LIVE · cybersecurity feed
patch

Weekly Update 509

zeroday.news·14d ago
ShareXLinkedInWhatsAppFacebook

A newly identified vulnerability in certain versions of the Realtek SDK could potentially allow attackers to execute arbitrary code on affected devices. The vulnerability, identified as CVE-2023-32250, was discovered by security researchers at GRIMM.

The Realtek SDK is a software development kit used by manufacturers to build firmware for a wide range of network-attached storage (NAS) devices, routers, and other embedded systems. This means that the vulnerability could have broad implications across various consumer and enterprise hardware.

The specific flaw lies within the SDK's handling of certain network protocols. While the exact technical details are not fully disclosed, the researchers indicated that the vulnerability could be triggered remotely, meaning an attacker would not need physical access to the device.

Successful exploitation of CVE-2023-32250 could lead to the execution of malicious code on the vulnerable device. This could grant an attacker control over the device, potentially allowing them to steal data, disrupt services, or use the device as a pivot point to attack other systems on the network.

Realtek has acknowledged the vulnerability and is working with its partners to address the issue. Manufacturers using the affected SDK are expected to release firmware updates for their products.

Users of devices that rely on Realtek SDK-based firmware, particularly NAS devices and routers, should remain vigilant for firmware updates from their device manufacturers. Applying these updates promptly is the primary recommended mitigation.

In addition to updating firmware, general security best practices for network devices are advised. This includes changing default passwords, disabling unnecessary services, and segmenting networks to limit the potential impact of a compromise.

The full scope of devices affected by this vulnerability is still being determined as manufacturers audit their firmware. However, the widespread use of Realtek SDKs suggests a significant number of devices could be at risk.

patch
ShareXLinkedInWhatsAppFacebook
← Back to latest

More News

view all →
zeroday.news · 1h ago·high

Accenture Confirms Security Incident After Hacker Claims 35GB Source-Code Theft

Accenture has acknowledged a security incident after a threat actor advertised what they claim is stolen internal data. The attacker, using the alias "888", says they took more than 35GB of source code and cloud credentials from the consulting giant and are offering it for sale. Accenture says it has addressed the source of the issue and that its operations were not disrupted.

zeroday.news · 5h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 5h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 5h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 6h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 6h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.