Hacking, Information Security and Wireless

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

DECEMBER 19, 2024

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure.

Wireless

Wireless Authentication Healthcare Education

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Security Affairs

MARCH 23, 2021

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. continues the announcement.

Wireless

Wireless Manufacturing Ransomware Mobile

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Some of these clusters specifically target Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. Similar botnets, like alogin and rlogin, target other devices, including Asus routers (alogin) and Ruckus Wireless devices (rlogin), each with distinct open ports for administration and proxy functions.

Passwords

Passwords Wireless VPN Accountability

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. critical): The issue is a stack-based buffer overflow in the web service of certain models of D-Link wireless routers. DIR-X4860 A1 firmware version 1.00, 1.04 CVE-2024-45695 (9.8

Wireless

Wireless Firmware Manufacturing Hacking

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

It seems to have nothing to do with phone/wireless network state. It seems to have nothing to do with phone/wireless network state. link] [link] pic.twitter.com/O3jijuqpN0 — Jiska (@naehrdine) November 8, 2024 Apple has not yet disclosed details of the new security feature. Keystore is used when unlocking the device.”

Media

Media Wireless Mobile Encryption

T-Mobile discloses data breach affecting prepaid wireless customers

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers.

Wireless

Wireless Data breaches Mobile Telecommunications

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Security Affairs

JUNE 3, 2021

Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications.

Wireless

Wireless IoT Encryption Firmware

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Security Affairs

APRIL 15, 2022

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695 , in Cisco Wireless LAN Controller (WLC). or Release 8.10.162.0

Wireless

Wireless Software Authentication Mobile

Twitter account of Huawei Mobile Brazil hacked

Security Affairs

DECEMBER 1, 2019

The official Twitter account of Huawei Mobile Brazil has been hacked and attackers have sent offensive messages to the rival Apple. The official Twitter account of Huawei Mobile Brazil has been hacked, attackers have sent offensive messages to provoke the rival Apple. SecurityAffairs – hacking, Twitter account).

Mobile

Mobile Accountability Hacking Wireless

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile

Mobile Telecommunications Data breaches Hacking

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Security Affairs

APRIL 5, 2025

The issue likely affected most Verizon Wireless users, as the service is often enabled by default. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Verizon) As a result, attackers could retrieve call histories for arbitrary numbers.

Wireless

Wireless Surveillance Risk Media

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. disclosed a data breach that exposed its customers’ credit card data after threat actors hacked a third-party application from its e-commerce providerBigCommerce. ” concludes the notification.

Data breaches

Data breaches Computers and Electronics Hacking Wireless

Vulnerability in Medtronic insulin pumps allow hacking devices

Security Affairs

JUNE 30, 2019

The flaw, tracked as CVE-2019-10964 , is an improper access control issue that could be exploited by an attack er with adjacent access to one of the vulnerable insulin pumps to interfere with the wireless RF (radio frequency) communications to or from the product. ” reads the security advisory published by the US-CERT.

Hacking

Hacking Wireless Healthcare Advertising

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices

Security Affairs

DECEMBER 2, 2020

Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices. ” The vulnerability is related to a fairly trivial buffer overflow programming error that resides in a Wi-Fi driver associated with Apple Wireless Direct Link ( AWDL ) protocol.

Hacking

Hacking Wireless Mobile Information Security

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. ZigBee is an IEEE 802.15.4-based

Hacking

Hacking IoT Wireless Firmware

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack

Security Affairs

APRIL 21, 2021

Alienware, Amazon.com, Cisco, Fujitsu, Gericom, Lenovo, LG, Maxdata, Microsoft, MPC, BlackBerry Ltd, Sharp Corporation, Siemens AG, Sony, Sun Microsystems, Toshiba, Verizon Wireless, and Vizio. As proof of the hack, REvil operators leaked some schematics of MacBook components on the leak site. SecurityAffairs – hacking, Quanta).

Computers and Electronics

Computers and Electronics Ransomware Hacking Wireless

UScellular discloses the second data breach in a year

Security Affairs

JANUARY 4, 2022

UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 ” The attackers attempted to use this information to fraudulently port numbers.

Data breaches

Data breaches Wireless Accountability Retail

UScellular data breach: attackers ported customer phone numbers

Security Affairs

JANUARY 30, 2021

US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. SecurityAffairs – hacking, data breach). ” reads the notice.

Data breaches

Data breaches Wireless Retail Accountability

Law enforcement arrested 31 suspects for stealing cars by hacking key fobs

Security Affairs

OCTOBER 18, 2022

An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. SecurityAffairs – hacking, key fobs). The post Law enforcement arrested 31 suspects for stealing cars by hacking key fobs appeared first on Security Affairs.

