Security News
Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [...]
GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. The firmware updates were released last Thursday in response to a report by hardware security company Eclypsium, who found flaws in a legitimate GIGABYTE feature used to install a software auto-update application in Windows.
Cybersecurity researchers have found "Backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. "Most Gigabyte firmware includes a Windows Native Binary executable embedded inside of the UEFI firmware," John Loucaides, senior vice president of strategy at Eclypsium, told The Hacker News.
HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. While HP has yet to issue a public statement regarding these ongoing problems affecting a subset of its customer base, the company told BleepingComputer that it's addressing the blue screen errors seen by a "Limited number" of users.
A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. The malicious firmware was exclusively created for TP-Link routers.
The backdoor malware is deployed in a custom and malicious firmware designed specifically for TP-Link routers so that the hackers can launch attacks appearing to originate from residential networks. While Check Point has not determined how the attackers infect TP-Link routers with the malicious firmware image, they said it could be by exploiting a vulnerability or brute-forcing the administrator's credentials.
What has firmware got to do with pop rock, you ask? That's the question that crossed a security researcher's mind as he analyzed Kingston's firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it. The researcher, surprised by this finding, reached out to BleepingComputer disclosing the details of the firmware version-and the Coldplay song.
What has firmware got to do with pop rock, you ask? That's the question that crossed a security researcher's mind as he analyzed Kingston's firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it. The researcher, surprised by this finding, reached out to BleepingComputer disclosing the details of the firmware version-and the Coldplay song.
The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company's private code signing keys on their dark web site. MSI is a corporation that develops and sells computers and computer hardware.
Orqa, a maker of First Person View drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them. On early Saturday, Orqa started receiving reports from customers surprised to see their FPV.One V1 goggles enter bootloader mode and become unusable.