Changes in my Smart devices

Some time ago I decided to stop wearing an Apple Watch. In fact, I decided to give up smart watches in general. I knew I would miss being able to dictate a reply to a message directly into the watch, I knew I would miss being able to leave the house without my phone and still stay in touch (I had the cellular version), but I was sad to see my poor Timex lying in a drawer instead of being worn on my hand.

What I really didn’t want to give up were the fitness functions. I started researching the market and came to the conclusion that a smart ring could be the solution for me. Unfortunately, the prices of such solutions were terribly high.
But what about Aliexpress? A bit of searching and I found the Smart Ring R02 at a low price with fast and free delivery, so I decided to take a risk and buy it 🙂

Read more Changes in my Smart devices

Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

We have three new vulnerabilities in Cisco.

  • One could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
  • One that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
  • And another one which could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
Read more Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

This time we have a few vulnerabilities from Google and Microsoft:

  • Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
  • Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
  • Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
  • Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
  • Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
  • Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability
Read more Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

Electrolink FM/DAB/TV Transmitter

1. EXECUTIVE SUMMARY

  • CVSS v3 8.8
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: Electrolink
  • Equipment: FM/DAB/TV Transmitter
  • Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.

Read more Electrolink FM/DAB/TV Transmitter