Tag: Hardware
-
‘Globale Abhörsicherheit” in Reichweite – KIT-Forscher: Quantensichere Verschlüsselung mit gängiger Hardware erreicht
First seen on security-insider.de Jump to article: www.security-insider.de/kit-forscher-quantensichere-verschluesselung-mit-gaengiger-hardware-erreicht-a-52098e40f0a1830a74c174b41cfa91c7/
-
BSidesLV24 Common Ground How We Accidentally Became Hardware Hackers
Authors/Presenters: Kyle Shockley & Caleb Davis Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-common-ground-how-we-accidentally-became-hardware-hackers/
-
Your Network Is Showing Time to Go Stealth
Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day -
Mobile Security Emerging Risks in the BYOD Era
The rise of Bring Your Own Device (BYOD) policies has revolutionized workplace flexibility, enabling employees to use personal smartphones, tablets, and laptops for professional tasks. While this shift reduces hardware costs and supports hybrid work models, it introduces complex security challenges. Cybercriminals increasingly target personal devices as gateways to corporate networks, exploiting vulnerabilities in fragmented…
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
BSidesLV24 Breaking Ground Introducing Serberus A Multi Headed Serial Hardware Hacking Tool
Author/Presenter: Patrick Kiley Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-breaking-ground-introducing-serberus-a-multi-headed-serial-hardware-hacking-tool/
-
OT-Security: Warum der Blick auf Open Source lohnt
Tags: ai, compliance, control, data, detection, edr, endpoint, Hardware, incident, incident response, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, technology, threat, tool, vulnerability, vulnerability-managementAuch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar. Die zunehmende Digitalisierung und Vernetzung in der industriellen Produktion haben OT-Security (Operational Technology-Sicherheit) zu einem Kernthema in Unternehmen gemacht. Produktionsdaten, SCADA-Systeme (Supervisory Control and Data Acquisition) und vernetzte Maschinen sind in vielen Branchen essenziell und äußerst anfällig für Cyberangriffe. Ein Zwischenfall kann…
-
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Network edge devices, hardware that powers firewalls, VPNs and network routers, have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular, Ivanti, have confronted exploited vulnerabilities in their products more than any […] First seen on…
-
Linux Firewall IPFire 2.29 Launches with Post-Quantum Encryption and System Enhancements
The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for the long term. Post-Quantum Cryptography for a More Secure Future In a major step forward […]…
-
Achtung Sicherheitslücke: Exploit Kits und andere Gefahren
Schwachstellen in Software und Hardware sind ein wichtiges Thema in der Auseinandersetzung mit IT-Sicherheit. Wie ihr in unserem Bericht über die Bedrohungstrends für Unternehmen im Jahr 2015 nachlesen könnt, zählen Sicherheitslücken zu den zentralen Bedrohungen in diesem Jahr. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/04/07/achtung-sicherheitslucke-exploit-kits-und-andere-gefahren/
-
Linux 6.15-rc1 Released: Better Drivers, Faster Performance
The Linux kernel community has witnessed another milestone with the release of Linux 6.15-rc1, the first release candidate for the forthcoming Linux 6.15 stable release. Announced by Linus Torvalds on April 6, 2025, in Phoronix blog, this marks the conclusion of a vibrant two-week merge window. Packed with new features, bug fixes, and significant hardware…
-
BTS #48 Hardware Hacking Tips Tricks
In this episode, Paul and Chase delve into the world of hardware hacking, focusing on devices like the Flipper Zero and ESP32. They discuss the various applications of these tools, their impact on awareness in the hacking community, and the security implications surrounding their use. The conversation also touches on vulnerabilities in hotel security systems,……
-
How Trump’s tariffs are shaking up the cybersecurity sector
Tags: antivirus, ceo, china, cisa, country, cyber, cyberattack, cybersecurity, defense, finance, government, Hardware, infrastructure, microsoft, network, service, supply-chain, technology, threat, vulnerabilityCustomer cutbacks and increased costs are major concerns: In addition to the macroeconomic fears and worries over retaliatory measures, US cybersecurity companies are vulnerable to losing revenue under the new tariffs as customers reduce their cybersecurity budgets to cope with their own tariff-induced financial pressures.”What’s happening is that people are looking at cybersecurity through the…
-
Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS
