December 4, 2024 at 06:01PM U.S. Senators Ron Wyden and Eric Schmitt called for an investigation into the Defense Department’s failure to secure communications from foreign spies after the “Salt Typhoon” hack. Concerns include DOD’s $2.7 billion contract with vulnerable telecoms and the lack of encryption and cybersecurity audits for phone networks. ### Meeting Takeaways … Read more
November 7, 2024 at 04:47PM Cisco has identified a vulnerability in its Unified Industrial Wireless Software for URWB access points, potentially allowing remote attackers to execute command injection attacks. Affected models include Catalyst IW9165D, IW9165E, and IW9167E with URWB mode enabled. Cisco has released a fix, though there’s no known public exploitation of the issue. … Read more
September 20, 2024 at 02:30PM A zero-click vulnerability in MediaTek Wi-Fi chipsets and driver bundles used in routers and smartphones, including those from Ubiquiti, Xiaomi, and Netgear, poses a critical risk, enabling remote code execution without user interaction. A public proof-of-concept exploit is available, so affected users should apply available MediaTek patches promptly. The vulnerability … Read more
August 9, 2024 at 10:21AM Cybersecurity researchers discovered vulnerabilities in Sonos smart speakers that could be exploited by attackers to eavesdrop on users, impacting all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12. These findings were presented at Black Hat USA 2024 and reveal two security defects, CVE-2023-50809 and CVE-2023-50810, compromising … Read more
June 28, 2024 at 04:15PM Wireless providers prioritize uptime and lag time at the expense of security, leaving users vulnerable to attacks. At Black Hat 2024, Penn State researchers will reveal how hackers can exploit 5G to intercept Internet traffic, leading to spying and phishing. The researchers have reported vulnerabilities to 5G vendors, but a … Read more
June 27, 2024 at 01:13PM Wireless service providers prioritize uptime and lag time, sometimes compromising security. This can enable attackers to exploit vulnerabilities, resulting in data theft and other serious consequences. Based on the meeting notes, the key takeaway is that wireless service providers prioritize uptime and lag time, sometimes at the expense of security, … Read more
February 21, 2024 at 12:27PM Cybersecurity researchers have discovered authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, could deceive users into malicious networks or allow attackers to join trusted networks without a password. Fixes are available for some systems but pending for … Read more
February 9, 2024 at 02:23PM The Canadian government plans to ban the Flipper Zero and similar devices due to concerns about their potential use by thieves to steal cars. Despite the company’s claims that the device cannot be used to steal modern cars, Canadian authorities are taking steps to prohibit the importation, sale, and use … Read more
January 29, 2024 at 06:39AM Bastille Networks, a wireless threat intelligence firm, has secured $44 million in a Series C funding round, with the total raised now exceeding $80 million. Led by Goldman Sachs, the round includes funding from existing investor Bessemer Venture Partners. The San Francisco-based company helps organizations identify and secure wireless devices … Read more
January 26, 2024 at 05:15AM Nozomi Networks has launched Guardian Air, a security sensor for detecting wireless threats in OT and IoT environments. The product monitors various frequencies associated with wireless protocols and sends data to a cloud-based system for analysis. It provides visibility at the wireless level and is designed to be integrated into … Read more