firmware
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them […]
BIOS flaws expose iSeq DNA sequencers to bootkit attacks
BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. The Illumina iSeq 100 is advertised as a DNA sequencing system that medical and research labs can use to deliver “rapid and cost-effective genetic analysis.” Firmware security company Eclypsium analyzed […]
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. OpenWrt is a highly customizable, open-source, Linux-based operating system designed for embedded devices, particularly network devices like routers, access points, and other IoT hardware. The project is a popular alternative to a manufacturer’s […]
Flipper Zero releases Firmware 1.0 after three years of development
After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable hacking device. Flipper Zero is a programmable device for pentesters that has faced controversy after users posted videos online showcasing illegal activities. Because of this, the gadged has been banned or restricted in some […]
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. As the Binarly Research Team found, affected devices use a test Secure Boot “master key”—also known as Platform Key (PK)—generated by American Megatrends International […]
Netgear warns users to patch auth bypass, XSS router flaws
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn’t disclose any details regarding […]
New AMD firmware brings performance optimizations for Ryzen 9000 CPUs
Gigabyte’s AGESA 1.2.0.0a BIOS updates add performance optimizations for Ryzen 9000 processors. Gigabyte has begun updating its AM5 motherboards to AGESA firmware 1.2.0.0a, which supports AMD’s upcoming Ryzen 9000 series desktop CPUs. Discovered by HXL on X (Twitter), the new Gigabyte BIOS updates sporting AMD’s latest AGESA firmware provide new performance optimizations for the new Zen 5 series chips. […]