wireless technology | Breaking Cybersecurity News | The Hacker News

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul ( URWB ) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management interface of the Cisco Unified Industrial Wireless Software. "An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system," Cisco said in an advisory released Wednesday. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device." The shortcoming impacts following Cisco products in scenarios where the URWB operating mode is enabled - Catalyst IW9165D Heavy Duty Access Points Catalyst IW9165E Rugge...

So you are in a party with your friends, and your phone is running low on battery. Oops! The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in a party. What if you can charge your phone wirelessly using another phone when it runs out of battery? Isn't that great? Well, thanks to Sony, you might soon be able to use your friends' phones to charge your own device. According to a recently published patent application, Sony is working on a new futuristic technique that enables wireless power exchange between various nearby consumer electronic devices, including smartphones, computers, microwave, washing machine, fridges, and TVs, without cords. Wireless charging isn't a new concept at all, but this is the first time when the Near Field Communications (NFC) technology is being used for power transfer wirelessly between two devices, that too over considerable distanc...

Carriers, developers, and phone makers are rolling out new services and features to protect mobile devices from malicious attacks and data breaches. As people increasingly use smartphones for email, banking, and document access, the wireless industry is addressing mobile device security. According to Chris Knotts, vice president of technology and innovation at IT consulting company Force 3, there is a "consumerization of IT," where more employees use personal mobile devices like smartphones, laptops, and tablets for work purposes. IT administrators recognize that mobile devices are here to stay and need to be secured against attacks and data breaches. This effort extends beyond IT administrators. Carriers and phone makers are deploying new features and services to enhance mobile device security, as noted by the Wall Street Journal. Edward G. Amoroso, chief security officer of AT&T, stated, "Everyone is realizing that this is an uncontrolled environment. We don'...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...