Security News

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
2021-09-02 18:32

Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic for communication. Potentially, billions of devices could be affected worldwide, researchers said.

Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks
2021-07-20 13:38

A high-severity vulnerability affecting Rockwell Automation's MicroLogix 1100 programmable logic controllers can be exploited to cause a device to enter a persistent fault condition. According to advisories released this month by Rockwell and the U.S. Cybersecurity and Infrastructure Security Agency, a remote, unauthenticated attacker can exploit CVE-2021-33012 to cause a denial of service condition on the targeted controller by sending it specially crafted commands.

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
2021-07-16 17:17

Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited. A critical remote code-execution vulnerability in Juniper Networks' Steel-Belted Radius Carrier Edition lays open wireless carrier and fixed operator networks to tampering.

Vulnerabilities in Zephyr's Bluetooth LE Stack May Lead to DoS Attacks
2021-06-22 17:00

Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys Cybersecurity Research Center. The platform includes support for multiple network protocols, including the full Bluetooth LE stack.

Bugs in NVIDIA’s Jetson Chipset Open Door to DoS Attacks, Data Theft
2021-06-21 20:21

Flaws impacting millions of internet of things devices running NVIDIA's Jetson chips open the door for a variety of hacks, including denial-of-service attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of less severity.

Organizations Warned About DoS Flaws in Popular Open Source Message Brokers
2021-06-08 15:02

Organizations have been warned about denial of service vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers. Message brokers enable applications, systems and services to communicate with each other and exchange information by translating messages between formal messaging protocols.

DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices
2021-06-08 13:05

Synopsys Cybersecurity Research Centre has warned of easily triggered denial-of-service vulnerabilities in three popular open-source Internet of Things message brokers: RabbitMQ, EMQ X, and VerneMQ. The message brokers, responsible for handling data sent to or from IoT devices like smart home hubs and door locks, all share a common protocol: Message Queuing Telemetry Transport, first released in 1999 for monitoring oil pipelines and since repurposed for a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

Wormable Windows Bug Opens Door to DoS, RCE
2021-05-11 20:05

It's the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known. CVE-2021-26419: A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE. CVE-2021-31194: An RCE bug in the Microsoft Windows Object Linking and Embedding Automation.

Citrix Patches DoS Vulnerabilities in Hypervisor
2021-03-31 21:35

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host. Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities could be abused to cause the host to crash or become unresponsive.

5G Security Flaw Allows Data Access, DoS Attacks
2021-03-26 14:31

A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service attacks, mobile network security company AdaptiveMobile Security warned this week. AdaptiveMobile Security discovered that the architecture of 5G network slicing has a serious flaw that can expose the customers of mobile operators to various types of attacks.