Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
Juplink’s RX4-1800 WiFi router was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local WiFi network and complete overtake of the device. An attacker...
Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
Vendor: NXP Semiconductors
Vendor URL: https://www.nxp.com
Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid
Author: Jon Szymaniak
CVE: CVE-2022-45163
Advisory URL: https://community.nxp.com/t5/Known-Limitations-and-Guidelines/SDP-Read-Bypass-CVE-2022-45163/ta-p/1553565
Risk: 5.3...
IoT Security, Attacks And The Industrial Systems at Risk
Hackers could target smart manufacturing and other industrial environments with new and unconventional cyber attacks designed to exploit vulnerabilities in ecosystems which are supporting the Industrial Internet of Things (IIoT) according...
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
New research indicates that over 80,000 Hikvision surveillance cameras in the world...
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
UNISOC (formerly Spreadtrum) is a rapidly growing semiconductor company that is nowadays focused on the Android entry-level smartphone market. While still a rare sight in the west, the company...
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Software running Palo Alto Networks’ firewalls is under attack, prompting U.S....
Vulnerabilities in old GTP protocol could affect 4G and 5G networks
Experts cautioned that problems in the GPRS Tunneling Protocol (GTP) could affect the operation of 4G and 5G networks. In reports published last week and in December 2019, Positive Technologies and A10 Networks described...
Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
Vendor: OpenJDK Project
Vendor URL: https://openjdk.java.net
Versions affected: 8-17+ (and likely earlier versions)
Systems Affected: All supported systems
Author: Jeff Dileo
Advisory URL / CVE Identifier: TBD
Risk: Low (implicit data validation bypass)
The private...
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
Google has patched the fifth...
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that...
