#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

firmware hacking | Breaking Cybersecurity News | The Hacker News

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions
Nov 25, 2022
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the  OpenSSL  cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka  EDK , is an open source implementation of the Unified Extensible Firmware Interface ( UEFI ), which functions as an interface between the operating system and the firmware embedded in the device's hardware. The firmware development environment, which is in its second iteration (EDK II), comes with its own cryptographic package called  CryptoPkg  that, in turn, makes use of services from the OpenSSL project. Per firmware security company Binarly, the firmware image associated with Lenovo Thinkpad enterprise devices was found to use three different versions of OpenSSL: 0.9.8zb, 1.0.0a, and 1.0.2j, the last of which was released in 2018. What's more, one of the firmware modules named InfineonTpmUpdateDxe relied on OpenSSL version 0.9.8zb that was shipped on Au

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks
Jan 21, 2022
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group ( APT41 ). Kaspersky, which codenamed the rootkit  MoonBounce ,  characterized  the malware as the "most advanced  UEFI  firmware implant discovered in the wild to date," adding "the purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet." Firmware-based rootkits, once a rarity in the threat landscape, are fast becoming lucrative tools among sophisticated actors to help achieve long standing foothold in a manner that's not only hard to detect, but also difficult to remove. The first firmware-level rootkit — dubbed  LoJax  — was discovered in the wild in 2018. Since then, three different instances of UEFI malware have been unearthed so far, including  MosaicRegresso

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

New Bluetooth Hack Affects Millions of Devices from Major Vendors

New Bluetooth Hack Affects Millions of Devices from Major Vendors
Jul 24, 2018
Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown. The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware. How the Bluetooth Hack Works? Researchers from the Israel Institute of Technology discovered that the Bluetooth specification recommends, but does not mandate

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

Thunderstrike 2: World's First Firmware Worm That Infects Mac Computers Without Detection

Thunderstrike 2: World's First Firmware Worm That Infects Mac Computers Without Detection
Aug 05, 2015
If you think Apple's Mac computers are much more secure than Windows-powered systems, you need to think again. This isn't true, and security researchers have finally proved it. Two security researchers have developed a proof-of-concept computer worm for the first time that can spread automatically between MacBooks, without any need for them to be networked. Dubbed Thunderstrike 2 , the new proof-of-concept firmware attack is inspired by previously developed proof-of-concept firmware called Thunderstrike. Thunderstrike Attack , developed by security engineer Trammell Hudson, actually took advantage of a vulnerability in Thunderbolt Option ROM that could be used to infect Apple Extensible Firmware Interface (EFI) by allocating a malicious code into the boot ROM of an Apple computer through infected Thunderbolt devices. Thunderstrike 2 Spreads Remotely Although the original Thunderstrike required an attacker to have physical access to your Mac computer to work, t
Cybersecurity Resources