Security News

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit, which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw in ThroughTek point-to-point products, successful exploitation of which could result in the "Ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality."

Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things devices - one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and connected baby monitors.1 base score of 9.6, was found in devices connected via ThroughTek's Kalay IoT cloud platform.

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.

vulnerability in the SDK that allows IoT devices to use ThroughTek's Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered.The Kalay platform allows IoT devices to register through it and get connected to a mobile or desktop application.

Researchers at FireEye's threat intelligence and incident response unit Mandiant have identified a critical vulnerability that exposes millions of IoT devices to remote attacks. The flaw was found in a core component of the Kalay cloud platform for IoT devices offered by ThroughTek, a Taiwan-based company that provides IoT and M2M solutions for surveillance, security, smart home, cloud storage, and consumer electronics systems.

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. CVE-2021-35394 - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UDPServer' MP tool.

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors. Security firm IoT Inspector, based in Bad Homburg, Germany, disclosed the vulnerabilities to Realtek in May, and said more than 65 hardware makers' products incorporate the Realtek RTL819xD module, which implements wireless access point functions and includes one of the vulnerable SDKs. "By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," the biz said in its advisory, estimating - conservatively, we think - that almost a million vulnerable devices may be in use, including VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.

Inmarsat is unveiling Inmarsat ELERA; a global narrowband network that is ideally suited to the rapidly evolving world of the Internet of Things and for global mobility customers, including aviation, maritime, governments and select enterprises. Coming just 14 days after Inmarsat announced ORCHESTRA, the world's first network to combine GEO, LEO and 5G into one harmonious global communications solution, ELERA underlines Inmarsat's strategic focus on the global mobility segment of satellite communications.

With greater awareness and complete visibility into every connected device, organizations can create a full inventory of IoT devices with all the information required to maintain them. Default passwords allow attackers to take over IoT devices as easy access points into the network.

Sectigo announced the addition of the Sectigo Secure Key Storage SDK to its collection of offerings. Sectigo Secure Key Storage: The software-based alternative for IoT devices.