(eight advisories in document) Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is affected by a memory corruption vulnerability when processing cookies. An unauthenticated attacker could leverage the vulnerability to take full control over the switch. It is also affected by a memory corruption vulnerability when processing ioIndex GET parameter values. An attacker with valid credentials for the web interface could leverage the vulnerability to take full control of the switch. Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is affected by…
In 2008, the Dreamliner was presented as the world’s first e-Enabled commercial airplane. Boeing certainly introduced an impressive new set of functionalities, enabling the vast majority of the components to be highly integrated with and connected to regular systems, such as onboard maintenance, data-load, and the Crew Information System. IOActive has documented our detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or…
A few key steps you can take today to build a supply chain security program – and protect your network, systems, and products from threats.
In this first, of a two-part blog series on supply chain, I’ll discuss the security and operational risk in today’s supply chain. In the past 20 years, we’ve seen the globalization of the supply chain and a significant movement to disperse supply chains outside national borders. With this globalization comes many supply chain risks — risks that go beyond just cyber attacks and demonstrate a need for stronger operational resilience. Most organizations want to take advantage of tariff treaties and overall cost savings by outsourcing the manufacturing and production of…
(2) A malicious application without any permission could remove applications and gain read and write access from the list of locked applications configured in AppLock, therefore bypassing the security pattern configured by the user to protect them. (two advisories in document)
(2) A malicious application without any permission could gain read and write access to the list of Private Contacts and blocked numbers configured in ZenUI Dialer & Contacts. (two advisories in document)
(2) A malicious application without any permission could gain read and write access to the private SMS and MMS messages configured in ZenUI Messaging as well as send arbitrary SMS messages to arbitrary phone numbers. (two advisories in document)
The push to incorporate remote management capabilities into products has swept across a number of industries. A good example of this is the famous Internet of Things (IoT), where modern home devices from crockpots to thermostats can be managed remotely from a tablet or smartphone. One of the biggest problems associated with this new feature is a lack of security. Unfortunately, nobody is surprised when a new, widespread vulnerability appears in the IoT world. However, the situation becomes a bit more concerning when similar technologies appear in the aviation sector….
Cesar Cerrudo, CTO, IOActive, provides a webinar presentation on the ever-growing risks of using technology that enables smart cities. With the advancement of information, communication, and IoT technologies, come new vulnerabilities, and opportunities for cyber attacks, resulting in disruption and denial of services.