Schneier on Security

JANUARY 21, 2020

Phone companies have added security measures since this attack became popular and public, but a new study (news article ) shows that the measures aren't helping: We examined the authentication procedures used by five pre-paid wireless carriers when a customer attempted to change their SIM card.

Authentication 268

Authentication Wireless Backups Accountability 268

Security Affairs

APRIL 27, 2019

Experts at Cisco Talos group disclosed a dozen vulnerabilities uncovered in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Pierluigi Paganini.

Wireless 110

Wireless Passwords IoT Advertising 110

eSecurity Planet

MARCH 1, 2023

Wireless security is the protection of wireless networks, devices and data from unwanted access and breaches. It involves a variety of strategies and practices designed to preserve the confidentiality, integrity and availability of wireless networks and their resources. What is Wireless Security?

Wireless 98

Wireless Encryption Authentication IoT 98

Security Affairs

APRIL 15, 2022

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695 , in Cisco Wireless LAN Controller (WLC). or Release 8.10.162.0

Wireless 98

Wireless Software Authentication Mobile 98

Malwarebytes

OCTOBER 1, 2021

Express mode allows iPhone owners to use transit or payment cards, passes, a student ID, a car key, and more, without waking or unlocking their device, or authenticating with Face ID, Touch ID, or a passcode. The post Apple Pay vulnerable to wireless pickpockets appeared first on Malwarebytes Labs. The underlying issue.

Wireless 137

Wireless Banking Authentication 137

Security Affairs

JUNE 3, 2021

Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications.

Wireless 126

Wireless IoT Encryption Firmware 126

Krebs on Security

MARCH 16, 2021

” The most common way thieves hijack SMS messages these days involves “sim swapping,” a crime that involves bribing or tricking employees at wireless phone companies into modifying customer account information. But he suspects some of the smaller wired and wireless telecommunications firms may still be vulnerable.

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

The Hacker News

APRIL 14, 2022

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.

Wireless 102

Wireless Software Authentication 102

Duo's Security Blog

MAY 23, 2024

When reading the title of this blog, you might be wondering to yourself why RADIUS is being highlighted as a subject — especially amidst all of the advancements of modern authentication we see taking place recently. It is commonly used for network access into VPNs, wireless access points, and other devices (more on this later).

Authentication 111

Authentication Wireless Passwords Encryption 111

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. The goal of the amendment – called a “delegated act” – is to ensure that all wireless devices are safe before they are sold in the EU. EU Amendment Applies to Many Devices.

Wireless 110

Wireless IoT Manufacturing Mobile 110

Krebs on Security

SEPTEMBER 12, 2018

wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. The four major U.S.

Mobile 241

Mobile Authentication Wireless Scams 241

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords 342

Passwords Mobile Authentication Banking 342

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. That’s down from 53 percent that did so in 2018, Okta found.

Mobile 334

Mobile Phishing Authentication Accountability 334

Krebs on Security

NOVEMBER 20, 2020

Among the eight others accused are three former wireless phone company employees who allegedly helped the gang hijack mobile numbers tied to their targets. One way to protect your accounts against SIM swappers is to remove your phone number as a primary or secondary authentication mechanism wherever possible.

Cryptocurrency 287

Cryptocurrency Mobile Authentication Accountability 287

Krebs on Security

APRIL 6, 2021

From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. Usually, this is a mobile app like Authy or Google Authenticator that generates a one-time code.

Mobile 356

Mobile Accountability Passwords Authentication 356

Krebs on Security

MAY 11, 2021

On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser. ” Another curious bug fixed this month is CVE-2020-24587 , described as a “Windows Wireless Networking Information Disclosure Vulnerability.”

Wireless 310

Wireless Internet Internet Backups 310

Malwarebytes

MARCH 22, 2021

Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push notifications (which are also vulnerable to phishing). Two-factor authentication (2FA). Two-factor authentication (2FA). Hardware security keys.

Authentication 114

Authentication Passwords Wireless Accountability 114

Krebs on Security

AUGUST 3, 2020

Thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain theblacklist.click. Some wireless providers now offer additional services and features to help block automated calls.

Mobile 355

Mobile Marketing Consumer Protection Wireless 355

The Hacker News

NOVEMBER 28, 2024

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.

Wireless 128

Wireless Authentication Risk 128

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 115

Authentication Social Engineering Phishing Banking 115

Threatpost

MARCH 3, 2021

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.

Wireless 122

Wireless Authentication Mobile Hacking 122

Krebs on Security

FEBRUARY 28, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. But in a written statement, T-Mobile said this type of activity affects the entire wireless industry. T-Mobile declined to answer questions about what it may be doing to beef up employee authentication.

Mobile 336

Mobile Phishing Authentication Advertising 336

Dark Reading

JUNE 25, 2018

The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.

Authentication 92

Authentication Wireless Encryption IoT 92

Troy Hunt

MARCH 12, 2020

I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. The very last thing I did before leaving Raf's was to disable all the wireless radios on the Telstra unit. I went overboard and I don't regret it one bit!

Wireless 353

Wireless Firmware Accountability Mobile 353

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. ” AN ‘IDENTITY CRISIS’? Click to enlarge. WHAT CAN YOU DO?

Mobile 264

Mobile Cryptocurrency Accountability Authentication 264

Threatpost

SEPTEMBER 10, 2020

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

Wireless 106

Wireless Authentication 106

Krebs on Security

JUNE 18, 2018

Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services. “This means that all requests must be authenticated and all unauthenticated responses should be as generic as possible. . Update, June 19, 6:24 p.m.

IoT 202

IoT Internet Internet Wireless 202

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface. ” reads the advisory published by Claroty.

Firmware 69

Firmware IoT Wireless Surveillance 69

Penetration Testing

NOVEMBER 7, 2023

pmkidcracker This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network.

Authentication 102

Authentication Penetration Testing Wireless 102

Security Affairs

DECEMBER 2, 2022

Common attacks against enterprise drones include platform takeover, where an attacker uses RF, Wi-Fi or a subscription service like Aerial Armor to detect flight paths of a drone in a geographical area, perform de-authentication attacks, take over control of the drone and land the stolen drone in a location of its choosing.

Cybersecurity 143

Cybersecurity Wireless Computers and Electronics Penetration Testing 143

Security Affairs

DECEMBER 30, 2022

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models.

Firmware 98

Firmware Wireless Authentication Hacking 98

Security Affairs

SEPTEMBER 24, 2021

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers.

Software 105

Software Wireless Authentication Accountability 105

Security Affairs

MAY 6, 2019

Sierra Wireless is warning its customers that additional AiraLink router models are affected by critical vulnerabilities previously disclosed. At the end of April, experts at Cisco Talos group disclosed a dozen of vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws.

Wireless 103

Wireless Authentication Advertising Encryption 103

Security Affairs

MAY 24, 2021

Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices during the pairing process and conduct man-in-the-middle (MitM) attacks while within wireless range of vulnerable devices. through 5.2, through 5.2.

Wireless 133

Wireless Authentication Mobile Encryption 133

The Hacker News

MAY 19, 2022

The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. <!-

Wireless 109

Wireless Hacking Authentication Technology 109

SecureWorld News

NOVEMBER 20, 2023

SIM swapping involves the unauthorized transfer of a user's account to a SIM card controlled by malicious actors, achieved by convincing the victim's wireless carrier to make the change.

Mobile 106

Mobile Wireless Artificial Intelligence Accountability 106

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover.

Firewall 131

Firewall Small Business Wireless Advertising 131