Tag: Hardware

Warning to feds: US infrastructure is under silent attack

Jul 23, 2025 9:12 PM

Tags: attack, awareness, breach, business, ceo, cisa, control, cyber, cybersecurity, data, defense, exploit, government, Hardware, infrastructure, intelligence, risk, technology, theft, threat, vulnerability

IT and OT are fundamentally different: Robert M. Lee, CEO and co-founder of cybersecurity company Dragos, Inc., also spoke at the hearing, pointing out that enterprises and regulators must “recognize and account for” the differences between information technology (IT) and OT systems.”IT and OT systems differ fundamentally in both purpose and operation,” he said. “While…
PoisonSeed outsmarts FIDO keys without touching them

Jul 21, 2025 2:41 PM

Tags: attack, authentication, ceo, cryptography, exploit, fido, Hardware, login, phishing, vulnerability

FIDO isn’t broken, just outsmarted: Expel researchers called the campaign a concerning development, given that FIDO keys are often regarded as one of the pinnacles of secure MFA. “While we haven’t uncovered a vulnerability in FIDO keys, IT and SecOps folks will want to sit up and take notice,” they said. “This attack demonstrates how…
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes

Jul 21, 2025 8:40 AM

Tags: attack, authentication, cyber, exploit, fido, group, Hardware, malicious, mfa, qr, threat

A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed to the PoisonSeed threat group, which demonstrates how attackers can circumvent hardware-based authentication protections through…
UK’s CHERI Alliance Expands to Global Hardware Supply Chain

Jul 11, 2025 10:40 PM

Tags: cybersecurity, government, Hardware, supply-chain, vulnerability

Program Director Mike Eftimakis on How to Fix 70% of Memory Safety Issues. A U.K. government-backed, hardware-based security initiative is tackling one of the biggest cybersecurity challenges – memory safety – and hopes to address about 70% of existing vulnerabilities, said Mike Eftimakis, founding director of Capability Hardware Enhanced RISC Instructions Alliance. First seen on…
IBM Power11 debuts with uptime, security, and energy efficiency upgrades

Jul 8, 2025 5:34 PM

Tags: Hardware, ibm

IBM unveiled Power11 today, a new generation of Power servers built to improve performance across processing, hardware, and virtualization. It’s designed to run reliably both … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/08/ibm-power11-released/
Why every company needs a travel security program

Jul 2, 2025 11:34 AM

Tags: access, advisory, awareness, business, china, conference, corporate, credentials, cyber, encryption, government, Hardware, infrastructure, intelligence, international, iran, mfa, middle-east, network, password, resilience, risk, risk-assessment, russia, service, social-engineering, strategy, threat, ukraine, vpn

Geopolitical flashpoints are multiplying: The war in Ukraine continues to destabilize Europe’s eastern edge. In the Middle East, recent US airstrikes on Iranian nuclear facilities have escalated tensions involving Iran, Israel, and the United States, triggering a worldwide caution advisory and rerouting international air traffic. Demonstrations targeting Western business interests are growing in scale and…
Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC

Jul 2, 2025 7:34 AM

Tags: data, Hardware

The Apricorn Aegis Secure Key 3NXC is a 256-bit AES XTS hardware-encrypted flash drive with a USB-C connector. It is available in storage capacities ranging from 4GB to 512GB … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/02/product-showcase-apricorn-aegis-secure-key-3nxc/
Ghost in the Machine: A Spy’s Digital Lifeline

Jul 1, 2025 5:34 PM

Tags: access, ai, attack, authentication, best-practice, cloud, communications, control, country, crypto, cyber, data, encryption, endpoint, framework, government, Hardware, identity, infrastructure, intelligence, jobs, law, linux, mfa, military, network, resilience, risk, software, spy, strategy, technology, threat, tool, vpn, windows, zero-trust
Linux 6.16-rc4 Launches Out With Filesystem, Driver, and Hardware Fixes

Jul 1, 2025 1:34 PM

Tags: cyber, Hardware, linux

Linus Torvalds has officially announced the release ofLinux 6.16-rc4, marking the halfway point in the development cycle for the upcoming 6.16 kernel. Despite a notably large merge window, Torvalds described the release candidate process as “fairly calm,” signaling a smooth path toward the anticipated stable release in late July or early August. Balanced Focus Across…
Critical D-Link Router Flaws Allow Remote Code Execution by Attackers

