I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending

December 5, 2024 at 11:53AM I-O Data confirmed critical vulnerabilities in its routers, allowing remote attackers to disable firewalls and execute commands. Full patches will take weeks. Three flaws—CVE-2024-45841, CVE-2024-47133, and CVE-2024-52564—pose risks of information disclosure and command execution. A partial fix is available, with complete solutions expected by December 2024. ### Meeting Takeaways 1. … Read more

Korea arrests CEO for adding DDoS feature to satellite receivers

December 2, 2024 at 04:14PM South Korean police arrested a CEO and five employees for producing 240,000 satellite receivers with illegal DDoS attack capabilities. The receivers, sold to a foreign company, were used to counter competition. Authorities, alerted by Interpol, seized assets worth $4.35 million. The purchasing company operators remain at large. **Meeting Takeaways:** 1. … Read more

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

October 17, 2024 at 07:53AM Cisco has issued patches for various vulnerabilities in ATA 190 series firmware, including two high-severity issues. This action addresses security concerns to enhance the protection of the devices. The updates were reported by SecurityWeek. **Meeting Takeaways:** 1. **Cisco Vulnerabilities Addressed**: Cisco has released patches for multiple vulnerabilities in the ATA … Read more

Intel Informs Customers About Over a Dozen Processor Vulnerabilities

September 11, 2024 at 10:06AM Intel recently published security advisories detailing over 20 vulnerabilities in their processors and products. These advisories cover issues such as UEFI firmware vulnerabilities affecting various processor series, ranging from Atom to Xeon. Majority of the flaws have a ‘high severity’ rating and can lead to privilege escalation, DoS attacks, and … Read more

Any IoT Device Can Be Hacked, Even Grills

July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more

Gas Chromatograph Hacking Could Have Serious Impact: Security Firm

June 27, 2024 at 08:33AM Claroty has disclosed vulnerabilities in Emerson’s gas chromatograph, posing serious impact risks. These devices are remotely controlled and connected to internal networks via proprietary protocol. Vulnerabilities include critical command injection and bypassing authentication, with potential for severe industry disruption. CISA and Emerson have issued advisories, recommending firmware updates and network … Read more

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products

June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more

92K D-Link NAS Devices Open to Critical Command-Injection Bug

April 9, 2024 at 12:40PM A critical flaw in several end-of-life models of D-Link NAS devices, tracked as CVE-2024-3273, allows attackers to backdoor the devices, potentially accessing sensitive information and enabling other nefarious activities. D-Link advises retiring and replacing affected devices as they will no longer receive updates or support. Use unique passwords and enable … Read more

Over 92,000 exposed D-Link NAS devices have a backdoor account

April 6, 2024 at 12:04PM A threat researcher disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) models, impacting their security. The flaw allows remote execution of arbitrary commands and affects over 92,000 vulnerable devices. D-Link has confirmed the end of support for these devices and … Read more

Canon Patches 7 Critical Vulnerabilities in Small Office Printers

February 6, 2024 at 09:00AM Canon announced software updates to patch seven critical vulnerabilities impacting small office printer models. These buffer overflow bugs can be exploited for remote code execution or to cause unresponsiveness. The flaws, with a CVSS score of 9.8, affect various printer components and specific models globally. Customers are advised to install … Read more