Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Showing 1 most recent headlines Filtered view
Trend Micro Research, News and Perspectives 1 year, 8 months ago

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

More from Trend Micro Research, News and Perspectives 18 Sep 2024, 12:00 p.m. CVE-2024-20685 5G Authentication Azure CVE Microsoft Mobile Outage Research Vulnerability