Latest Firmware news

Phoenix UEFI vulnerability impacts hundreds of Intel PC models

A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw.
- Lawrence Abrams
- June 20, 2024
- 05:31 PM
- 0
US and Japan warn of Chinese hackers backdooring Cisco routers

A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
- Bill Toulas
- September 27, 2023
- 11:51 AM
- 0
Microsoft previews Defender for IoT firmware analysis service

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses.
- Sergiu Gatlan
- July 26, 2023
- 05:48 PM
- 0
Critical AMI MegaRAC bugs can let hackers brick vulnerable servers

Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International.
- Sergiu Gatlan
- July 20, 2023
- 12:30 PM
- 0
Zyxel warns of critical command injection flaw in NAS devices

Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.
- Bill Toulas
- June 20, 2023
- 10:26 AM
- 0
Western Digital boots outdated NAS devices off of My Cloud

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202.
- Bill Toulas
- June 16, 2023
- 12:03 PM
- 0
GIGABYTE releases new firmware to fix recently disclosed security flaws

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware.
- Lawrence Abrams
- June 05, 2023
- 11:09 AM
- 5
Cybercrime gang pre-infects millions of Android devices with malware

A cybercriminal tracked as the "Lemon Group" has been infecting millions of Android-based smartphones, watches, TVs, and TV boxes, with a malware strain named 'Guerilla.'
- Bill Toulas
- May 18, 2023
- 05:40 PM
- 4
Kingston's SSD firmware has Coldplay lyrics hidden within it

What has firmware got to do with pop rock, you ask? That's the question that crossed a security researcher's mind as he analyzed Kingston's firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it.
- Ax Sharma
- May 10, 2023
- 10:13 AM
- 2
New TPM 2.0 flaws could let hackers steal cryptographic keys

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.
- Bill Toulas
- March 04, 2023
- 10:11 AM
- 2
Google will boost Android security through firmware hardening

Google has presented a plan to strengthen the firmware security on secondary Android SoCs (systems on a chip) by introducing mechanisms like control flow integrity, memory safety systems, and compiler-based sanitizers.
- Bill Toulas
- February 21, 2023
- 12:30 PM
- 1
QNAP fixes critical bug letting hackers inject malicious code

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices.
- Bill Toulas
- January 30, 2023
- 12:25 PM
- 0
MSI breaks Secure Boot for hundreds of motherboards

Over 290 MSI motherboards are reportedly affected by an insecure default UEFI Secure Boot setting settings that allows any operating system image to run regardless of whether it has a wrong or missing signature.
- Bill Toulas
- January 16, 2023
- 05:02 PM
- 8
Corsair keyboard bug makes it type on its own, no malware involved

Corsair has confirmed that a bug in the firmware of K100 keyboards, and not malware, is behind previously entered text being auto-typed into applications days later.
- Bill Toulas
- December 21, 2022
- 04:47 PM
- 6
Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.
- Bill Toulas
- December 05, 2022
- 10:07 AM
- 0
Acer fixes UEFI bugs that can be used to disable Secure Boot

Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems.
- Sergiu Gatlan
- November 28, 2022
- 06:31 PM
- 1
Lenovo fixes flaws that can be used to disable UEFI Secure Boot

Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.
- Bill Toulas
- November 09, 2022
- 11:03 AM
- 0
Intel confirms leaked Alder Lake BIOS Source Code is authentic

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic and has been released by a third party.
- Lawrence Abrams
- October 09, 2022
- 08:53 PM
- 1
Firmware bugs in many HP computer models left unfixed for over a year

A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched, although some of them were publicly disclosed since July 2021.
- Bill Toulas
- September 11, 2022
- 11:13 AM
- 3
Zyxel releases new NAS firmware to fix critical RCE vulnerability

Zyxel Corporation, the Taiwanese networking and data storage device maker, has issued a security advisory to warn clients of a critical remote code execution (RCE) vulnerability impacting three models of its NAS products.
- Bill Toulas
- September 06, 2022
- 01:30 PM
- 0