October 2, 2024

700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

With 14 serious security flaws found, what a gift for spies and crooks Fourteen newly found bugs in DrayTek Vigor routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control…

NIST’s security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…

‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…

The fix for BGP’s weaknesses has big, scary, issues of its own, boffins find

Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German…

Copyright © 2024 Lugapel