November 7, 2024 at 03:15AM Cisco has issued security updates to fix a critical vulnerability (CVE-2024-20418) in Ultra-Reliable Wireless Backhaul Access Points, allowing remote attackers to execute commands with elevated privileges. Affected devices need to update to software version 17.15.1, as earlier versions remain exposed but no active exploits have been reported. ### Meeting Takeaways … Read more
September 17, 2024 at 05:39PM Hezbollah’s usage of pagers, due to fears of cellphone tracking, was exploited as an unknown culprit caused the devices to detonate, killing nine and injuring thousands. Suspected supply-chain interference suggests built-in explosive devices triggered remotely, implicating a state actor. Alarming implications point to Israel, given its previous accusations of sabotage. … Read more
May 9, 2024 at 07:09AM F5 announced patches for its BIG-IP Next Central Manager to fix five vulnerabilities allowing complete device control. Eclypsium found the vulnerabilities but only two have CVE identifiers. One patched vulnerability is high severity, enabling unauthenticated attackers to execute malicious SQL statements. F5 states no impact beyond Next Central Manager. Eclypsium … Read more
March 26, 2024 at 04:53PM CVE-2024-1580 enables remote attackers to execute arbitrary code on impacted devices. Based on the meeting notes, it appears that the CVE-2024-1580 vulnerability allows remote attackers to execute arbitrary code on affected devices. This is a critical issue that warrants immediate attention and action to mitigate potential security risks. Full Article
December 7, 2023 at 07:00AM A severe Bluetooth flaw (CVE-2023-45866) allows unauthorized control over Android, Linux, macOS, and iOS devices via keystroke injection without user permission, affecting devices since Android 4.2.2. Discovered by Marc Newlin, no specialized hardware is needed for the exploitation, with full technical details pending release. Meeting Key Takeaways – Critical Bluetooth … Read more
November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more