Lexmark Printers Open to Arbitrary Code-Execution Zero Day – Threatpost
Lexmark Printers Open to Arbitrary Code-Execution Zero Day Threatpost
Lexmark Printers Open to Arbitrary Code-Execution Zero Day Threatpost
Organizations that have yet to install the latest version of the Pulse Secure VPN have a good reason to stop dithering—a code-execution vulnerability that allows attackers to take control of networks that use the product.
Tracked as CVE-2020-8218, the vulnerability requires an attacker to have administrative rights on the machine running the VPN. Researchers from GoSecure, the firm that discovered the flaw, found an easy way to clear that hurdle: trick an administrator into clicking on a malicious link embedded in an email or other type of message.
“While it does require to be authenticated,” GoSecure researcher Jean-Frédéric Gauron wrote in a post, referring to the exploit, “the fact that it can be triggered by a simple phishing attack on the right victim should be evidence enough that this vulnerability is not to be ignored.”
Read 10 remaining paragraphs | Comments
The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity.
Mobile Security – Threatpost
Home and small-office routers from manufacturers including Trendnet and D-Link are vulnerable to attacks that allow attackers anywhere in the world to execute malicious code on the devices, according to an advisory issued over the weekend.
The remote command-injection bug affects routers that were developed using the RealTek software development kit. That includes routers from Trendnet and D-Link, according to the developer who discovered the vulnerability. There’s no comprehensive list of manufacturers or models that are affected, though more technical users may be able to spot them by using the Metasploit framework to query their router. If the response contains “RealTek/v1.3” or similar, it’s likely vulnerable.
The remote code-execution vulnerability resides in the “miniigd SOAP service” as implemented by the RealTek SDK. Security researcher Ricky “HeadlessZeke” Lawshae reported it to HP’s Zero Day Initiative (ZDI) in August 2013. ZDI, which uses such vulnerability information to block attacks in its line of intrusion prevention services, then reported it to officials inside RealTek. After 20 months of inaction, the HP division disclosed it publicly even though no fix has been released.
Read 2 remaining paragraphs | Comments