October 17, 2024 at 07:53AM Cisco has issued patches for various vulnerabilities in ATA 190 series firmware, including two high-severity issues. This action addresses security concerns to enhance the protection of the devices. The updates were reported by SecurityWeek. **Meeting Takeaways:** 1. **Cisco Vulnerabilities Addressed**: Cisco has released patches for multiple vulnerabilities in the ATA … Read more
September 11, 2024 at 10:06AM Intel recently published security advisories detailing over 20 vulnerabilities in their processors and products. These advisories cover issues such as UEFI firmware vulnerabilities affecting various processor series, ranging from Atom to Xeon. Majority of the flaws have a ‘high severity’ rating and can lead to privilege escalation, DoS attacks, and … Read more
July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more
June 27, 2024 at 08:33AM Claroty has disclosed vulnerabilities in Emerson’s gas chromatograph, posing serious impact risks. These devices are remotely controlled and connected to internal networks via proprietary protocol. Vulnerabilities include critical command injection and bypassing authentication, with potential for severe industry disruption. CISA and Emerson have issued advisories, recommending firmware updates and network … Read more
June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more
April 9, 2024 at 12:40PM A critical flaw in several end-of-life models of D-Link NAS devices, tracked as CVE-2024-3273, allows attackers to backdoor the devices, potentially accessing sensitive information and enabling other nefarious activities. D-Link advises retiring and replacing affected devices as they will no longer receive updates or support. Use unique passwords and enable … Read more
April 6, 2024 at 12:04PM A threat researcher disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) models, impacting their security. The flaw allows remote execution of arbitrary commands and affects over 92,000 vulnerable devices. D-Link has confirmed the end of support for these devices and … Read more
February 6, 2024 at 09:00AM Canon announced software updates to patch seven critical vulnerabilities impacting small office printer models. These buffer overflow bugs can be exploited for remote code execution or to cause unresponsiveness. The flaws, with a CVSS score of 9.8, affect various printer components and specific models globally. Customers are advised to install … Read more
January 18, 2024 at 05:21AM Security researchers have traced a DDoS botnet infecting millions of smart TVs and set-top boxes to the Bigpanzi cybercrime syndicate. At its peak, 170,000 bots were running daily and were used for cybercrimes such as DDoS attacks and hijacking broadcasts. The researchers aim to combat Bigpanzi and seek collaboration from … Read more
December 16, 2023 at 11:53AM Akamai’s Security Intelligence Response Team discovered the ‘InfectedSlurs’ botnet exploiting zero-day vulnerabilities in routers and QNAP VioStor NVR devices, resulting in a DDoS swarm. Two vulnerabilities, CVE-2023-49897 and CVE-2023-47565, were leveraged. Akamai published follow-up reports as security updates became available. Affected users are advised to update firmware, change passwords, and … Read more