Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26145)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Inside Registered Agents Inc., the Shadowy Firm Pushing the Limits of Business Privacy

Registered Agents Inc. has for years allowed businesses to register under a cloak of anonymity. A WIRED investigation reveals that its secretive founder has taken the practice to an extreme...

The Story of the Mirai Botnet

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet...

End-to-End Encrypted Instagram and Messenger Chats: Why It Took Meta 7 Years

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right...

Section 702 Surveillance Reauthorization May Get Slipped Into ‘Must-Pass’ NDAA

Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED...

Aruba Networks AirWave Management Platform Security Vulnerability

Aruba Networks AirWave Management Platform, from Aruba Networks, provides granular visibility into wired and wireless networks and is the leading multi-vendor management platform designed for local campus environments. A security vulnerability exists in the Aruba Networks AirWave Management...

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist

The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them...

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs

A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member...

Backdoor in TETRA Police Radios

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio TETRA standard used by police forces around the world. The European Telecommunications Standards Institute ETSI, an organization that standardizes technologies across the industry, first created TETRA in...

SolarWinds Detected Six Months Earlier

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didnt realize what it detected--and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months...

iOS Lockdown Mode effective against NSO zero-click exploit

Apples Lockdown Mode feature alerted a victim to one of the latest NSO exploits, according to a report by Citizen Lab. image courtesy of Citizen Lab This is a huge deal since it shows how useful Lockdown Mode can be, even against exploits developed by one of the worlds most notorious commercial...

ICE Is Grabbing Data From Schools and Abortion Clinics

An agency database WIRED obtained reveals widespread use of so-called 1509 summonses that experts say raises the specter of potential abuse...

Data Breaches: The Complete WIRED Guide

Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers...

SUSE CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

SUSE CVE-2020-26143

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration...

CVE-2023-22375

Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability...

CVE-2023-22375

The CVE-2023-22375 issue affects the PLANEX Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G (all versions). It is a Cross-site Request Forgery (CSRF) vulnerability that could allow a remote unauthenticated attacker to hijack a logged-in user’s session and perform arbitrary operations by tric...

CVE-2023-22375

Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability...

Meet the Creator of North Korea’s Favorite Crypto Privacy Service

The world’s most prolific crypto thieves have used Sinbad.io to launder tens of millions. Its creator, “Mehdi,” answers WIRED’s questions...

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP2) (SUSE-SU-2022:4587-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4587-1 advisory. - A flaw was found in the Linux kernel's driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The...