Schneier on Security

JANUARY 21, 2020

Phone companies have added security measures since this attack became popular and public, but a new study (news article ) shows that the measures aren't helping: We examined the authentication procedures used by five pre-paid wireless carriers when a customer attempted to change their SIM card.

Authentication 264

Authentication Wireless Backups Accountability 264

Security Affairs

APRIL 27, 2019

Experts at Cisco Talos group disclosed a dozen vulnerabilities uncovered in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Pierluigi Paganini.

Wireless 111

Wireless Passwords IoT Advertising 111

eSecurity Planet

MARCH 1, 2023

Wireless security is the protection of wireless networks, devices and data from unwanted access and breaches. It involves a variety of strategies and practices designed to preserve the confidentiality, integrity and availability of wireless networks and their resources. What is Wireless Security?

Wireless 98

Wireless Encryption Authentication IoT 98

Security Affairs

MAY 2, 2019

Experts at Tenable discovered 15 vulnerabilities in eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. Wireless presentation systems are used to display content on a screen or through several devices, including mobile devices and laptops. ” reads the analysis published by Tenable.

Wireless 106

Wireless Advertising Firmware Authentication 106

Malwarebytes

OCTOBER 1, 2021

Express mode allows iPhone owners to use transit or payment cards, passes, a student ID, a car key, and more, without waking or unlocking their device, or authenticating with Face ID, Touch ID, or a passcode. The post Apple Pay vulnerable to wireless pickpockets appeared first on Malwarebytes Labs. The underlying issue.

Wireless 139

Wireless Banking Authentication 139

Security Affairs

JUNE 3, 2021

Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications.

Wireless 130

Wireless IoT Encryption Firmware 130

Security Affairs

APRIL 15, 2022

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695 , in Cisco Wireless LAN Controller (WLC). or Release 8.10.162.0

Wireless 98

Wireless Software Authentication Mobile 98

Krebs on Security

MARCH 16, 2021

” The most common way thieves hijack SMS messages these days involves “sim swapping,” a crime that involves bribing or tricking employees at wireless phone companies into modifying customer account information. But he suspects some of the smaller wired and wireless telecommunications firms may still be vulnerable.

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Krebs on Security

SEPTEMBER 12, 2018

wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. The four major U.S.

Mobile 256

Mobile Authentication Wireless Scams 256

The Hacker News

APRIL 14, 2022

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.

Wireless 102

Wireless Software Authentication 102

Duo's Security Blog

MAY 23, 2024

When reading the title of this blog, you might be wondering to yourself why RADIUS is being highlighted as a subject — especially amidst all of the advancements of modern authentication we see taking place recently. It is commonly used for network access into VPNs, wireless access points, and other devices (more on this later).

Authentication 111

Authentication Wireless Passwords Encryption 111

Krebs on Security

NOVEMBER 20, 2020

Among the eight others accused are three former wireless phone company employees who allegedly helped the gang hijack mobile numbers tied to their targets. One way to protect your accounts against SIM swappers is to remove your phone number as a primary or secondary authentication mechanism wherever possible.

Cryptocurrency 309

Cryptocurrency Mobile Authentication Accountability 309

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. The goal of the amendment – called a “delegated act” – is to ensure that all wireless devices are safe before they are sold in the EU. EU Amendment Applies to Many Devices.

Wireless 109

Wireless IoT Manufacturing Mobile 109

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords 343

Passwords Mobile Authentication Banking 343

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. That’s down from 53 percent that did so in 2018, Okta found.

Mobile 340

Mobile Phishing Authentication Accountability 340

Krebs on Security

APRIL 6, 2021

From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. Usually, this is a mobile app like Authy or Google Authenticator that generates a one-time code.

Mobile 357

Mobile Accountability Passwords Authentication 357

Malwarebytes

MARCH 22, 2021

Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push notifications (which are also vulnerable to phishing). Two-factor authentication (2FA). Two-factor authentication (2FA). Hardware security keys.