Hacking

Hacking Cybercrime Manufacturing Wireless

Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked

Security Affairs

DECEMBER 7, 2022

The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. SecurityAffairs – hacking, Pwn2Own Toronto 2022). Pierluigi Paganini.

Hacking

Hacking Wireless Mobile Data breaches

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

.” The threat actors also used a new variant of the ‘ Yahoyah ’ Trojan to gather information about local wireless networks. This version gather information collected by the original Yahoyah (i.e. The collected information is formatted and sent to the C&C server. SecurityAffairs – hacking, Tropic Trooper).

Hacking

Hacking Wireless Encryption Passwords

Evil Maid Attack – Vacuum Hack

Security Affairs

APRIL 23, 2021

Once inside and within a reasonable distance to the target endpoint, the Raspberry Pi’s wireless capability provides the attacker with remote access to the endpoint, all while sitting inside the vacuum. The Raspberry Pi, operating on the wireless USB interface, spoofs a legitimate HID through Physical Layer (L1) manipulation.

Hacking

Hacking Social Engineering Engineering Wireless

A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn

Security Affairs

SEPTEMBER 5, 2020

The US Federal Communications Commission (FCC) estimates the cost of a full replacement of all Huawei and ZTE hardware on American wireless networks at $1.837bn. ” The report aims at promoting the security of our national communications networks by providing information from the US carriers. . Pierluigi Paganini.

Wireless

Wireless Government Advertising Internet

AT&T is notifying millions of customers of data breach after a third-party vendor hack

Security Affairs

MARCH 10, 2023

AT&T is warning some of its customers that some of their information was exposed after the hack of a third-party vendor’s system. AT&T is notifying millions of customers that some of their information was exposed after a third-party vendor was hacked. Social Security Number, account passwords).

Data breaches

Data breaches Hacking Wireless Telecommunications

Hacking a network, using an ‘invisibility cloak’ – Is it that simple?

Security Affairs

MARCH 12, 2020

Security experts describe a real attack case that sees the attackers using a small, unidentified hardware device to hack into the target network. Is it possible to hack into a network using a sort of invisibility cloak? SecurityAffairs – hacking, invisibility cloak). appeared first on Security Affairs.

Hacking

Hacking Banking Authentication Advertising

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,IOT)

Firmware

Firmware IoT Wireless Surveillance

Cisco warns of XSS flaw in end-of-life small business routers

Security Affairs

APRIL 6, 2024

The company confirmed that this vulnerability does not affect the following RV Series Small Business Routers: RV160 VPN Routers RV160W Wireless-AC VPN Routers RV260 VPN Routers RV260P VPN Routers with PoE RV260W Wireless-AC VPN Routers RV340 Dual WAN Gigabit VPN Routers RV340W Dual WAN Gigabit Wireless-AC VPN Routers RV345 Dual WAN Gigabit VPN Routers (..)

Small Business

Small Business VPN Wireless Software

Attack of drones: airborne cybersecurity nightmare

Security Affairs

DECEMBER 2, 2022

This article is going to explore cybersecurity considerations surrounding drone platforms through an initial review of drone market trends, popular drone hacking tools, and general drone hacking techniques that may be used to compromise enterprise drone platforms, including how drone platforms themselves may be used as malicious hacking platforms.

Cybersecurity

Cybersecurity Wireless Computers and Electronics Penetration Testing

DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’

Security Boulevard

OCTOBER 22, 2023

Permalink The post DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’ appeared first on Security Boulevard.

Wireless

Wireless Hacking Architecture Education

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

The phone was being shipped to users with two malicious malware masqueraded as Wireless Update application and a Settings app respectively. “We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. .

Malware

Malware Wireless Mobile Advertising

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Security Affairs

OCTOBER 6, 2020

Mobile offers postpaid and prepaid no-contract wireless service plans to its customers that allow them to use the lines of the nation’s largest cellular networks including AT&T, T-Mobile, and Verizon. SecurityAffairs – hacking, e-skimmer). The post Fullz House hacked the website of Boom! Pierluigi Paganini.

Mobile

Mobile Hacking Wireless Advertising

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Security Affairs

APRIL 9, 2021

The company has not released security updates to address this flaw, the company pointed out that there are no workarounds that fix this vulnerability. The flaw affects the following Cisco Small Business RV Series Routers: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router.

