Cisco Talos Discovers Router Vulnerabilities, Offers Patch
More focus on firmware as last week Cisco Talos discovered multiple vulnerabilities in the D-LINK DIR 3040 wireless router
Hewlett Packard Enterprise Launches Platform to Automatically Verify Hardware Integrity
HPE is addressing the firmware integrity challenge with its new Project Aurora, designed to deliver a cloud-native, zero-trust security to HPE’s edge-to-cloud architecture. Project Aurora will embed within the HPE GreenLake cloud platform building blocks to automatically and continuously verify the integrity of the hardware, firmware, operating systems, platforms, and workloads, including security workloads.
Hardware is the Biggest Cybersecurity Threat, says Florida Institute of Cybersecurity
While malicious software is getting all the attention, its firmware and hardware that are the real problem, according to the University of Florida. Trends are showing that semi-conductor chip overseas manufacturing is contributing to this situation.
Dell SupportAssist Flaw Allows Hackers to Reflash BIOS
30 million computers were effected by four vulnerabilities in Dell’s SupportAssist remote firmware update utility. This error could let malicious people run arbitrary code in no fewer than 129 different PC and laptops models – while impersonating Dell to remotely upload a tampered BIOS.
US Government CISA Publishes Guidelines for Maintaining Critical Infrastructure
NIST, along with CISA, the NSA and other critical groups gathered to define and set guidelines to help organizations deter, protect against, detect, and respond to malicious cyber actions and actors. This article outlines the type of software and products that need protection, of which firmware is included.
New Highly Severe BIOSConnect Bug Found to Impact 128 Dell PC and Tablet Models
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.
Dell Releases Platform Security Update for BIOS Vulnerabilities
Dell releases names of 129 security vulnerabilities affecting BIOSConnect and HTTPS Boot features along with remediations. Dell recommends all customers update to the latest Dell Client BIOS version at the earliest opportunity. For those that cannot apply BIOS updates immediately, Dell has also provided an interim mitigation to disable the BIOSConnect and HTTPS Boot features.
Microsoft + ReFirm Labs Brings Firmware Discovery to Azure Defender
The industry-wide growing problem of a lack of usable scanning tools to see firmware vulnerabilities is what drove Microsoft to purchase ReFirm Labs earlier in June. Now the company is announcing how the plan to use ReFirm’s Binwalk tool to deliver Azure IoT Defender users ways to automate discovery and analysis of firmware vulnerabilities their organization has been exposed to.
Attackers using old SonicWall SRA Devices to Penetrate Networks
Crowdstrike has found that a group of ramsomware attackers are using a flaw found in old SonicWall SRA devices to leverage zero-day vulnerabilities and gain persistent system access. SonicWall ended support on its Secure Remote Access (SRA) 4600 devices running firmware versions 8.x and 9.x in 2019 and is urging users to step up their security and check their logs for indicators of compromise.