A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world.
Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw.
Read more…
Source: TechCrunch
Related:
- CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
April 17, 2024
On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges ...
- CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
April 17, 2024
An integer overflow vulnerability exists in the Libarchive library included in Microsoft Windows. The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing, included in the compressed data of a RAR archive. A remote attacker could exploit this vulnerability by enticing a target user into ...
- Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread
April 16, 2024
Last year, a command injection vulnerability, CVE-2023-1389, was disclosed and a fix developed for the web management interface of the TP-Link Archer AX21 (AX1800). FortiGuard Labs has developed an IPS signature to tackle this issue. Recently, their researchers observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and ...
- Trust Wallet Issues Warning to Apple Users About Zero-Day Exploit in iMessage
April 16, 2024
Trust Wallet, a popular web3 wallet, has issued a warning to Apple users, urging them to disable iMessage due to “credible intel” regarding a zero-day exploit. The company shared the alert on X, stating that the exploit, which is being sold on the Dark Web, could potentially allow hackers to take control of users’ iPhones without ...
- “Highly capable” hackers root corporate networks by exploiting Palo Alto Networks firewall 0-day
April 12, 2024
Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, the highest possible level ...
- Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed
April 11, 2024
Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the ...