VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
VMware and experts alike are urging users to...
Malicious Npm Packages Tapped Again to Target Discord Users
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.
Threat actors once again are using the node...
Vulnerabilities are Beyond What You Think
CVEs or Software vulnerabilities comprise only a part of security risks in the IT security landscape. Attack surfaces are massive with numerous security risks that must be treated equally...
IoT Botnets Fuels DDoS Attacks – Are You Prepared?
The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of...
Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503,...
The following vulnerabilities were found as part of a research project looking at the state of security of the different Nuki (smart lock) products. The main goal was to...
CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.
A Windows 11 vulnerability, part of...
Hybrid-Work Reality Drives Hardware-based Security Strategies
New remote business reality pushes security teams to retool to protect expanding attack surface.
Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted...
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.
The popular protocol for radio controlled (RC)...
Google Patches Actively Exploited Chrome Bug
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.
While people were celebrating the Fourth of July holiday in the United States,...
Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
Vendor: ExpressLRS
Vendor URL: https://expresslrs.org
Versions affected: 1.x, 2.x
Author: Richard Appleby
Severity: Medium 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ExpressLRS is a high-performance open source radio control link. It aims to provide...
