Firmware has become an increasingly prevalent target for hackers. Here’s how to stop them.
Smart hackers always want to take the least cumbersome route. Historically, that meant targeting vulnerabilities in software, and in the early 2000s, the software industry began focusing on security-conscious designs to reduce the attack surface of their products. Software security
Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants. The software that acts as the interface between a computer and its various hardware components can be turned into an espionage-focused implant because the companies that make the components
Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise. Microsoft is teaming up with Windows device manufacturers to tighten firmware security in a new initiative called Secure-Core PCs, which are built to defend against firmware-level attacks. Its announcement arrives as attackers
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security. Adversaries recently have noticed that firmware and hardware constitute a serious blind spot for most organizations. While firmware may have once been the domain of nation-state attackers, it’s now easier than ever for criminals to develop firmware-based attacks that bypass security and
As new Internet of Things products enter the market, speed shouldn’t trump concerns about security. Microsoft made news recently at the annual Black Hat conference in Las Vegas, generating a lot of buzz about its discovery of a malicious Russian hacker group using common Internet of Things (IoT) devices to carry out widespread attacks on
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk. A recently announced pair of vulnerabilities in the firmware for baseboard management controllers (BMCs) used by at least eight different manufacturers’ servers is the latest incident to show a supply chain vulnerability that can have an impact on enterprise computing.
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found. Thousands of users of Lenovo network-attached storage devices are at risk of data compromise via a firmware-level vulnerability. The flaw, which is present in certain models of the NAS products, allows unauthenticated users to view and access data stored
The new Intel SGX Card is intended to extend application memory security using Intel SGX in existing data center infrastructure. Intel today announced new security tools and updates ahead of next week’s RSA Conference (RSAC). The Intel SGX Card and hardware-based firmware analyzer (HBFA) are intended to provide greater security within data centers and identify