#wifi

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker

Data-rich and resource-poor, schools and libraries around the country make attractive targets for cybercriminals looking for an easy score, but a new federal program is looking to aid their defenses by providing much-needed financial support.

This week on the Lock and Code podcast, we speak with Tjitske de Vries to answer some of the most common cybersecurity questions we receive.

Red Hat Security Advisory 2024-3939-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"

The messaging standard promises better security and cooler features than plain old SMS. Android has had it for years, but now iPhones are getting it too.

Red Hat Security Advisory 2024-3859-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.