Small Business

Small Business Wireless VPN Firewall

Critical bug in Cisco UWRB access points allows attackers to run commands as root

Security Affairs

NOVEMBER 6, 2024

Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands, compromising industrial wireless automation security. The vulnerability resides in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

Wireless

Wireless Software Information Security Hacking

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless

Wireless VPN Software Hacking

Hackers gained access to T-Mobile customers and employee personal info

Security Affairs

MARCH 5, 2020

New problems for the wireless carrier T-Mobile that disclosed a data breach that exposed some of the customers’ personal information. The wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. SecurityAffairs – hacking, T-mobile). Pierluigi Paganini.

Mobile

Mobile Data breaches Telecommunications Wireless

Sonos smart speakers flaw allowed to eavesdrop on users

Security Affairs

AUGUST 9, 2024

The flaw resides in the device’s wireless driver which fails to properly validate an information element while negotiating a WPA2 four-way handshake. “A vulnerability exists in the affected devices wireless driver that does not properly validate an information element while negotiating a WPA2 four-way handshake.”

Wireless

Wireless Manufacturing Engineering Hacking

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

Sweden is banning Chinese tech giant Huawei and ZTE from building new 5G wireless networks due to national security concerns. In September, the US Federal Communications Commission (FCC) estimated the cost of a full replacement of all Huawei and ZTE hardware on American wireless networks at $1.837bn. Pierluigi Paganini.

Wireless

Wireless Internet Internet Advertising

New AT&T data breach exposed call logs of almost all customers

Security Affairs

JULY 12, 2024

Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.

Data breaches

Data breaches Wireless Mobile Hacking

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Security Affairs

SEPTEMBER 28, 2019

Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. Pierluigi Paganini.

Hacking

Hacking Mobile Risk Advertising

Kansas State University suffered a serious cybersecurity incident

Security Affairs

JANUARY 19, 2024

On January 18, KSU Wireless was still unavailable, the university recommends the use of KSU Guest to connect wirelessly during this time. At this time, K-State has yet to provide details about the security breach. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, KSU)

Cybersecurity

Cybersecurity Wireless VPN Hacking

B. Braun Infusomat pumps could be hacked to alter medication doses

Security Affairs

AUGUST 27, 2021

Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. SecurityAffairs – hacking, B. Braun Infusomat pumps could be hacked to alter medication doses appeared first on Security Affairs. Researchers disclosed five vulnerabilities in B. Pierluigi Paganini. The post B. The post B.

Hacking

Hacking Authentication Internet Internet

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Security Affairs

APRIL 29, 2024

wireless carriers $200 million for sharing customers’ real-time location data without consent. wireless carriers nearly $200 million for unlawfully selling access to real-time location data of their customers without consent. The Federal Communications Commission (FCC) fined the largest U.S. The FCC has fined four major U.S.

Wireless

Wireless Telecommunications Insurance Mobile

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

Soldier Major cybercrime operation nets 1,006 suspects UK hospital network postpones procedures after cyberattack Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say Florida Telecommunications and Information Technology Worker Sentenced for Conspiring to Act as Agent of Chinese Government Rockstar 2FA: A Driving (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Webinars

Trending Sources

Chinese threat actors use Quad7 botnet in password-spray attacks

Webinars

D-Link addressed three critical RCE in wireless router models

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

T-Mobile discloses data breach affecting prepaid wireless customers

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Twitter account of Huawei Mobile Brazil hacked

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

ZAGG disclosed a data breach that exposed its customers’ credit card data

Vulnerability in Medtronic insulin pumps allow hacking devices

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack

UScellular discloses the second data breach in a year

UScellular data breach: attackers ported customer phone numbers

Law enforcement arrested 31 suspects for stealing cars by hacking key fobs

Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Evil Maid Attack – Vacuum Hack

A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn

AT&T is notifying millions of customers of data breach after a third-party vendor hack

Hacking a network, using an ‘invisibility cloak’ – Is it that simple?

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Cisco warns of XSS flaw in end-of-life small business routers

Attack of drones: airborne cybersecurity nightmare

DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’

Pre-Installed malware spotted on other Android phones sold in US

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Critical bug in Cisco UWRB access points allows attackers to run commands as root

Old vulnerabilities in Cisco products actively exploited in the wild

Hackers gained access to T-Mobile customers and employee personal info

Sonos smart speakers flaw allowed to eavesdrop on users

Sweden bans Huawei and ZTE from building its 5G infrastructure

New AT&T data breach exposed call logs of almost all customers

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Kansas State University suffered a serious cybersecurity incident

B. Braun Infusomat pumps could be hacked to alter medication doses

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected