Security Alerts & News
by Tymoteusz A. Góral

#1893 Router vulnerabilities disclosed in July remain unpatched
Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered.

Researcher Pedro Ribeiro of Agile Information Security found accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline, Thailand’s largest broadband company.

Ribeiro said he disclosed the vulnerabilities through Beyond Security’s SecuriTeam Secure Disclosure Program, which contacted the affected vendors last July. Ribeiro published a proof of concept exploit yesterday as well.
Read more
#1894 Facebook’s ImageTragick story
#1893 Router vulnerabilities disclosed in July remain unpatched
#1892 Secret tokens found hard-coded in hundreds of Android apps
#1891 Vulnerabilities leave iTunes, App Store open to script injection
#1890 It’s shockingly easy to hijack a Samsung SmartCam camera
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12