Honda Civic 安全漏洞

Honda Civic is an automobile from Honda Japan. The Honda Civic 2018 model year has a security vulnerability in the remote keyless system that stems from the remote keyless system sending the same RF signal for every door open request, which allows replay attacks, related to CVE-2019-20626...

CVE-2022-26131

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals...

Design/Logic Flaw

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals...

CVE-2022-26131 ICSA-22-063-01 Improper Protection against Electromagnetic Fault Injection in Trailer Power Line Communications (PLC) J2497

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals...

Trailer Power Line Communications (PLC) J2497

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: Power Line Communications PLC: J2497 a.k.a. PLC4TRUCKS Vulnerabilities: Missing Authentication for Critical Function, Improper Protection against Electromagnetic Fault Injection 2. RISK EVALUATION...

Cyber Signals: Defending against cyber threats with the latest research, insights, and trends

We’re excited to introduce Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, which will be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and...

Cyber Signals: Defending against cyber threats with the latest research, insights, and trends

We’re excited to introduce Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, which will be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and...

The vulnerability of Yokogawa’s software products stems from lack of access control mechanisms. This allows attackers to generate false system or technological alarm signals, or block existing alarm signals.

The vulnerability of Yokogawa’s software products is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to generate false system or technological alarm signals, or block existing alarm signals...

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans RATs, and other payloads related to targeted attacks. Notably, this technique was observe...

[SECURITY] Fedora 34 Update: sdrpp-1.0.4-3.fc34

SDR++ is a cross-platform and open source SDR software with the aim of being bloat free and simple to use. Features - Wide hardware support both through SoapySDR and dedicated modules - SIMD accelerated DSP - Full waterfall update when possible. Makes browsing signals easier and more pleasant...

Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work

As the world has changed over the past 18-months, companies have been wrestling with ways to keep employees and data protected as they support new ways of hybrid working. We built Windows 11 to be the most secure Windows yet with built-in chip to cloud protection that ensures company assets stay...

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Three weeks after an independent researcher found a critical bug in the Services Australia COVID-19 digital vaccine certificate that would allow an attacker to falsify someone’s vaccine status, it still hasn’t been fixed. Researcher Richard Nelson looked into the security behind a new digital...

CVE-2021-38544

Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, t...

CVE-2021-38543

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38547

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the...

CVE-2021-38549

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38545

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38548

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...

Code injection

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...

Code injection

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...