Jun 30, 2025 1:33 PM

Tags: cyber, firmware, flaw, Hardware, network, remote-code-execution, risk, router, service, vulnerability

A series of critical security vulnerabilities have been identified in D-Link DIR-816 routers, exposing users worldwide to the risk of remote code execution and network compromise. The flaws affect all hardware revisions and firmware versions of the DIR-816 (non-US), which has reached its End of Life (EOL) and End of Service Life (EOS), meaning no…
CISA warns of flaws in Mitsubishi Electronics ICS hardware

Jun 28, 2025 10:34 PM

Tags: cisa, flaw, Hardware

First seen on scworld.com Jump to article: www.scworld.com/news/cisa-warns-of-flaws-in-mitsubishi-electronics-ics-hardware
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Jun 27, 2025 2:36 PM

Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-management

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
Frequently Asked Questions About Iranian Cyber Operations

Jun 27, 2025 2:36 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windows

Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC

Jun 27, 2025 5:36 AM

Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, waf

root user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
Delinea, Utimaco Target Key Management Risks, Bring Hardware-Backed PAM to MSSPs

Jun 26, 2025 10:36 PM

Tags: Hardware, mssp, risk

First seen on scworld.com Jump to article: www.scworld.com/news/delinea-utimaco-target-key-management-risks-bring-hardware-backed-pam-to-mssps
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages

Jun 23, 2025 8:35 AM

Tags: cyber, encryption, flaw, Hardware, open-source, risk, vulnerability

A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks. This flaw stems from duplicated encryption keys and insufficient randomness during key generation. The issue affects multiple hardware platforms and poses significant risks to users relying on Meshtastic for secure off-grid communication…
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
Foreign aircraft, domestic risks

Jun 19, 2025 5:36 PM

Tags: access, attack, authentication, best-practice, blueteam, breach, computer, control, cyber, cybersecurity, data, defense, detection, encryption, firmware, framework, government, Hardware, injection, leak, malicious, malware, monitoring, network, nist, phone, risk, software, supply-chain, technology, threat, update, vulnerability

Condensed threat matrix Legacy protocols create new attack surfaces : One of the banes of the OT world is the reliance on legacy technology that cannot easily be patched or upgraded without causing major disruptions. Similarly, the Boeing 747-8 employs a hybrid bus architecture. While it integrates modern flight management technologies like the Thales TopFlight Flight…
Securing the Future Together: Why Thales and HPE are the Partners You Can Trust

Jun 17, 2025 2:54 PM

Tags: access, ai, application-security, banking, business, cloud, compliance, computing, control, cryptography, cyber, cyberattack, data, dora, encryption, GDPR, government, Hardware, healthcare, infrastructure, network, nis-2, PCI, resilience, risk, service, software, strategy, threat

Securing the Future Together: Why Thales and HPE are the Partners You Can Trust madhav Tue, 06/17/2025 – 05:15 Across every industry, data drives decisions, innovation, and growth. As organizations modernize with hybrid cloud and AI, the risks to that data scale are just as fast. From sophisticated cyberattacks to increasingly stringent compliance demands, the…
New quantum system offers publicly verifiable randomness for secure communications

Jun 16, 2025 3:54 PM

Tags: blockchain, communications, crypto, cyber, cybersecurity, docker, email, finance, government, Hardware, infrastructure, open-source, software, technology, threat, tool

Nature and detailed in an accompanying arXiv preprint, CURBy leverages the phenomenon of quantum entanglement, where particles maintain interconnected states regardless of distance, to create fundamentally unpredictable outputs.”From a security perspective, this approach offers something valuable the ability to independently verify that random numbers haven’t been compromised,” noted Narayan Gokhale, vice president at QKS Group.…
KIA Ecuador Keyless Entry Systems Vulnerability Faces Major Theft Threat

Jun 16, 2025 8:54 AM

Tags: cyber, flaw, Hardware, risk, technology, theft, threat, vulnerability

A critical security flaw has been uncovered in the keyless entry systems (KES) widely used in KIA vehicles across Ecuador, exposing thousands of cars to a heightened risk of theft. The vulnerability, identified by independent hardware security researcher Danilo Erazo, centers on the use of outdated “learning code” technology in aftermarket key fobs homologated and…
LinuxFest Northwest: Clonezilla Live On RISC-V Crafting Open Source Live Systems For Open Hardware

Jun 15, 2025 5:54 PM

Tags: cisa, conference, Hardware, open-source, penetration-testing

Authors/Presenters: Steven Shiau (Clonezilla Project Leader); Yu-Chin Tsai (Clonezilla NCHC Partclone); Chen-Kai Sun (Clonezilla Project / Engineer In NCHC) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham…
Cybersecurity Snapshot: NIST Offers Zero Trust Implementation Advice, While OpenAI Shares ChatGPT Misuse Incidents

Jun 13, 2025 7:54 PM

Tags: access, ai, attack, best-practice, breach, chatgpt, china, cloud, computer, computing, control, credentials, crime, cyber, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, encryption, endpoint, exploit, finance, fraud, government, guide, Hardware, identity, infrastructure, intelligence, Internet, iot, korea, law, least-privilege, linkedin, malicious, malware, military, ml, mobile, monitoring, network, nist, north-korea, openai, phishing, phone, programming, ransomware, risk, russia, scam, service, social-engineering, software, supply-chain, technology, theft, threat, tool, update, vulnerability, zero-trust

Check out NIST best practices for adopting a zero trust architecture. Plus, learn how OpenAI disrupted various attempts to abuse ChatGPT. In addition, find out what Tenable webinar attendees said about their exposure management experiences. And get the latest on cyber crime trends, a new cybersecurity executive order and more! Dive into six things that…
Is attacker laziness enabled by genAI shortcuts making them easier to catch?

Jun 11, 2025 5:55 AM

Tags: ai, attack, chatgpt, ciso, control, cyberattack, data, defense, detection, email, fraud, gartner, group, Hardware, infrastructure, jobs, korea, malicious, malware, monitoring, north-korea, open-source, openai, risk, russia, software, strategy, tactics, threat, tool, windows

Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
SentinelOne Sees No Breach After Hardware Supplier Hacked

Jun 9, 2025 8:54 PM

Tags: apt, attack, backdoor, breach, china, corporate, cybersecurity, Hardware, malware

Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups. Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn’t appear to have resulted in any infiltration of its own, corporate network. First seen…
SentinelOne shares new details on China-linked breach attempt

Jun 9, 2025 8:54 PM

Tags: attack, breach, china, cybersecurity, hacker, Hardware, service, supply-chain

SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/
Unmasking the silent saboteur you didn’t know was running the show

Jun 9, 2025 1:54 PM

Tags: 5G, access, ai, api, attack, authentication, backup, blockchain, breach, ciso, cloud, compliance, control, cybersecurity, data, defense, endpoint, firewall, firmware, GDPR, governance, Hardware, incident response, iot, ISO-27001, login, malicious, network, nis-2, PCI, service, siem, supply-chain, threat, zero-trust

Cybersecurity depends on accurate clocks : Your logs are only as valuable as your clocks are accurate. If your servers are out of sync, forget to reconstruct timelines. You’ll spend hours chasing phantom alerts. Event correlation and forensics Your SIEM is only as good as the timestamps it gets. Correlating events across endpoints, firewalls and cloud…
AI can spew code, but kids should still suffer like we did, says Raspberry Pi

Jun 7, 2025 2:55 PM

Tags: ai, computer, Hardware

Mini computer house comes out against ‘vibe coding’ fad First seen on theregister.com Jump to article: www.theregister.com/2025/06/05/vibe_coding_raspberry_pi/
Cybersecurity Needs Satellite Navigation, Not Paper Maps

Jun 5, 2025 7:55 PM

Tags: access, ai, attack, automation, best-practice, breach, business, ceo, cloud, communications, computer, computing, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, deep-fake, defense, encryption, endpoint, exploit, finance, firewall, framework, government, Hardware, healthcare, infrastructure, intelligence, Internet, leak, least-privilege, malicious, military, network, phishing, privacy, resilience, risk, saas, service, social-engineering, software, strategy, technology, threat, tool, vpn, vulnerability, zero-trust
#Infosec2025: Threat Actors Weaponizing Hardware Devices to Exploit Fortified Environments

Jun 5, 2025 4:55 PM

Tags: cybercrime, exploit, group, Hardware, threat

Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-weaponizing-hardware/