ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild
Researchers in Proof of Concept Show Exploit Potential for Widely Used SoftwareTechnical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology
Researchers Uncover Bugs in Apple’s AirPlay, Risking Takeover of Smart DevicesVulnerabilities in wireless streaming protocol AirPlay could expose Apple operating system devices to remote code execution by enabling attackers to infiltrate networks through trusted connections. The flaws are in the software development kit used by third-party manufacturers.
Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. [...]
Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges
Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. [...]
Unsanitized Inputs Leads to Remote Code ExecutionA gaming Wi-Fi router contained a zero-day that allowed a remote unauthenticated attacker to execute arbitrary code - a flaw that a static analysis cybersecurity firm attributed to insecure coding practices. Routers are a perennial source of risk to enterprises and home users alike.
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted. [...]
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet. [...]
A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices
A new malware botnet named 'AndoryuBot' is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks. [...]
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.