Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...

The vulnerability of the microprogrammed software of the Cisco Aironet Active Sensor wireless client detection device arises from the use of pre-installed registration data. This allows a malicious actor to cause service failures.

The vulnerability of the microprogrammed software of the Cisco Aironet Active Sensor wireless client sensor lies in the use of pre-installed registration data. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...

Cisco Aironet Active Sensor Trust Management Issues Vulnerability

Cisco Aironet Active Sensor is an active wireless network sensor from Cisco. The product is mainly used to monitor wireless network performance. The Cisco Aironet Active Sensor suffers from a trust management issue vulnerability that stems from the use of static passwords for default local...

CVE-2019-1675

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...

Default configuration

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...

CVE-2019-1675

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...

CVE-2019-1675 Cisco Aironet Active Sensor Static Credentials Vulnerability

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...

CVE-2019-1675

CVE-2019-1675 affects Cisco Aironet Active Sensor. The issue arises from a default local account with a static password that provides privileges only to reboot the device; an unauthenticated, remote attacker can guess the account name/password to access the CLI and reboot the sensor, potentially ...

Clever Smartphone Malware Concealment Technique

This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The...

Google Play Removes Malicious Malware-Ridden Apps

Google Play has removed two malicious apps that were infecting devices with a notorious banking malware bent on scooping up victim’s credentials. The two apps, Currency Converter and BatterySaverMobo, purported to be useful mobile tools that help users calculate currency and optimize mobile batte...

New Android Malware Apps Use Motion Sensor to Evade Detection

Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security...

PT-2018-3942 · D Link · D-Link Dcs Series Wi-Fi Cameras

Name of the Vulnerable Software and Affected Versions: D-Link DCS series Wi-Fi cameras versions 1.00 and above Description: The issue is related to insufficient protection of registration data in the common/info.cgi component of D-Link DCS series Wi-Fi cameras' firmware. This can allow a remote...

CVE-2018-20161

A design flaw in the BlinkForHome aka Blink For Home Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips triggered by the motion sensor are not saved if the attacker's traffic such as Dot11Deauth successfully disconnects the Sync Module from the...

PRTG Network Monitor <=18.3.43.2323 RCE Vulnerability

PRTG Network Monitor is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

Cross site request forgery (csrf)

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

CVE-2018-18552

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service menu functionality loss by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug...