Security
Headlines
HeadlinesLatestCVEs

Tag

#wifi

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally

Millions of devices, including home routers, VPN servers, and CDNs are vulnerable to exploitation due to critical flaws…

HackRead
Open in Source
#vulnerability#web#google#dos#auth#wifi#ssl
The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

As the US faces “the worst telecommunications hack in our nation’s history,” by China’s Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if it’s the last thing she does.

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

Cybersecurity Risks in Crypto: Phishing, Ransomware and Other Emerging Threats

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…

Why Small Businesses Can't Rely Solely on AI to Combat Threats

The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.

GHSA-cvv5-9h9w-qp2m: Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)

### Summary The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. ### Details I have exploited this vulnerability in a Windows service using version 5.22.11 of the module, to escalate privileges (in an environment where I am authorized to do so). However, as far as I can see from the code, it is still present in master branch at time of writing, on line [403/404 of network.js](https://github.com/sebhildebrandt/systeminformation/blob/3a92931c7d46605ffddc1aacb97a9727273b2888/lib/network.js#L403). The SSID is obtained from `netsh wlan show interface ...` in `getWindowsWirelessIfaceSSID`, and then passed to `cmd.exe /d /s /c "netsh wlan show profiles ...` in `getWindowsIEEE8021x`, without sanitization. ### PoC First, the command injection payload should be included in the connected Wi-Fi SSID. For example create hotspot on mobile phone or other lap...

TP-Link faces US national security probe, potential ban on devices

TP-Link is being investigated for alleged predatory pricing practices, which may be driven by ulterior motives.

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

A free VPN app called Big Mama is selling access to people’s home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.

To Defeat Cybercriminals, Understand How They Think

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target.