admin

admin

  • Joined: September 10, 2024
  • Articles: 8528

CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation

September 3, 2025
Vulnerability / Mobile Security

On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting TP-Link TL-WA855RE Wi-Fi Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing signs of active exploitation. The vulnerability, identified as CVE-2020-24363 (CVSS score: 8.8), involves a missing authentication flaw that can be exploited to gain elevated access to the device. CISA noted that “this vulnerability could enable an unauthenticated attacker on the same network to send a TDDP_RESET POST request for a factory reset and reboot,” allowing them to establish incorrect access control by setting a new administrative password. According to malwrforensics, the issue has been addressed in firmware version TL-WA855RE(EU)_V5_200731. However, it’s important to mention that this product has reached end-of-life (EoL) status, making future patches or updates unlikely. Users of the Wi-Fi range extender are therefore advised to take caution.

CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation On September 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical security vulnerability related to TP-Link TL-WA855RE Wi-Fi Ranger Extenders…

Critical BadAlloc Vulnerability Impacts BlackBerry QNX in Millions of Vehicles and Medical Devices

August 18, 2021

A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.

Critical Vulnerability in BlackBerry QNX Poses Risk to Millions of Devices August 18, 2021 A significant security vulnerability has been identified in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS), which underpins a vast array of products, including automotive…

Cyber Attack Disrupts Passport Control at Istanbul Airport

July 26, 2013

The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.

Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.

As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.

Cyber Attack Disrupts Istanbul Airport’s Passport Control Systems On July 26, 2013, the passport control systems at Istanbul Ataturk Airport’s international departure terminal faced a significant disruption due to a cyber attack, affecting operations not only at this major facility…

Cloudflare Successfully Thwarts Unprecedented 11.5 Tbps DDoS Attack

Cloudflare announced on Tuesday that it effectively mitigated a record-breaking volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). In a recent post on X, the web infrastructure and security provider revealed, “In recent weeks, we’ve autonomously blocked numerous hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bbps and 11.5 Tbps.” The attack, primarily a UDP flood originating from Google Cloud, lasted only about 35 seconds, highlighting the company’s robust defense mechanisms at work. Volumetric DDoS attacks aim to overwhelm a target with excessive traffic, causing server slowdowns or failures, often resulting in network congestion, packet loss, and service disruptions. Typically, these attacks are executed using botnets controlled by threat actors.

Cloudflare Defends Against Unprecedented 11.5 Tbps DDoS Attack On September 3, 2025, Cloudflare announced that it successfully thwarted a staggering volumetric distributed denial-of-service (DDoS) attack, which peaked at an astonishing 11.5 terabits per second (Tbps). The web infrastructure and security…

Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats

A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.

Severe Vulnerability in ThroughTek SDK Exposes Millions of IoT Devices to Potential Attacks On August 18, 2021, a significant security flaw was identified within multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK). This vulnerability, designated as CVE-2021-28372…

Chinese Hackers Exposed by U.S. Water Control System Decoy

August 5, 2013

A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.

Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.

These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.

Chinese Hackers Compromised by Deceptive U.S. Water Control System Honeypots August 5, 2013 In a recent revelation, a prominent hacker group from China, identified as APT1 or the Comment Crew, has been implicated in an attempted breach of a simulated…

Iranian Hackers Compromise Over 100 Embassy Email Accounts in Global Diplomat Phishing Campaign

Sep 03, 2025
Data Breach / Cyber Espionage

A group linked to Iran has been identified as the perpetrator of a “coordinated” and “multi-wave” spear-phishing campaign targeting embassies and consulates across Europe and beyond. Israeli cybersecurity firm Dream has attributed this activity to Iranian-aligned operators associated with a broader offensive cyber initiative known as Homeland Justice. “Phishing emails were sent to numerous government officials worldwide, masquerading as legitimate diplomatic correspondence,” the firm reported. “The evidence suggests a larger regional espionage strategy aimed at diplomatic and government institutions amid rising geopolitical tensions.” The attack tactics involve spear-phishing emails that reference geopolitical disputes between Iran and Israel, containing malicious Microsoft Word attachments that prompt recipients to “Enable Content” to execute embedded Visual Basic for Applications code.

Iranian Hackers Target Diplomatic Communications of Embassies Worldwide In a sophisticated and coordinated cyberattack, a group associated with Iran has breached over 100 email accounts belonging to embassies and consulates globally, according to a report from Israeli cybersecurity firm Dream.…

Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers

Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.

Kaseya Releases Patches for Critical Zero-Day Vulnerabilities in Unitrends Servers On August 27, 2021, Kaseya, a prominent U.S. technology firm specializing in IT infrastructure management, announced the release of security updates aimed at rectifying two critical zero-day vulnerabilities within its…

Pakistani Hackers Target Thousands of Israeli Websites in Support of Palestine

August 14, 2013

A widespread cyber attack is currently underway, with thousands of Israeli websites being compromised by Pakistani hackers in solidarity with the Palestinian people. Reports indicate that around 650 Israeli websites have already been infiltrated, with the hackers posting their messages on these sites. One hacker, known by the alias “H4x0r HuSsY,” communicated with The Hacker News to announce upcoming releases of additional hacked websites. The attacker’s message included slogans such as “LONG LIVE PALESTINE – PAKISTAN ZINDABAD HAPPY INDEPENDENCE DAY TO & FROM TEAM MADLEETS.”

The affected sites include semi-government, personal, and corporate Israeli domains. At the time of this report, many of these websites continue to display defaced pages. This cyber offensive follows a recent declaration of a “cyber war” on Israel by global hacker collectives, including the Anonymous group, after the Israeli Defense Forces threatened to cut off internet access in Gaza.

Cyber Attack on Israeli Websites Orchestrated by Pakistani Hackers in Support of Palestine August 14, 2013 A significant cyber offensive has unfolded as Pakistani hackers target thousands of Israeli websites in a demonstration of solidarity with the Palestinian people. According…