Security Affairs

APRIL 5, 2025

The vulnerability in the Verizon Call Filter apps /clr/callLogRetrieval endpoint, although authentication was enforced via JWT tokens, the server failed to verify that the phone number in the header matched the tokens user ID ( sub ). The issue likely affected most Verizon Wireless users, as the service is often enabled by default.

Wireless 103

Wireless Surveillance Risk Media 103

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. The goal of the amendment – called a “delegated act” – is to ensure that all wireless devices are safe before they are sold in the EU. EU Amendment Applies to Many Devices.

Wireless 110

Wireless IoT Manufacturing Mobile 110

Security Affairs

DECEMBER 10, 2018

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers.

Hacking 111

Hacking Wireless Passwords Authentication 111

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. Not long after the Twitter hack, O’Connor was quoted in The New York Times denying any involvement. “I million.

Cryptocurrency 271

Cryptocurrency Accountability Mobile Hacking 271

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 111

Passwords Hacking Wireless Authentication 111

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing. Urgency should be a giant red flag.

Passwords 363

Passwords Password Management Phishing Scams 363

Security Affairs

JUNE 30, 2019

The flaw, tracked as CVE-2019-10964 , is an improper access control issue that could be exploited by an attack er with adjacent access to one of the vulnerable insulin pumps to interfere with the wireless RF (radio frequency) communications to or from the product. SecurityAffairs – Medtronic, hacking). ” Source AARP website.

Hacking 111

Hacking Wireless Healthcare Advertising 111

The Hacker News

MAY 19, 2022

The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. <!-

Wireless 110

Wireless Hacking Authentication Technology 110

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,IOT)

Firmware 68

Firmware IoT Wireless Surveillance 68

Security Affairs

MARCH 12, 2020

Security experts describe a real attack case that sees the attackers using a small, unidentified hardware device to hack into the target network. Is it possible to hack into a network using a sort of invisibility cloak? SecurityAffairs – hacking, invisibility cloak). The short answer is, YES it is. Attack tool used.

Hacking 120

Hacking Banking Authentication Advertising 120

The Last Watchdog

FEBRUARY 3, 2021

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. The SolarWinds hack came to light in mid-December and has since become a red hot topic in the global cybersecurity community. Video: What all companies need to know about the SolarWinds hack. Related: The quickening of cyber warfare.

Phishing 252

Phishing Hacking Accountability Social Engineering 252

Security Affairs

DECEMBER 2, 2022

This article is going to explore cybersecurity considerations surrounding drone platforms through an initial review of drone market trends, popular drone hacking tools, and general drone hacking techniques that may be used to compromise enterprise drone platforms, including how drone platforms themselves may be used as malicious hacking platforms.

Cybersecurity 143

Cybersecurity Wireless Computers and Electronics Penetration Testing 143

Threatpost

MARCH 3, 2021

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.

Wireless 122

Wireless Authentication Mobile Hacking 122

Security Affairs

AUGUST 27, 2021

Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7) CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2) An attacker doesn’t need any authentication to conduct the attack.

Hacking 108

Hacking Authentication Internet Internet 108

Security Affairs

DECEMBER 30, 2022

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models.

Firmware 98

Firmware Wireless Authentication Hacking 98

Security Affairs

MAY 24, 2021

Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices during the pairing process and conduct man-in-the-middle (MitM) attacks while within wireless range of vulnerable devices. through 5.2, through 5.2.

Wireless 133

Wireless Authentication Mobile Encryption 133

Security Affairs

MAY 6, 2019

Sierra Wireless is warning its customers that additional AiraLink router models are affected by critical vulnerabilities previously disclosed. At the end of April, experts at Cisco Talos group disclosed a dozen of vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws. Pierluigi Paganini.

Wireless 103

Wireless Authentication Advertising Encryption 103

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. SecurityAffairs – hacking, Cisco). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firewall 131

Firewall Small Business Wireless Advertising 131

Security Affairs

SEPTEMBER 24, 2021

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. SecurityAffairs – hacking, RCE).

Software 105

Software Wireless Authentication Accountability 105

Security Affairs

MARCH 8, 2020

Netgear is warning users of a critical remote code execution flaw that could allow an unauthenticated attacker to take control of its wireless routers. The vulnerability is a post-authentication command injection issue and impacts Nighthawk (R7800) routers running firmware prior to version 1.0.2.60. SecurityAffairs – hacking, RCE).

Firmware 144

Firmware Wireless Advertising Authentication 144

Security Affairs

MARCH 22, 2019

The flaws affect the Conexus Radio Frequency Telemetry Protocol used by Medtronic defibrillators to enable wireless connections to implanted devices over the air using radio-waves. The first flaw is an IMPROPER ACCESS CONTROL ( CVE-2019-6538 ), the Conexus telemetry protocol does not implement authentication or authorization.

