SOHOpelessly Broken 2.0: 125 Vulnerabilities Found in Routers, NAS Devices

Researchers have discovered many vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices as part of a project dubbed SOHOpelessly Broken 2.0. The first SOHOpelessly Broken project started in 2013, when researchers at Independent Security Evaluators (ISE) analyzed several SOHO routers and NAS devices. That project resulted in the discovery of many new vulnerabilities to which 52 CVE identifiers were assigned at the time….

September 17, 2019
Read More >>

LastPass Patches Bug Leaking Last-Used Credentials

A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones. The newly patched vulnerability impacted the extensions for the Chrome and Opera browsers, and could be exploited in a…

September 16, 2019
Read More >>

Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks

Several critical and high-severity vulnerabilities have been found recently in widely used CODESYS industrial products made by Germany-based 3S-Smart Software Solutions. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last week published several advisories describing vulnerabilities in CODESYS products, many of which can be exploited remotely for arbitrary code execution, denial-of-service (DoS) attacks, and other purposes. 3S-Smart published its own advisories for most of the security…

September 16, 2019
Read More >>