New iPhone Cable Gives Hackers Access to Passwords up to 1 Mile Away
New phone cable mimicking an Apple lightning cable is now on sale that can record anything users type and send the data to a hacker up to one mile away. O.MG cables were produced by a security researcher and sell for $140. Users are encouraged to be wary when borrowing an unknown charging cord.
Popular Router Found to Ship with Over 24 Vulnerabilities Including Forced Firmware Updates
Hackers revealed this week how a popular wi-fi router has been shipping for years packed with a multitude of unwanted security surprises. Researchers tore apart the TP-Link AC1200 Archer C50 (v6)a, a highly rated Amazon seller, to find a flurry of vulnerabilities including doors that would allow for DDOS attacks and network access, credential leakage and user data access.
Deep Dive on 2015 Juniper Networks Breach Shows How Government Struggles to Control its Vulnerabilities
Its been six years since the Juniper Networks Christmas supply chain hack that opened a backdoor that exposed highly sensitive US telecommunications and military agencies to spying. Although details remain scant as to how and why this all went down, Bloomberg news has recently uncovered why Juniper used the NSA algotithm in the first place and who may have been behind the attack.
Researchers Find Bugs in Router Firmware at Scale with Taint Analysis
Resarchers from Singapore-based Star Labs used angr, a binary analysis framework on Python to identify 20+ command injection vulnerabilities on multiple router firmware.
Blackberry Announces Vulnerabilities Affecting Real-time Operating Systems and Libraries
A flaw in software made by BlackBerry has left 200m cars, along with critical hospital and factory equipment, vulnerable. Affected products include QNX Neutrino RTOS for Medical Devices 1.0/1.1 & QNX OS for Automotive Safety 1.0.
Routers and modems running Arcadyan firmware are under attack
Multiple router and modem manufacturers are under attack from DDOS botnet operators that are looking to take advantage of vulnerabilities found inside Arcadyan firmware.
DHS Releases New Cybersecurity Rules for Pipelines After Colonial Ransomware Attack
CISA and the FBI are urging critical infrastructure operators to be highly aware and take greater precautions regarding cybersecurity after Colonial ransomeware attack showed the world how dangerous a security breach could be. Read the new cybersecurity directive.
Aruba Networks Pen Test Finds Multiple Router Vulnerabilities
Chained firmware vulnerabilities gave attackers access to perform remote code execution on Aruba Networks routers. According to security researchers, attackers conducted a series of malicious activities including remote code execution (RCE).
Itai Greenhut and Gal Zror from Aleph Security found a total of eight vulnerabilities in Aruba Instant, the software that allows administrators to configure the settings of Aruba routers.
Sonicwall Firmware Vulnerability Subject of “Imminent Ransomware Attack”
End of life systems were targeted in this ransomware campaign reported by SonicWall as an urgent security alert this week. The vulnerability is fixed in recent versions of its firmware but impacts anyone using a legacy SRP appliance that is EOL.