New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands Dec 08, 2023NewsroomVulnerability / Mobile Network A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as Read more…
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices Dec 07, 2023The Hacker NewsMobile Security / Vulnerability A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a Read more…
New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices Dec 04, 2023NewsroomMalware / Botnet Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Read more…
New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks Dec 04, 2023NewsroomEncryption / Technology New research has unearthed multiple novel attacks that break Bluetooth Classic’s forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification Read more…
UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks Dec 04, 2023NewsroomTechnology / Firmware Security The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL Read more…
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices Dec 01, 2023NewsroomFirewall / Network Security Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command Read more…
QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices Nov 06, 2023NewsroomVulnerability / Data Security QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as Read more…
Fuzzing para-virtualized devices in Hyper-V | MSRC Blog Hyper-V is the backbone of Azure, running on its Hosts to provide efficient and fair sharing of resources, but also isolation. That’s why we, in the vulnerability research team for Windows, have been working in the background for years now helping secure Read more…
“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks | MSRC Blog Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries Read more…
Canada Bans WeChat and Kaspersky Apps On Government Devices Oct 31, 2023NewsroomNational Security / Cyber Threat Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an “unacceptable level of risk to privacy and security.” “The Government of Canada is Read more…