September 4, 2024 at 06:54AM D-Link warns of multiple critical and high-severity remote code execution (RCE) vulnerabilities affecting the discontinued DIR-846 router model. Four RCE flaws, including OS command injection issues, remain unpatched. The company advises retiring and replacing EOL/EOS devices, as it has ceased firmware development for discontinued products and is unable to resolve … Read more
August 9, 2024 at 10:21AM Cybersecurity researchers discovered vulnerabilities in Sonos smart speakers that could be exploited by attackers to eavesdrop on users, impacting all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12. These findings were presented at Black Hat USA 2024 and reveal two security defects, CVE-2023-50809 and CVE-2023-50810, compromising … Read more
January 14, 2024 at 02:36PM The GrapheneOS team suggests introducing an auto-reboot feature for Android to reduce exploitation of firmware flaws, affecting data theft and spying on Google Pixel and Samsung Galaxy phones. They recommend a shorter reboot interval and emphasize the importance of device encryption and security. Google is reviewing the reported vulnerabilities while … Read more
December 1, 2023 at 04:01PM “LogoFAIL” exposes critical vulnerabilities in the PC’s UEFI ecosystem, impacting most devices worldwide, including those from top manufacturers. The flaw affects image-parsing during boot-up, enabling attackers to bypass security like Secure Boot. Binarly Research found that compromised images in the boot process could allow persistent malicious control. Vendor patches are … Read more
December 1, 2023 at 12:19PM Security researchers uncovered LogoFAIL vulnerabilities in UEFI firmware’s image parsers that can be exploited to deliver bootkits and bypass security during boot, affecting a wide range of devices across x86 and ARM architectures. Many consumer and enterprise devices from major manufacturers and UEFI vendors could be vulnerable, threatening boot process … Read more
December 1, 2023 at 11:26AM LogoFAIL vulnerabilities, found within UEFI code’s image-parsing components, could let attackers hijack the boot process and deliver bootkits on various devices using ESP image file injection. Hundreds of devices across major vendors and architectures are at risk, with the full impact yet to be determined. Meeting Takeaways: 1. LogoFAIL refers … Read more