Security News

Vulnerabilities in firmware are a steadily growing percentage of the new issues added to the NIST National Vulnerability Database: five times as many attacks are happening as only four years ago. All that is why Microsoft is buying ReFirm Labs, home of the open-source Binwalk tool, whose Centrifuge firmware platform automates the process of running static analysis to discover what firmware vulnerabilities you're already exposed to.

Microsoft's aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer. According to Microsoft's David Weston, the ReFirm Labs technology will be offered as a feature in the Azure Defender for IoT product.

If you are nervous about removing system files by hand, the company has published a download page with an automatic driver remover with the remarkable name of Dell-Security-Advisory-Update-DSA-2021-088 7PR57 WIN 1.0.0 A00.EXE. Unfortunately, just removing the old driver is not enough on its own, because the old firmare update utility left behind on your computer may inadvertently reinstall the buggy driver, thus reintroducing the bug. If you can't yet do step 2, remember to repeat step 1 every time that you run the old firmware updater, in case the update process itself quietly reinstalls the old driver.

Attacks against firmware are snowballing, outstripping many organizations' cyber-defenses, according to a survey from Microsoft. The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years - but only 29 percent of security budgets goes to firmware security.

According to a new Security Signals report released Tuesday by Microsoft, a whopping 80 percent of businesses reported "At least one firmware attack" in the past two years but only 30 percent allocated any budget spend on firmware protection. Businesses aren't paying close enough attention to securing this critical layer, says David Weston, Microsoft partner director of OS security.

Ecessa announced it has added several advanced security features to its latest firmware release, version 12.0.0. These advanced features enhance Ecessa's next generation firewall capabilities integrated with each of its products and further secure the company's position in the Secure Access Service Edge marketplace.

Netgear has released a swathe of security and firmware updates for its JGS516PE Ethernet switch after researchers from NCC Group discovered 15 vulnerabilities in the device - including an unauthenticated remote code execution flaw. The switch is vulnerable to nine high-severity vulns and a further five medium-rated ones, said NCC Group IT security consultant Manuel Ginés Rodriquez in a damning blog post about his findings.

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware's ability to target firmware. In early December, security researchers at Advanced Intelligence and enterprise device security firm Eclypsium revealed that Trickbot not only survived a takedown attempt, but also gained the ability to scan UEFI/BIOS firmware for vulnerabilities that would allow making modifications.

TrickBot has been updated with functionality that allows it to scan the UEFI/BIOS firmware of the targeted system for vulnerabilities, security researchers have discovered. As Eclypsium points out, firmware-level malware has a strategic importance: attackers can make sure their code runs first and is difficult to detect, and can remain hidden for very long periods of time, until the system's firmware or hard drive are replaced.

TrickBot malware developers have created a new module that probes for UEFI vulnerabilities, demonstrating the actor's effort to take attacks at a level that would give them ultimate control over infected machines. TrickBoot acts as a reconnaissance tool at this stage, checking for vulnerabilities in the UEFI firmware of the infected machine.