Security News
As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company Binarly, with a majority of the anomalies diagnosed in the System Management Mode.
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group. Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "Most advanced UEFI firmware implant discovered in the wild to date," adding "The purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet."
Kaspersky researchers have uncovered the third known case of a firmware bootkit in the wild. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement in comparison to formerly reported UEFI firmware bootkits.
The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by SSD makers these days for performance optimization on NAND flash-based storage systems. One attack modeled by researchers at Korea University in Seoul targets an invalid data area with non-erased information that sits between the usable SSD space and the over-provisioning area, and whose size depends on the two.
Help Net Security: XDR Report has been releasedThe topic of this inaugural report is extended detection and response, an emerging technology that has been receiving a lot of buzz in the last few years. Apache OpenOffice users should upgrade to newest security release!The Apache Software Foundation has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.
With IT security and visibility efforts still largely focused higher in the stack at the application layer, bad actors are seeking to breach systems further down the stack at the firmware level. Once inside the firmware, hackers can disable remote firmware updates, making it impossible to fix remotely and thus requiring the service of a technician with physical access to the hardware/firmware, often requiring a complete shutdown and an on-site visit that can be quite costly for large-scale deployments.
Aviotec's new firmware version 7.81 comprises AI algorithms which can now detect fire and smoke in changing weather and light conditions. The AI algorithms have been developed further to ensure reliability for sheltered outdoor areas.
IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries.
Network appliance vendor SonicWall has issued an urgent security notice to warn of imminent data-encrypting ransomware attacks targeting known - and already patched - firmware vulnerabilities. The San Jose, Calif.-based SonicWall said its own threat-intelligence indicates that ransomware actors are "Actively targeting" security defects in its Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware.
Security researchers at Microsoft are flagging multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise. The three vulnerabilities, rated critical by NETGEAR, affect the firmware on NETGEAR DGN-2200v1 series routers.