DarkReading
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
DarkReading
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
SecurityWeek
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
Cyber Security News
A new group known as MorLock ransomware has intensified its attacks on Russian businesses, causing disruptions and financial losses.
HACKRead
A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark
SecurityWeek
History of TikTok and how it many view it as a national security threat based on connections to China.
Cyber Security News
QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.
Cyber Security News
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The Cyber Express
An active exploitation of critical vulnerabilities in D-Link Network Attached Storage (NAS) devices has raised concerns for D-Link users exposing
Security Affairs
US Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link NAS devices bugs to its Known Exploited Vulnerabilities catalog
Bleeping Computer
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
DarkReading
The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.
Infosecurity News
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices
SecurityWeek
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.
The Hacker News
Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices. Up to 92,000 devices affected.
SC Magazine
An attacker could gain remote access to network-attached storage and execute arbitrary commands.
Bleeping Computer
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw.
Ars Technica
D-Link won't be patching vulnerable NAS devices because they're no longer supported.
CyberSecurity Dive
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
SC Magazine
More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could result in sensitive data access, system configuration modifications, and denial-of-service conditions, reports Security Affairs.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.
Bleeping Computer
A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.
Cyber Security News
A new command injection vulnerability and a backdoor account has been discovered in D-Link Network Attached Storage devices which affects
Cyber Security News
Hackers exploit security flaws in Qualcomm to gain unauthorized access, execute malicious code, or potentially compromise data integrity and
Cyber Security News
Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities in packet capturing and analysis.
DarkReading
New AcidPour variant can attack a significantly broader range of targets including IoT devices, storage area networks, and handhelds.
The Hacker News
AcidPour malware targets four telecom providers in Ukraine, linked to AcidRain and Russian military intelligence operations.
SecurityWeek
Critical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication.
SC Magazine
The critical flaw is an authentication bug could let users compromise the security of the system.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices.
Bleeping Computer
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.
SecurityWeek
Taiwanese networking vendor Zyxel confirms security flaws in firewall and access points put users at risk of remote code execution attacks.
Cyber Security News
Last week, QNAP released a security advisory in which multiple vulnerabilities were fixed in QTS, QuTS hero and QuTScloud products.
HACKRead
Palo Alto Networks' Unit 42 identified a new zero-day vulnerability in QNAP QTS and QuTS hero firmware from the vendor QNAP.
SecurityWeek
Two high-severity vulnerabilities in QNAP’s operating system could lead to command execution over the network.
SecurityWeek
Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet.
HACKRead
Efficient data storage and security practices are critical for ensuring that sensitive information remains confidential and intact.
Bleeping Computer
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
Security Affairs
A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops.
HACKRead
The vulnerabilities in Ivanti VPN devices enable remote, unauthenticated hackers to compromise targeted devices, execute arbitrary commands, infiltrate internal networks, and steal sensitive data.
Security Affairs
The Finish NCSC-FI warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country
Bleeping Computer
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.
SecurityWeek
Researchers find no direct link between Russian APT Sandworm and last year’s attacks on Denmark’s critical infrastructure.
The Record
The vulnerability in a popular connected thermostat could allow a hacker to connect to the device's network.
DataBreaches
Bill Toulas reports: The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies...
Bleeping Computer
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
CyberNews
The Cybernews research team discovered an open 1.8TB data trove belonging to internet service provider Cherrinet.
Security Affairs
Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator.
SecurityWeek
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
Cyber Security News
Top 10 Hacks of 2023. Malware. Phishing. Denial of Service (DoS). Distributed Denial of Service (DDoS). Man-in-the-Middle (MitM).
Bleeping Computer
While we may joke that the internet is forever, it can often be anything but. This lifetime subscription to Offcloud helps you keep what matters for $39.99, $169 off the $209 MSRP.
CyberNews
Explaining recent malicious activity and analyzing its examples.
