thehackernews.com Open in urlscan Pro
2606:4700:20::681a:a75  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.google.com/cse

<form action="https://www.google.com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text">
  <input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>

Name: f1 — POST https://inl02.netline.com/rssnews0001/

<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
  <div class="email-box-h3">Get Latest News in Your Inbox</div>
  <p>Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.</p>
  <div class="email-input">
    <input name="_submit" type="hidden" value="0001">
    <input id="brand" name="brand" type="hidden" value="thehackernews">
    <div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email">Email</label><input
      class="text" id="input-email" name="email" placeholder="Your e-mail address" required="" type="email">
    <button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
  </div>
</form>

Text Content

Bits, Bytes, and Breaking News

Followed by 5.20+ million  


 Subscribe – Get Latest News
 *  Home
 *  Newsletter
 *  Webinars

 * Home
 * Data Breaches
 * Cyber Attacks
 * Vulnerabilities
 * Webinars
 * Expert Insights
 * Contact





Resources
 * Webinars
 * Free eBooks

About Site
 * About THN
 * Jobs
 * Advertise with us


Contact/Tip Us

Reach out to get featured—contact us to send your exclusive story idea,
research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media
    
 RSS Feeds  Email Alerts  Telegram Channel



RESEARCHERS UNCOVER MAJOR SECURITY FLAW IN ILLUMINA ISEQ 100 DNA SEQUENCERS

Jan 07, 2025Ravie LakshmananFirmware Security / Malware

Cybersecurity researchers have uncovered firmware security vulnerabilities in
the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited,
could permit attackers to brick or plant persistent malware on susceptible
devices.

"The Illumina iSeq 100 used a very outdated implementation of BIOS firmware
using CSM [Compatibility Support Mode] mode and without Secure Boot or standard
firmware write protections," Eclypsium said in a report shared with The Hacker
News.

"This would allow an attacker on the system to overwrite the system firmware to
either 'brick' the device or install a firmware implant for ongoing attacker
persistence."



While the Unified Extensible Firmware Interface (UEFI) is the modern replacement
for the Basic Input/Output System (BIOS), the firmware security company said the
iSeq 100 boots to an old version of BIOS (B480AM12 - 04/12/2018) that has known
vulnerabilities.

Also noticeably absent are protections to tell the hardware where it can read
and write firmware, thereby allowing an attacker to modify device firmware. Also
not enabled is Secure Boot, thereby allowing malicious changes to the firmware
to go undetected.



Eclypsium pointed out that it's not advisable for newer high-value assets to
support CSM, as it's chiefly meant for old devices that can't be upgraded and
need to maintain compatibility. Following responsible disclosure, Illumina has
released a fix.

In a hypothetical attack scenario, an adversary could target unpatched Illumina
devices, escalate their privileges, and write arbitrary code to the firmware.

This is not the first time severe vulnerabilities have been disclosed in DNA
gene sequencers from Illumina. In April 2023, a critical security flaw
(CVE-2023-1968, CVSS score: 10.0) could have made it possible to eavesdrop on
network traffic and remotely transmit arbitrary commands.



"The ability to overwrite firmware on the iSeq 100 would enable attackers to
easily disable the device, causing significant disruption in the context of a
ransomware attack. This would not only take a high-value device out of service,
it would also likely take considerable effort to recover the device via manually
reflashing the firmware," Eclypsium said.

"This could significantly raise the stakes in the context of a ransomware or
cyberattack. Sequencers are critical to detecting genetic illnesses, cancers,
identifying drug-resistant bacteria, and for the production of vaccines. This
would make these devices a ripe target for state-based actors with geopolitical
motives in addition to the more traditional financial motives of ransomware
actors."



Found this article interesting? Follow us on Twitter  and LinkedIn to read more
exclusive content we post.

SHARE    
Tweet
Share
Share
Share
 Share on Facebook Share on Twitter Share on Linkedin Share on Reddit
Share on Hacker News Share on Email Share on WhatsApp Share on Facebook
Messenger Share on Telegram
SHARE 
cybersecurityDNA SequencingfirmwareMalwareransomwareSecure BootThreat Analysis
Trending News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
Top 10 Cybersecurity Trends to Expect in 2025
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major
Websites
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri
Privacy Violations
New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over
60%
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid
Service Disruption
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code
Execution
Show More
Popular Resources
Backupify — The Backup Solution: Encrypted, Unlimited, Reliable
Get Step-by-Step Guide to Kickstarting a Browser Security Program
Secure Your SaaS Stack and Cut Costs by 25%—Start Your Auvik Trial Now
Intel — Free Tool Every Infosec Pro Needs to Track Trending CVEs


CYBERSECURITY WEBINARS

AI in Cybersecurity


TURN AI INTO YOUR SECRET WEAPON FOR CYBERSECURITY

Unlock AI's true potential in cybersecurity. Learn strategies from 200 experts
to optimize vulnerability management and tackle challenges.

Sign Up Now Securing Digital Ecosystems


THE ENTERPRISE GUIDE TO CERTIFICATE AUTOMATION AND BEYOND

Join us to explore DigiCert ONE's advanced tools for automating compliance and
securing DevOps processes.

Register for Free
Breaking News

Cybersecurity Resources
Stop Playing the Hackers' Game Their Way
Companies spend billions of dollars on Firewalls and VPNs—yet breaches continue
to rise.
Gain Critical Cybersecurity Skills at SANS Security East Baltimore 2025
Fast, focused, and expert-led courses to boost your career. Join SANS to level
up!
Advance in the Field of Cybersecurity with Georgetown
Our Certificate in Cybersecurity Risk Management will give you the skills you
need to lead.
Don't Miss Out! Our FREE Exposure Management Course is a Game-Changer
Master Exposure Management, from the fundamentals to advanced tips and
strategies. Here’s what industry leaders are saying about our course.
Expert Insights / Articles Videos


5 STRATEGIES TO COMBAT RANSOMWARE AND ENSURE DATA SECURITY IN MICROSOFT 365

December 2, 2024 Read ➝


SECURING OPEN SOURCE: LESSONS FROM THE SOFTWARE SUPPLY CHAIN REVOLUTION

December 2, 2024 Read ➝


DEFENSIBLE SECURITY ARCHITECTURE AND ENGINEERING: DESIGNING AND BUILDING
DEFENSES FOR THE FUTURE

November 25, 2024 Read ➝


BREATHING NEW LIFE INTO A STAGNANT APPSEC

November 14, 2024 Read ➝

Get Latest News in Your Inbox

Get the latest news, expert insights, exclusive resources, and strategies from
industry leaders – all for free.


Email

Connect with us!

925,500 Followers

615,100 Followers

23,100 Subscribers

145,000 Followers

1,890,500 Followers

140,100 Subscribers
Company
 * About THN
 * Advertise with us
 * Contact

Pages
 * Webinars
 * Privacy Policy


 RSS Feeds
 Contact Us
© The Hacker News, 2024. All Rights Reserved.