Authentication 118

Authentication Passwords Wireless Accountability 118

Malwarebytes

MAY 1, 2025

AirPlay is Apple’s proprietary wireless technology that allows you to stream audio, video, photos, and even mirror your device’s screen from an iPhone, iPad, or Mac to other compatible devices like Apple TV, HomePod, smart TVs, or speakers. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8

Risk 95

Risk Wireless Software Mobile 95

Krebs on Security

AUGUST 3, 2020

Thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain theblacklist.click. Some wireless providers now offer additional services and features to help block automated calls.

Mobile 361

Mobile Marketing Consumer Protection Wireless 361

The Hacker News

NOVEMBER 28, 2024

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.

Wireless 130

Wireless Authentication Risk 130

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 113

Authentication Social Engineering Phishing Banking 113

Threatpost

MARCH 3, 2021

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.

Wireless 122

Wireless Authentication Mobile Hacking 122

Security Affairs

APRIL 5, 2025

The vulnerability in the Verizon Call Filter apps /clr/callLogRetrieval endpoint, although authentication was enforced via JWT tokens, the server failed to verify that the phone number in the header matched the tokens user ID ( sub ). The issue likely affected most Verizon Wireless users, as the service is often enabled by default.

Wireless 108

Wireless Surveillance Risk Media 108

Dark Reading

JUNE 25, 2018

The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.

Authentication 92

Authentication Wireless Encryption IoT 92

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface. ” reads the advisory published by Claroty.

Firmware 73

Firmware IoT Wireless Surveillance 73

Threatpost

SEPTEMBER 10, 2020

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

Wireless 106

Wireless Authentication 106

Krebs on Security

JUNE 18, 2018

Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services. “This means that all requests must be authenticated and all unauthenticated responses should be as generic as possible. . Update, June 19, 6:24 p.m.

IoT 203

IoT Internet Internet Wireless 203

Security Affairs

DECEMBER 2, 2022

Common attacks against enterprise drones include platform takeover, where an attacker uses RF, Wi-Fi or a subscription service like Aerial Armor to detect flight paths of a drone in a geographical area, perform de-authentication attacks, take over control of the drone and land the stolen drone in a location of its choosing.

Cybersecurity 144

Cybersecurity Wireless Computers and Electronics Penetration Testing 144

Security Affairs

SEPTEMBER 24, 2021

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers.

Software 107

Software Wireless Authentication Accountability 107

Security Affairs

DECEMBER 30, 2022

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models.

Firmware 98

Firmware Wireless Authentication Hacking 98

Security Affairs

MAY 6, 2019

Sierra Wireless is warning its customers that additional AiraLink router models are affected by critical vulnerabilities previously disclosed. At the end of April, experts at Cisco Talos group disclosed a dozen of vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws.

Wireless 104

Wireless Authentication Advertising Encryption 104

Security Affairs

MAY 24, 2021

Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices during the pairing process and conduct man-in-the-middle (MitM) attacks while within wireless range of vulnerable devices. through 5.2, through 5.2.

Wireless 137

Wireless Authentication Mobile Encryption 137

Penetration Testing

NOVEMBER 7, 2023

pmkidcracker This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network.

Authentication 96

Authentication Penetration Testing Wireless 96

The Hacker News

MAY 19, 2022

The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. <!-

Wireless 109

Wireless Hacking Authentication Technology 109

SecureWorld News

NOVEMBER 20, 2023

SIM swapping involves the unauthorized transfer of a user's account to a SIM card controlled by malicious actors, achieved by convincing the victim's wireless carrier to make the change.

Mobile 109

Mobile Wireless Artificial Intelligence Accountability 109

Krebs on Security

AUGUST 25, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. ” Apparently, these elite cyber risk leaders did not consider the increased attack surface presented by their employees using T-Mobile for wireless service.

Mobile 243

Mobile Cyber Risk Data breaches Cryptocurrency 243

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover.

Firewall 135

Firewall Small Business Wireless Advertising 135