Vulnerabilities in old GTP protocol could affect 4G and 5G networks
Experts cautioned that problems in the GPRS Tunneling Protocol (GTP) could affect the operation of 4G and 5G networks. In reports published last week and in December 2019, Positive Technologies and A10 Networks described...
StrandHogg 2.0 – Android Flaw Leaves 1 Billion Devices Vulnerable to Application Hijacking
A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into...
Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
Juplink’s RX4-1800 WiFi router was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local WiFi network and complete overtake of the device. An attacker...
Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
Vendor: NXP Semiconductors
Vendor URL: https://www.nxp.com
Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid
Author: Jon Szymaniak
CVE: CVE-2022-45163
Advisory URL: https://community.nxp.com/t5/Known-Limitations-and-Guidelines/SDP-Read-Bypass-CVE-2022-45163/ta-p/1553565
Risk: 5.3...
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
New research indicates that over 80,000 Hikvision surveillance cameras in the world...
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
UNISOC (formerly Spreadtrum) is a rapidly growing semiconductor company that is nowadays focused on the Android entry-level smartphone market. While still a rare sight in the west, the company...
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Software running Palo Alto Networks’ firewalls is under attack, prompting U.S....
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
Threat actors used a Safari zero-day flaw to send malicious links...
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Apple is urging...
Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
Vendor: OpenJDK Project
Vendor URL: https://openjdk.java.net
Versions affected: 8-17+ (and likely earlier versions)
Systems Affected: All supported systems
Author: Jeff Dileo
Advisory URL / CVE Identifier: TBD
Risk: Low (implicit data validation bypass)
The private...