Latest Hacking News
Zyxel NAS users must rush to update their devices at the earliest as the vendors have patched numerous security flaws. Exploiting these vulnerabilities could allow severe threats from unauthorized users. Zyxel NAS Devices Exhibited Numerous Security
SecurityWeek
Researchers call attention to 14 security defects taht can be exploited to drop and freeze 5G connections on smartphones and routers.
Cyber Security News
Cybersecurity researchers from the following organizations recently discovered the new 5Ghoul attack that impacts the 5G devices
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems impacts Android and iOS devices.
The Hacker News
Major security flaws in 5G modems impact hundreds of smartphone models from brands like Apple, Samsung, and Google.
Bleeping Computer
A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems.
Security Affairs
Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass
The Hacker News
Zyxel released patches for 15 security issues in NAS, firewall, and AP devices. Includes 3 critical flaws allowing authentication bypass and comman
SecurityWeek
Cupertino's security response team said it was aware of a report the flaws were already exploited against versions of iOS before iOS 16.7.1.
SecurityWeek
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks.
Bleeping Computer
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage (NAS) devices.
The Hacker News
Insider threats are difficult for organizations to combat. Varonis’ modern cybersecurity answer uses the data security triad of sensitivity, access, a
The Hacker News
QNAP addresses two critical security flaws in its operating system. Remote attackers could execute commands via a network.
Bleeping Computer
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
SecurityWeek
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023.
Bleeping Computer
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
SecurityWeek
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.
Cyber Security News
At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, smart speakers, and Samsung Galaxy S23s were exploited by cybersecurity experts.
Bleeping Computer
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
Cyber Security News
On October 14, 2023, the company discovered a big wave of weak password attacks. Within 7 hours, the QNAP Product Security Incident Response Team (QNAP PSIRT) successfully blocked hundreds of zombie network IPs using QuFirewall, thereby defending several QNAP NAS devices that were exposed to the internet from further attack.
SecurityWeek
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Bleeping Computer
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Bleeping Computer
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
SecurityWeek
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
Trend Micro
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
The Hacker News
A vulnerability in Synology's DSM has been revealed, allowing attackers to remotely hijack admin accounts.
The Hacker News
Multiple high-severity vulnerabilities discovered in ConnectedIO's routers and cloud platform could let hackers execute malicious code.
Cyber Security News
Recently, the Wireshark Foundation released a new version of Wireshark (Wireshark 4.0.8) with several new updates and features.
SecurityWeek
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users.
Cyber Security News
An uncontrolled resource consumption vulnerability has been reported to affect multiple QNAP operating systems. The vulnerability allows remote users to launch a denial-of-service (DoS) attack if exploited.
SecurityWeek
CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability.
Bleeping Computer
The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign.
SecurityWeek
Multiple DDoS botnets have been observed targeting CVE-2023-28771, a Zyxel firewall vulnerability patched in April.
Cyber Security News
Wireshark, an industry-leading network packet analyzer, has released version 4.0.7, which includes defect fixes, protocol updates, and a few enhancements. I
SecurityWeek
Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada.
Latest Hacking News
Heads up, Zyxel users! The vendors have recently released patches for a serious security vulnerability affecting Zyxel NAS products. Exploiting the vulnerability could allow executing arbitrary commands on the target devices. Users must rush to
Bleeping Computer
The Brave team has announced that the privacy-centric browser will soon introduce new restriction controls allowing users to specify how long sites can access local network resources.
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix […]
Security Affairs
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its Known Exploited Vulnerabilities Catalog. Below is the list of the issues added to the catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the […]
Bleeping Computer
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
ZDNet
In Singapore last year, the number of phishing attempts more than doubled, while ransomware incidents continued to impact small and midsize businesses.
Bleeping Computer
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.
Security Affairs
Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware […]
The Hacker News
⚠️ Attention Zyxel NAS users! A new critical vulnerability (CVE-2023-27992) could allow attackers to run arbitrary commands on affected systems.
Loading more articles....