Security news aggregator

Latest coverage for Firmware

Stay updated on firmware security: Explore the latest threats, updates, and protection strategies for safeguarding critical system software.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Firmware is software stored in a device’s nonvolatile memory that initializes and controls hardware, often before an operating system or application runs. It may reside in computers, network equipment, phones, industrial controllers, storage devices, and embedded components. Firmware can be updated, so it is not necessarily permanent or read-only.

Firmware matters to security because vulnerabilities or unauthorized changes can affect a device beneath the operating system and may persist across software reinstallation. Important controls include authenticated, cryptographically signed updates; secure boot, which verifies code before execution; protection against unauthorized flashing and downgrade attacks; and a reliable recovery mechanism. Practitioners also need firmware inventories, vulnerability tracking, and a supported update process, since obscure components can remain unpatched or use insecure update mechanisms. During an investigation, verifying firmware integrity and the device’s boot chain can help distinguish an operating-system compromise from a deeper modification.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 27 Filtered view

State disputes the company's claim that its routers are made in Vietnam TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.…

Still exotic for now, but moves are afoot Arm devices are everywhere today and many of them run Linux. The operating system also powers cloud computing and IT environments all over the world. However, x86 is still the dominant architecture of global computer hardware, where the Unified Extensible Firmware Interface (UEFI) with Secure Boot incorporated is a standard. But what does UEFI look like from an Arm perspective?…

Although it hasn't been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.…

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers – in the form of a warning that Russia may try again, so owners of the devices should take precautions.…

The threat is coming from inside the supply chain Black Hat Asia Threat groups have infected millions of Androids worldwide with malicious firmware before the devices have even been shipped from their manufacturers, according to Trend Micro researchers at Black Hat Asia.…

Old architectures just don't stack up Opinion Most data theft does clear harm to the victim, and often to its customers. But while embarrassing, the cyberattack against MSI in which source code was said to be stolen is harder to diagnose. It looks like a valuable company asset that's cost a lot to develop. That its theft may be no loss is a weird idea. But then, firmware is weirder than we give it credit for. It's even hard to say exactly what it is.…

Loading more headlines...