August 8, 2024 at 08:35PM A BAE boffin discovered 3 critical flaws in Cisco’s Small Business SPA300 and SPA500 IP phones, none of which will be fixed. The flaws allow unauthenticated remote attackers to gain root privileges. Cisco won’t release updates as the products have entered the end-of-life process. No known exploits exist at this … Read more
June 5, 2024 at 04:03AM Zyxel has released security updates for two end-of-life network-attached storage devices to address critical flaws. The vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code. Outpost24 security researcher Timothy Hjort discovered and reported the flaws. Users are urged to update to the latest version for optimal … Read more
June 4, 2024 at 01:35PM Zyxel Networks released an emergency security update addressing three critical vulnerabilities in older NAS devices reaching end-of-life. The flaws enable command injection, remote code execution, privilege escalation, and information disclosure. Outpost24 security researcher Timothy Hjort discovered and reported the vulnerabilities. Zyxel released fixes despite end-of-support, urging immediate application due to … Read more
April 11, 2024 at 12:52PM A 6-year-old vulnerability in Lighttpd web server used in Baseboard Management Controllers, overlooked by vendors like Intel and Lenovo, could lead to memory exfiltration, bypassing protection mechanisms. Binarly discovered a heap out-of-bounds read vulnerability and vendors missed the fix, leading to a massive number of vulnerable devices, with impacted models … Read more
April 8, 2024 at 06:23PM Attackers target over 92,000 unpatched end-of-life D-Link NAS devices with a critical remote code execution vulnerability. Exploiting a hardcoded account and command injection flaw, threat actors deploy a Mirai malware variant to create botnets for large-scale DDoS attacks. D-Link has ceased support for these devices, advising owners to retire or … Read more
February 1, 2024 at 04:06AM The US government conducted a major takedown of a botnet using end-of-life Cisco and Netgear routers that were exploited by Chinese state-backed hackers. The botnet, linked to the Chinese APT Volt Typhoon, targeted various sectors, and the FBI remotely seized control of infected routers. The operation aimed to delete malware … Read more