CISA and the FBI are urging critical infrastructure operators to be highly aware and take greater precautions regarding cybersecurity after Colonial ransomeware attack showed the world how dangerous a security breach could be. Read the new cybersecurity directive.
Chained firmware vulnerabilities gave attackers access to perform remote code execution on Aruba Networks routers. According to security researchers, attackers conducted a series of malicious activities including remote code execution (RCE).
Itai Greenhut and Gal Zror from Aleph Security found a total of eight vulnerabilities in Aruba Instant, the software that allows administrators to configure the settings of Aruba routers.
End of life systems were targeted in this ransomware campaign reported by SonicWall as an urgent security alert this week. The vulnerability is fixed in recent versions of its firmware but impacts anyone using a legacy SRP appliance that is EOL.
More focus on firmware as last week Cisco Talos discovered multiple vulnerabilities in the D-LINK DIR 3040 wireless router
HPE is addressing the firmware integrity challenge with its new Project Aurora, designed to deliver a cloud-native, zero-trust security to HPE’s edge-to-cloud architecture. Project Aurora will embed within the HPE GreenLake cloud platform building blocks to automatically and continuously verify the integrity of the hardware, firmware, operating systems, platforms, and workloads, including security workloads.
While malicious software is getting all the attention, its firmware and hardware that are the real problem, according to the University of Florida. Trends are showing that semi-conductor chip overseas manufacturing is contributing to this situation.
30 million computers were effected by four vulnerabilities in Dell’s SupportAssist remote firmware update utility. This error could let malicious people run arbitrary code in no fewer than 129 different PC and laptops models – while impersonating Dell to remotely upload a tampered BIOS.
NIST, along with CISA, the NSA and other critical groups gathered to define and set guidelines to help organizations deter, protect against, detect, and respond to malicious cyber actions and actors. This article outlines the type of software and products that need protection, of which firmware is included.
Dell releases names of 129 security vulnerabilities affecting BIOSConnect and HTTPS Boot features along with remediations. Dell recommends all customers update to the latest Dell Client BIOS version at the earliest opportunity. For those that cannot apply BIOS updates immediately, Dell has also provided an interim mitigation to disable the BIOSConnect and HTTPS Boot features.