Security News

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21,...

This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband Alliance, delves into the future of enterprise networking, exploring the significant role of Wi-Fi 6E and Private 5G. What role does Wi-Fi 6E play in enterprise connectivity, and what advanced capabilities does it offer on the 6GHz spectrum? How is the need for Private 5G in enterprise networks growing due to new IoT use cases, and what are the key drivers for Wi-Fi adoption in enterprise networks?

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. While the malware is known to weaponize remote code execution flaws in GitLab and Lilin DVR for propagation, the addition of CVE-2023-25717 shows that Andoryu is actively expanding its exploit arsenal to ensnare more devices into the botnet.

Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic. Wi-Fi frames contain various kinds of data related to network traffic and routing.

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology environments."Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli industrial cybersecurity company Otorio said.

We've written, admittedly with a mixture of fascination and delight, about their work on many occasions before, including wacky tricks such as GAIROSCOPE, LANTENNA and the FANSMITTER. This time, the researchers have given their new trick the unfortunate and perhaps needlessly confusing name COVID-bit, where COV is explicitly listed as standing for "Covert", and we're left to guess that ID-bit stands for something like "Information disclosure, bit-by-bit". How can you use the radio noise of an SMPS switching millions of times a second to convey anything other than noise?

Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement.

Europol this week said it has arrested 31 people in a crackdown on a car-theft ring that developed and used a technique to steal keyless vehicles. The thieves were apparently able to update or manipulate the cars' software so that the doors could be opened and engine started without needing the owner's wireless keyfob.

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller that could be abused by an unauthenticated, remote attacker to take control of an affected system. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials."

Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging. The Combined Charging System is one of the plethora of standards in the EV charging world, and allows DC fast charging.