August 12, 2024 at 04:42PM AMD has issued firmware updates to address a nearly two-decades-old silicon-level vulnerability in its EPYC data center processors and its Ryzen processors for PCs and embedded systems. The “SinkClose” flaw affects a component in the processor protecting System Management Mode, potentially allowing attackers to implant almost undetectable malware. AMD has … Read more
July 12, 2024 at 11:57AM Netgear issues urgent firmware update for multiple WiFi 6 router models to address stored XSS and authentication bypass vulnerabilities. Successful exploitation can lead to session hijacking, information theft, and unauthorized access, posing significant security risks. Users are strongly advised to immediately update their router firmware through Netgear Support to mitigate … Read more
July 12, 2024 at 11:35AM Netgear urges customers to update their WiFi 6 routers to address security vulnerabilities. These include a stored cross-site scripting flaw affecting XR1000 Nighthawk gaming routers and an authentication bypass bug impacting CAX30 Nighthawk AX6 6-Stream cable modem routers. Netgear provides steps for firmware updates and warns users of potential consequences … Read more
June 28, 2024 at 09:33AM SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that may have gone unnoticed. This week’s stories include Microsoft patching a critical Dataverse vulnerability, a credential stuffing attack on Levi Strauss, a data breach at Ventura County Credit Union, malware delivery by a South Korean ISP, and various … Read more
June 26, 2024 at 04:48PM Apple released a firmware update for AirPods to fix a vulnerability that could allow unauthorized access. The CVE-2024-27867 vulnerability affects various Apple headphone models, enabling attackers in Bluetooth range to spoof a paired device and gain access. The update addresses the authentication issue and is automatically delivered to user’s devices. … Read more
June 15, 2024 at 01:15PM ASUS has released a firmware update to address vulnerabilities impacting seven router models, allowing remote attackers to take control of the devices. Users are advised to update to the latest firmware versions and strengthen account and WiFi passwords. The update also addresses other vulnerabilities and includes an update for the … Read more
May 27, 2024 at 03:19PM The TP-Link Archer C5400X gaming router faced a critical security risk, enabling remote attackers to execute unauthorized commands. The flaw, tracked as CVE-2024-5035, was identified through static analysis and affected TCP ports 8888, 8889, and 8890. TP-Link has released a firmware update to address this vulnerability, advising all users to … Read more
March 12, 2024 at 07:21AM Vulnerabilities in Linear building access control products, disclosed in 2019, have led to a security flaw being exploited in attacks. Nortek, the vendor, was slow to address the issues. The vulnerabilities, including CVE-2019-7256, were only fully patched in 2024 after being exploited in the wild. Nice, the acquiring company, released … Read more
March 8, 2024 at 03:07PM QNAP has warned of vulnerabilities in its NAS software, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, which could grant unauthorized access to devices. The flaws include an authentication bypass, command injection, and SQL injection, affecting various operating systems. Users are advised to upgrade to specific versions to address the vulnerabilities … Read more
January 31, 2024 at 05:30AM Multiple Hitron DVR device models are exploited by the InfectedSlurs botnet, utilizing vulnerabilities to launch DDoS attacks. Akamai reports discovering six zero-day vulnerabilities and urges immediate firmware updates and password changes. CISA advises isolating these devices, using VPNs, and collaborating for a comprehensive security approach. KISA has also issued alerts … Read more