Hacking 111

Hacking Advertising Wireless Encryption 111

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. Pierluigi Paganini.

Firmware 128

Firmware Wireless Authentication Advertising 128

Identity IQ

JULY 28, 2022

You can use it to share files, play media and more with only a wireless connection. How Can Hackers Hack through Your Bluetooth? . How to Help Protect Yourself from Bluetooth Hacking. Unpair your Bluetooth devices from wireless devices you don’t use frequently, including speakers, cars and other technology.

Identity Theft 122

Identity Theft Wireless Passwords Malware 122

Security Affairs

AUGUST 7, 2018

A security researcher has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers. The new WiFi hacking technique allows to crack WPA/WPA2 wireless network protocols with Pairwise Master Key Identifier (PMKID)-based roaming features enabled. hcxpcaptool -z test.16800

Passwords 76

Passwords Hacking Wireless Authentication 76

Security Affairs

MAY 19, 2020

It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. “Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade.”

Authentication 120

Authentication Encryption Wireless Advertising 120

Security Affairs

JULY 15, 2024

Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network. Wired first reported that AT&T paid a ransom of 5.7 ” reported Wired.

Data breaches 134

Data breaches Wireless Hacking Mobile 134

Security Affairs

APRIL 17, 2020

The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device: IP Phone 7811, 7821, 7841, and 7861 Desktop Phones IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones Unified IP Conference Phone 8831 Wireless IP Phone 8821 and 8821-EX.

Big data 138

Big data Wireless Advertising Firmware 138

Security Affairs

FEBRUARY 26, 2020

A high-severity hardware vulnerability, dubbed Kr00k , in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. “In a successful attack, this vulnerability allows an adversary to decrypt some wireless network packets transmitted by a vulnerable device.” ” continues the report.

Encryption 111

Encryption Wireless Manufacturing Advertising 111

eSecurity Planet

MARCH 3, 2023

WPA2 is a security protocol that secures wireless networks using the advanced encryption standard (AES). The protocol protects your incoming and outgoing internet traffic and makes it difficult for cyber criminals to intercept your data or hack your device. Although WPA3 has been around for five years, its uptake remains less than 1%.

Wireless 98

Wireless Encryption Passwords IoT 98

Security Affairs

AUGUST 3, 2023

The researchers discovered that most of the medical infusion pumps that were purchased from secondary market services such as eBay were found to still contain wireless authentication data from the original medical organization that had deployed the devices. ” reads the analysis published by Rapid7. .

Marketing 98

Marketing Wireless Authentication Manufacturing 98

Security Affairs

FEBRUARY 6, 2021

Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices’ wireless communications. “As part of the module’s Wi-Fi functionality, the module supports the WEP, WPA and WPA2 authentication modes.” SecurityAffairs – hacking, IoT). Pierluigi Paganini.

IoT 121

IoT Wireless Passwords Authentication 121

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145

Krebs on Security

NOVEMBER 23, 2018

I later received an email from the seller, who said his Amazon account had been hacked and abused by scammers to create fake sales. This might involve making sure that new or old PC has up-to-date security software and the requisite software patches, or locking down their wireless router by enabling security features and disabling risky ones.

Scams 279

Scams Wireless Phishing Banking 279

Security Affairs

AUGUST 1, 2023

Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access. This isolates it from sensitive systems and data, reducing the impact of a compromise.

Wireless 98

Wireless Passwords Firmware Authentication 98

Security Affairs

APRIL 26, 2021

Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. and iOS 7, which can transfer files among supported Macintosh computers and iOS devices by means of close-range wireless communication. SecurityAffairs – hacking, Apple AirDrop).

Wireless 103

Wireless Authentication Security Performance Mobile 103

Security Affairs

JANUARY 14, 2021

One of the flaws fixed by the tech giant, tracked as CVE-2021-1144, is a high-severity vulnerability that affects Cisco Connected Mobile Experiences (CMX), which is a smart Wi-Fi solution that uses the Cisco wireless infrastructure to provide location services and location analytics for consumers’ mobile devices. and 10.6.2.

Software 122

Software Small Business Mobile Passwords 122

Security Affairs

AUGUST 29, 2019

A new Trickbot Trojan variant is targeting Verizon Wireless, T-Mobile, and Sprint users, confirming the evolution of the threat. The interception of short message service (SMS)-based authentication tokens or password resets is frequently used during account takeover (ATO) fraud.” SecurityAffairs – Trickbot Trojan, hacking).

Mobile 110

Mobile Banking Wireless Passwords 110