Security News
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password. TP-link Tapo is a smart device management app with 10 million installations on Google Play.
Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment. According to [PDF] Texas Instruments, maker of the vulnerable Wi-Fi chipset in Ford vehicles, the flaw merits a 9.6 on the 10-point CVSS severity scale at the worst, and an 8.8 at minimum.
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted. The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car's infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame.
Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices' memories are not wiped, as they should, during initialization, allowing others to gain access to the data. The specific information stored in a Canon printer varies depending on the model and configuration but generally includes the network SSID, the password, network type, assigned IP address, MAC address, and network profile.
Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people. Trustwave's security researcher and wireless/RF tech enthusiast Tom Neaves explains that spoofing the MAC addresses and SSIDs of legitimate access points on open networks is trivial for determined attackers.
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 Wi-Fi routers to rope the devices into a distributed denial-of-service botnet. "The Telegram channel was started in May 2022, and the threat actor has been monetizing its botnet by providing DDoS-as-a-service and selling the malware source code," security researchers Joie Salvio and Roy Tay said.
This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband Alliance, delves into the future of enterprise networking, exploring the significant role of Wi-Fi 6E and Private 5G. What role does Wi-Fi 6E play in enterprise connectivity, and what advanced capabilities does it offer on the 6GHz spectrum? How is the need for Private 5G in enterprise networks growing due to new IoT use cases, and what are the key drivers for Wi-Fi adoption in enterprise networks?
The U.S. Cybersecurity and Infrastructure Security Agency warned today of a critical remote code execution flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet. While this security bug was addressed in early February, many owners are likely yet to patch their Wi-Fi access points.
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS swarms. Researchers first abused the flaw during the Pwn2Own Toronto hacking event in December 2022, where two separate hacking teams breached the device using different pathways.
A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims' data as it's sent over a wireless network. Eggheads in China and the US have published details of a security shortcoming in the network processing units in Qualcomm and HiSilicon chips found at the heart of various wireless access points.