December 4, 2024 at 10:34AM Japan’s CERT warns that hackers are exploiting zero-day vulnerabilities in I-O Data’s UD-LT1 routers, enabling unauthorized access and command execution. The vendor confirmed flaws and plans to release fixes by December 18, 2024. Users are advised to implement mitigation measures to protect their devices until updates are available. ### Meeting … Read more
December 4, 2024 at 08:19AM CISA warned of a high-severity vulnerability (CVE-2024-11667) in Zyxel firewall devices, exploited in the wild, allowing unauthorized file access. Zyxel issued patches, but users must change passwords for complete protection. CISA urges federal agencies to update their systems by December 24 and recommends all organizations to follow suit. ### Meeting … Read more
November 28, 2024 at 12:27PM Advantech EKI wireless access points have 20 disclosed vulnerabilities, including six critical ones that allow unauthenticated remote code execution and potential backdoor access. Recent firmware updates address these issues, but attackers can exploit them via physical proximity and rogue access points. Vulnerabilities could lead to significant network breaches and data … Read more
November 25, 2024 at 12:56PM Zyxel warns that threat actors are exploiting a patched command injection vulnerability (CVE-2024-42057) in its firewalls, allowing remote code execution. A ransomware group, Helldown, has targeted affected devices. Users must upgrade to firmware 5.39 as earlier versions are susceptible to attacks. Immediate action is advised for optimal protection. ### Meeting … Read more
November 22, 2024 at 03:55PM QNAP has withdrawn a problematic firmware update (QTS 5.2.2.2950) following user complaints of connectivity issues and device lockouts. Customers reported errors preventing access to their NAS features. QNAP recommends downgrading to the previous version (5.2.1.2930) to resolve these issues but has not issued a formal statement. ### Meeting Takeaways 1. … Read more
October 31, 2024 at 02:26PM Hackers are exploiting two zero-day vulnerabilities (CVE-2024-8956, CVE-2024-8957) in PTZOptics cameras, allowing unauthorized access and potential remote code execution. GreyNoise discovered these flaws, affecting various models, and reported them for responsible disclosure. PTZOptics released an update, but some devices remain unpatched, posing security risks. Users are advised to check with … Read more
October 15, 2024 at 02:09PM An authentication vulnerability (CVE-2024-27867) in certain AirPods and Beats models allows attackers within Bluetooth range to spoof connections to headphones. A firmware update addressing this issue is available for AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro, effective June 25, 2024. ### Meeting … Read more
September 16, 2024 at 10:29AM D-Link has patched critical vulnerabilities in three popular wireless router models, impacting consumers seeking high-end WiFi 6 routers and mesh networking systems. The vulnerabilities allow remote attackers to execute arbitrary code or access devices using hardcoded credentials. D-Link advises firmware upgrades to fix flaws and criticizes the third-party for publicly … Read more
August 26, 2024 at 11:36AM SonicWall has released security updates to fix a critical flaw (CVE-2024-40766) in its firewalls, affecting Gen 5, Gen 6, and Gen 7 devices running certain SonicOS versions. The vulnerability could allow unauthorized access and cause the firewall to crash. Users are urged to install the latest firmware to mitigate potential … Read more
August 12, 2024 at 11:21PM AMD processors dating back to 2006 have a security vulnerability called SinkClose, which allows rogue users to run code in System Management Mode (SMM). Only models made since 2020 will be patched. The flaw affects AMD CPUs dating back nearly 20 years. Processors receiving fixes will get firmware updates via … Read more