October 3, 2024 at 06:02PM Thousands of DrayTek routers are at risk due to 14 newly discovered firmware vulnerabilities, enabling remote code execution, denial-of-service attacks, and injection of malicious code. Forescout’s Vedere Labs found over 704,000 exposed routers, urging proactive security measures in addition to patching. Threat actors, including nation-state actors, are actively targeting vulnerable … Read more
October 2, 2024 at 10:15AM A series of critical vulnerabilities in DrayTek routers, including buffer overflow and cross-site scripting flaws, have been discovered, posing a significant security risk. Over 700,000 exposed devices globally are affected, requiring immediate patching. The incident highlights the importance of secure network practices, especially for critical infrastructure organizations. Joint cybersecurity guidance … Read more
January 24, 2024 at 07:36AM Google announced the release of Chrome 121, addressing 17 vulnerabilities, 11 of which were reported by external researchers. Three were rated as ‘high’ severity, earning bug bounty rewards totaling over $30,000. The update also resolved six medium-severity and two low-severity issues. The specific technical details of the resolved bugs were … Read more
October 21, 2023 at 12:33AM Cisco has alerted users to a zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor. The flaw, tracked as CVE-2023-20273, allows for privilege escalation and the deployment of a malicious implant. Cisco has identified a fix and recommends disabling the HTTP server feature until … Read more
October 16, 2023 at 04:52PM Cisco has disclosed a critical zero-day vulnerability in the Web User Interface of its IOS XE operating system. The flaw, assigned as CVE-2023-20198, affects all Cisco IOS XE devices with the Web UI feature enabled and allows attackers to create an account with complete device control. Cisco advises customers to … Read more
October 16, 2023 at 11:52AM Cisco has warned administrators about a severe zero-day vulnerability in its IOS XE Software that allows attackers to gain full control of affected routers. The vulnerability, identified as CVE-2023-20198, only affects devices with the Web User Interface feature enabled and the HTTP or HTTPS Server feature toggled on. Cisco advises … Read more