Hackers revealed this week how a popular wi-fi router has been shipping for years packed with a multitude of unwanted security surprises. Researchers tore apart the TP-Link AC1200 Archer C50 (v6)a, a highly rated Amazon seller, to find a flurry of vulnerabilities including doors that would allow for DDOS attacks and network access, credential leakage and user data access.
Resarchers from Singapore-based Star Labs used angr, a binary analysis framework on Python to identify 20+ command injection vulnerabilities on multiple router firmware.
A flaw in software made by BlackBerry has left 200m cars, along with critical hospital and factory equipment, vulnerable. Affected products include QNX Neutrino RTOS for Medical Devices 1.0/1.1 & QNX OS for Automotive Safety 1.0.
Multiple router and modem manufacturers are under attack from DDOS botnet operators that are looking to take advantage of vulnerabilities found inside Arcadyan firmware.
CISA and the FBI are urging critical infrastructure operators to be highly aware and take greater precautions regarding cybersecurity after Colonial ransomeware attack showed the world how dangerous a security breach could be. Read the new cybersecurity directive.
Chained firmware vulnerabilities gave attackers access to perform remote code execution on Aruba Networks routers. According to security researchers, attackers conducted a series of malicious activities including remote code execution (RCE).
Itai Greenhut and Gal Zror from Aleph Security found a total of eight vulnerabilities in Aruba Instant, the software that allows administrators to configure the settings of Aruba routers.
End of life systems were targeted in this ransomware campaign reported by SonicWall as an urgent security alert this week. The vulnerability is fixed in recent versions of its firmware but impacts anyone using a legacy SRP appliance that is EOL.
More focus on firmware as last week Cisco Talos discovered multiple vulnerabilities in the D-LINK DIR 3040 wireless router
HPE is addressing the firmware integrity challenge with its new Project Aurora, designed to deliver a cloud-native, zero-trust security to HPE’s edge-to-cloud architecture. Project Aurora will embed within the HPE GreenLake cloud platform building blocks to automatically and continuously verify the integrity of the hardware, firmware, operating systems, platforms, and workloads, including security workloads.