9 matches found
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices
Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations. The group actively exploits a seven-year-old vulnerability...
CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...
China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks
The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom...
CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...
CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...
Design/Logic Flaw
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...
CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...
CVE-2023-0209
The CVE-2023-0209 issue affects NVIDIA DGX-1 SBIOS Uncore PEI: missing authentication of the SSA-executed code allows files/firmware to potentially execute arbitrary code, cause DoS, privilege escalation via firmware implants, information disclosure, data tampering, and SecureBoot bypass. Red Hat...
Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group APT41. Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the...