Tag
#wifi
Categories: Business Tags: VPN Tags: meta Tags: Facebook Tags: data Tags: disclosure Tags: australia Tags: australian Tags: traffic We take a look at reports that Meta subsidiaries have been ordered to pay a sizeable fine relating to disclosure issues for a now discontinued VPN. (Read more...) The post Meta subsidiaries must pay $14m over misleading data collection disclosure appeared first on Malwarebytes Labs.
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.
Plus: Russia tightens social media censorship, new cyberattack reporting rules for US companies, and Google Street View returns to Germany.
Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). Various other issues were also addressed.
There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: IQ Wifi 6: All firmware versions prior to 2.0.2 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Restriction of Execssive Authentication Attempts CWE-307 In firmware versions prior to v2.0.2 of Johnson Controls IQ Wifi 6, an unauthorized user could gain account access by conducting a brute force authentication attack. CVE-2023-3548 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). 3.3 BACKGROUND Critical Infrastructure Sectors: Critical Ma...
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
By Owais Sultan This article presents ten essential cybersecurity tips tailored specifically for small businesses. So let’s get to it! In… This is a post from HackRead.com Read the original post: 10 Essential Cybersecurity Tips for Small Businesses
Wifi Soft Unibox Administration versions 3.0 and 3.1 suffer from a remote SQL injection vulnerability.