July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more
June 27, 2024 at 08:33AM Claroty has disclosed vulnerabilities in Emerson’s gas chromatograph, posing serious impact risks. These devices are remotely controlled and connected to internal networks via proprietary protocol. Vulnerabilities include critical command injection and bypassing authentication, with potential for severe industry disruption. CISA and Emerson have issued advisories, recommending firmware updates and network … Read more
June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more
April 9, 2024 at 12:40PM A critical flaw in several end-of-life models of D-Link NAS devices, tracked as CVE-2024-3273, allows attackers to backdoor the devices, potentially accessing sensitive information and enabling other nefarious activities. D-Link advises retiring and replacing affected devices as they will no longer receive updates or support. Use unique passwords and enable … Read more
April 6, 2024 at 12:04PM A threat researcher disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) models, impacting their security. The flaw allows remote execution of arbitrary commands and affects over 92,000 vulnerable devices. D-Link has confirmed the end of support for these devices and … Read more
February 6, 2024 at 09:00AM Canon announced software updates to patch seven critical vulnerabilities impacting small office printer models. These buffer overflow bugs can be exploited for remote code execution or to cause unresponsiveness. The flaws, with a CVSS score of 9.8, affect various printer components and specific models globally. Customers are advised to install … Read more
January 18, 2024 at 05:21AM Security researchers have traced a DDoS botnet infecting millions of smart TVs and set-top boxes to the Bigpanzi cybercrime syndicate. At its peak, 170,000 bots were running daily and were used for cybercrimes such as DDoS attacks and hijacking broadcasts. The researchers aim to combat Bigpanzi and seek collaboration from … Read more
December 16, 2023 at 11:53AM Akamai’s Security Intelligence Response Team discovered the ‘InfectedSlurs’ botnet exploiting zero-day vulnerabilities in routers and QNAP VioStor NVR devices, resulting in a DDoS swarm. Two vulnerabilities, CVE-2023-49897 and CVE-2023-47565, were leveraged. Akamai published follow-up reports as security updates became available. Affected users are advised to update firmware, change passwords, and … Read more
November 30, 2023 at 01:46PM Over a decade after the Stuxnet attack, PLCs remain vulnerable due to users not implementing security controls or firmware updates. Researchers bypassed Siemens’ protocol obfuscation, exposing risks in legacy systems. Siemens advises upgrading to newer firmware with TLS and applying stronger security protocols. Meeting Takeaways: 1. Vulnerability to Stuxnet: – … Read more
November 22, 2023 at 05:39PM Researchers have discovered vulnerabilities in Windows Hello’s fingerprint authentication system that allow hackers to bypass the security and login as someone else. The team found flaws in the communication between the software and hardware components of laptops using fingerprint sensors from Goodix, Synaptics, and ELAN. The vulnerabilities vary across different … Read more