücke entdeckt, die per Firmware-Update geschlossen wird. First seen on computerbase.de Jump to article: www.computerbase.de/news/prozessoren/amd-epyc-kritisches-sicherheitsleck-in-server-cpus-geschlossen.91275
-
Patch coming for reported firmware bugs in Palo Alto firewalls
First seen on scworld.com Jump to article: www.scworld.com/brief/patch-coming-for-reported-firmware-bugs-in-palo-alto-firewalls
-
Geräte-Lifecycle im Griff – Sicherheit von Hardware und Firmware kommt zu kurz
First seen on security-insider.de Jump to article: www.security-insider.de/-it-sicherheitsherausforderungen-unternehmen-2025-a-b26dd91a2c45062499c15e8e5ff097c5/
-
TP-Link Router Web Interface XSS Vulnerability PoC Exploit Released
A recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the router’s web interface, potentially leading to malicious exploitation. Discovery of the Vulnerability The vulnerability stems…
-
Sicherheitsupdate: Schadcode-Attacken können D-Link-Router schaden
In der aktuellen Firmware haben D-Link-Entwickler eine offensichtlich kritische Schwachstelle im Router DSL-3788 geschlossen. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdate-Schadcode-Attacken-koennen-D-Link-Router-schaden-10259091.html
-
Fix nur vor Ort möglich: Zyxel schickt Firewalls per Update in Bootschleife
Die betroffenen Zyxel-Firewalls lassen sich nicht mehr aus der Ferne warten. Admins müssen per Kabel dran, um eine neue Firmware einzuspielen. First seen on golem.de Jump to article: www.golem.de/news/fix-nur-vor-ort-moeglich-zyxel-schickt-firewalls-per-update-in-bootschleife-2501-192799.html
-
Privacy Roundup: Week 4 of Year 2025
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Palo-Alto: Sicherheitslücken in Firmware und Bootloadern von Firewalls
Die Firmware und Bootloader von einigen Palo-Alto-Firewalls weisen Sicherheitslecks auf, die Angreifern das Einnisten nach Angriffen ermöglichen. First seen on heise.de Jump to article: www.heise.de/news/Palo-Alto-Sicherheitsluecken-in-Firmware-und-Bootloadern-von-Firewalls-10257031.html
-
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices’ firmware as well as misconfigured security features.”These weren’t obscure, corner-case vulnerabilities,” security vendor Eclypsium said in a report shared with The Hacker News.”Instead these were very well-known issues that we wouldn’t expect to…
-
PoC Exploit Released for TP-Link Code Execution Vulnerability(CVE-2024-54887)
A security researcher, exploring reverse engineering and exploit development, has successfully identified a critical vulnerability in the TP-Link TL-WR940N router, specifically affecting hardware versions 3 and 4 with all firmware up to the latest version. This vulnerability, which has been documented as CVE-2024-54887, allows for potential arbitrary remote code execution (RCE) through stack buffer overflow…
-
Industrial Switch Vulnerabilities Allow Remote Exploitation
Researchers Uncover Three Vulnerabilities, Urge Firmware Update. Attackers could chain critical vulnerabilities in industrial network switches to gain remote control to compromise automation systems, IoT devices and surveillance networks. Claroty’s Team82 uncovered three flaws in WGS-804HPT switches manufactured by Planet Technology. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/industrial-switch-vulnerabilities-allow-remote-exploitation-a-27333
-
Sicherheitsmängel gefährden DNA-Sequenziergeräte
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?quality=50&strip=all 5283w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Security-Forscher haben festgestellt, dass bei einem DNA-Sequenziergerät wichtige Sicherheitsfunktionen fehlen. angellodeco Shutterstock.comDas DNA-Sequenziergerät iSeq 100 von Illumina wird von medizinischen Laboren auf der ganzen Welt für eine Vielzahl…
-
2025 Threat Landscape Trends to Watch
What Type of Attacks Will We See in 2025? January 23, 2025Time: 1:00 pm ET – 10:00 am PTSpeaker: Paul Asadoorian, Principal Security Researcher Bootkits, network infrastructure attacks, and firmware vulnerabilities all saw major development in 2024, and these major trends show no sign of slowing down in 2025. Join Paul Asadoorian for a review……