Security news aggregator

Latest coverage for Firmware

Stay updated on firmware security: Explore the latest threats, updates, and protection strategies for safeguarding critical system software.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Firmware is software stored in a device’s nonvolatile memory that initializes and controls hardware, often before an operating system or application runs. It may reside in computers, network equipment, phones, industrial controllers, storage devices, and embedded components. Firmware can be updated, so it is not necessarily permanent or read-only.

Firmware matters to security because vulnerabilities or unauthorized changes can affect a device beneath the operating system and may persist across software reinstallation. Important controls include authenticated, cryptographically signed updates; secure boot, which verifies code before execution; protection against unauthorized flashing and downgrade attacks; and a reliable recovery mechanism. Practitioners also need firmware inventories, vulnerability tracking, and a supported update process, since obscure components can remain unpatched or use insecure update mechanisms. During an investigation, verifying firmware integrity and the device’s boot chain can help distinguish an operating-system compromise from a deeper modification.

Showing 2 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

Embedded PLC Web Servers a Vector to New Class of OT Malware

Web PLC Malware Holds Potential for Catastrophic IncidentsFusty and fussy operational technology devices are probably the farthest things away from a web server. Except - not anymore. But web servers embedded into industrial firmware are also a potential bonanza for hackers, say researchers from the Georgia Institute of Technology.