Security News

Strengthening firmware security with hardware RoT
2021-10-11 05:30

With IT security and visibility efforts still largely focused higher in the stack at the application layer, bad actors are seeking to breach systems further down the stack at the firmware level. Once inside the firmware, hackers can disable remote firmware updates, making it impossible to fix remotely and thus requiring the service of a technician with physical access to the hardware/firmware, often requiring a complete shutdown and an on-site visit that can be quite costly for large-scale deployments.

Aviotec adds AI algorithms to its firmware to ensure reliability for sheltered outdoor areas
2021-08-19 00:30

Aviotec's new firmware version 7.81 comprises AI algorithms which can now detect fire and smoke in changing weather and light conditions. The AI algorithms have been developed further to ensure reliability for sheltered outdoor areas.

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors
2021-07-29 08:31

IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries.

SonicWall Warns of Imminent Ransomware Attacks Targeting Firmware Flaw
2021-07-14 20:45

Network appliance vendor SonicWall has issued an urgent security notice to warn of imminent data-encrypting ransomware attacks targeting known - and already patched - firmware vulnerabilities. The San Jose, Calif.-based SonicWall said its own threat-intelligence indicates that ransomware actors are "Actively targeting" security defects in its Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware.

Critical, Exploitable Flaws in NETGEAR Router Firmware
2021-07-01 14:49

Security researchers at Microsoft are flagging multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise. The three vulnerabilities, rated critical by NETGEAR, affect the firmware on NETGEAR DGN-2200v1 series routers.

Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices
2021-06-18 10:12

Vulnerabilities in firmware are a steadily growing percentage of the new issues added to the NIST National Vulnerability Database: five times as many attacks are happening as only four years ago. All that is why Microsoft is buying ReFirm Labs, home of the open-source Binwalk tool, whose Centrifuge firmware platform automates the process of running static analysis to discover what firmware vulnerabilities you're already exposed to.

Microsoft Buys ReFirm Labs to Expand IoT Firmware Security Push
2021-06-02 18:21

Microsoft's aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer. According to Microsoft's David Weston, the ReFirm Labs technology will be offered as a feature in the Azure Defender for IoT product.

Dell fixes exploitable holes in its own firmware update driver – patch now!
2021-05-05 18:18

If you are nervous about removing system files by hand, the company has published a download page with an automatic driver remover with the remarkable name of Dell-Security-Advisory-Update-DSA-2021-088 7PR57 WIN 1.0.0 A00.EXE. Unfortunately, just removing the old driver is not enough on its own, because the old firmare update utility left behind on your computer may inadvertently reinstall the buggy driver, thus reintroducing the bug. If you can't yet do step 2, remember to repeat step 1 every time that you run the old firmware updater, in case the update process itself quietly reinstalls the old driver.

80% of Global Enterprises Report Firmware Cyberattacks
2021-04-01 20:58

Attacks against firmware are snowballing, outstripping many organizations' cyber-defenses, according to a survey from Microsoft. The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years - but only 29 percent of security budgets goes to firmware security.

Microsoft: Firmware Attacks Outpacing Security Investments
2021-03-30 14:59

According to a new Security Signals report released Tuesday by Microsoft, a whopping 80 percent of businesses reported "At least one firmware attack" in the past two years but only 30 percent allocated any budget spend on firmware protection. Businesses aren't paying close enough attention to securing this critical layer, says David Weston, Microsoft partner director of OS security.