SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:35:08 +0000

Vulnerabilities summary The following advisory describes five (5) vulnerabilities found in ZTE ZXR10 Router. ZXR10 ZSR V2 series router is “the next generation intelligent access router product of ZTE, which integrates routing, switching, wireless, security, and VPN gateway. The product adopts industry-leading hardware platform and software architecture to provide an intelligent and flexible platform for … Continue reading SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities

Read more

SSD Advisory – K7 Total Security Device Driver Arbitrary Memory Read

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:31:38 +0000

Vulnerability Summary The following advisory describes an Crash found in K7 Total Security. Credit An independent security researcher, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response K7 has released patches to address this vulnerability – K7TotalSecurity version 15.1.0.305 Vulnerability details User controlled input to K7Sentry device is not sufficiently sanitized, … Continue reading SSD Advisory – K7 Total Security Device Driver Arbitrary Memory Read

Read more

SSD Advisory – Geneko Routers Information Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:26:40 +0000

Vulnerability Summary The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21 Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G … Continue reading SSD Advisory – Geneko Routers Information Disclosure

Read more

Reaper: Calm Before the IoT Security Storm?

Credit to Author: BrianKrebs| Date: Mon, 23 Oct 2017 19:42:42 +0000

It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware — variously named “Reaper” and “IoTroop” — that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already. Reaper isn’t attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks.

Read more