Tag

Firmware Security Vulnerability

All articles tagged with #firmware security vulnerability

"Detecting and Defending Against the XZ Backdoor in Linux Systems"

Originally Published 1 year ago — by The Hacker News

Malicious code was discovered in the widely used XZ Utils library for Linux systems, enabling remote code execution and bypassing secure shell authentication. The backdoor was introduced by a project maintainer named Jia Tan, who gained credibility over two years and eventually added the malicious code to the XZ Utils release. The sophisticated supply chain attack highlights the potential risks associated with open-source software and the need for organizations to adopt tools and processes to identify tampering and malicious features in their development pipeline.

technology firmware-security-vulnerability firmware-security-vulnerability linux open-source-software remote-code-execution supply-chain-attack xz-utils

"UEFI Vulnerabilities Pose Widespread Threat to Computer Security"

Originally Published 2 years ago — by The Hacker News

Multiple security vulnerabilities dubbed PixieFail have been disclosed in the TCP/IP network protocol stack of the open-source reference implementation of the UEFI specification, impacting UEFI firmware from major vendors. These flaws could lead to remote code execution, denial-of-service attacks, DNS cache poisoning, and data leakage. The vulnerabilities, identified by Quarkslab, are present in the TianoCore EFI Development Kit II (EDK II) and could be exploited by attackers within the local network or remotely, depending on the firmware build and default PXE boot configuration.

technology firmware-security-vulnerability firmware firmware-security-vulnerability pixiefail security-vulnerabilities tcpip-stack uefi