Cisco has disclosed a significant vulnerability in itsAnyConnect VPN Serverfor Meraki MX and Z Series devices, allowing authenticated attackers to triggerdenial-of-service (DoS)conditions. The flaw (CVE-2025-20212) stems from an uninitialized variable during SSL VPN session establishment and affects over 20 hardware models across enterprise networks. Vulnerability Overview Exploiting this bug requires valid VPN credentials. Attackers can…
-
Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws
Tags: access, ai, control, cybersecurity, exploit, firmware, flaw, Hardware, microsoft, mitigation, monitoring, risk, soc, supply-chain, tool, update, vulnerability, vulnerability-management, zero-dayAI-powered discovery changes the cybersecurity landscape: Microsoft’s Security Copilot tool significantly accelerated the vulnerability identification process, with a particular focus on filesystem implementations due to their high vulnerability potential.”Using Security Copilot, we were able to identify potential security issues in bootloader functionalities, focusing on filesystems due to their high vulnerability potential,” the blog stated. “This…
-
‘Inside the Mind of a Hacker” Report – Die Renaissance des Hardware-Hackings
First seen on security-insider.de Jump to article: www.security-insider.de/bug-bounty-programme-crowdsourced-security-ethische-hacker-a-ade140db3b24ce6c9637dc1e0462b78c/
-
Altgeräte bedrohen Sicherheit in Unternehmen
Tags: access, apache, authentication, botnet, bug, cisco, cloud, cve, cyberattack, dns, endpoint, firewall, Hardware, intelligence, Internet, ivanti, lazarus, linux, macOS, network, open-source, password, radius, ransomware, risk, router, sans, service, software, supply-chain, threat, update, vulnerabilitySchwachstellen in alten Netzwerkgeräten stellen ein erhebliches Sicherheitsrisiko für Unternehmen dar.Eine Analyse von Ciscos Threat-Intelligence-Team Talos zeigt, zwei der drei häufigsten Schwachstellen, auf die es Angreifer im Jahr 2024 abgesehen hatten, waren in alten Netzwerkgeräten zu finden. Das Problem ist, dass Hersteller dazu keine Patches mehr herausgeben.’Dies unterstreicht, wie wichtig es ist, veraltete Komponenten des…
-
CISA spots spawn of Spawn malware targeting Ivanti flaw
Resurge an apt name for malware targeting hardware maker that has security bug after security bug First seen on theregister.com Jump to article: www.theregister.com/2025/04/01/cisa_ivanti_warning/
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
Tags: android, detection, framework, Hardware, international, malware, marketplace, microsoft, ransomware, serviceSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Raspberry Robin: Copy…
-
Evolving Raspberry Robin IAB operations uncovered
Tags: HardwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/evolving-raspberry-robin-iab-operations-uncovered
-
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
Russian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users. First seen on therecord.media Jump to article: therecord.media/mamont-banking-malware-arrests-russia
-
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Raspberry Robin, also known as Roshtyak or Storm-0856, has evolved from a simple worm targeting copy shops to First seen on securityonline.info Jump to article: securityonline.info/raspberry-robin-from-copy-shop-worm-to-russian-gru-cyber-tool/
-
CoffeeLoader: A Brew of Stealthy Techniques
IntroductionZscaler ThreatLabz has identified a new sophisticated malware family that we named CoffeeLoader, which originated around September 2024. The purpose of the malware is to download and execute second-stage payloads while evading detection by endpoint-based security products. The malware uses numerous techniques to bypass security solutions, including a specialized packer that utilizes the GPU, call…
-
Public Accounts Committee calls out legacy IT
Unsupported and out-of-date software and hardware are hindering the government’s artificial intelligence plans for the public sector First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366621126/Public-Accounts-Committee-calls-out-legacy-IT
-
Raspberry Robin Unveils 200 Unique Domains Used by Threat Actors
In a significant development, cybersecurity firm Silent Push has identified nearly 200 unique command and control (C2) domains associated with the Raspberry Robin malware. This discovery sheds new light on the infrastructure used by this sophisticated threat actor group, which has evolved from a USB worm to a formidable initial access broker (IAB) for various…
-
Getting the Most Value Out of the OSCP: The PEN-200 Labs
Tags: access, ai, attack, compliance, container, cyber, cybersecurity, dns, docker, exploit, firewall, guide, hacking, Hardware, infrastructure, intelligence, jobs, kubernetes, microsoft, mitigation, network, open-source, oracle, penetration-testing, powershell, risk, security-incident, service, siem, skills, technology, tool, training, vmware, vulnerability, windowsHow to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been sponsored or incentivized in any way to recommend or oppose any…