We dug deeper into the vulnerability and patch for CVE-2020-9054, a pre-auth command injection in ZyXEL NAS devices. We found that the patched vulnerability was still exploit-able due to incomplete patching.
UPDATE December 17, 2019: Attacks still possible Six weeks after first publicly discussing the Smart Spies attacks, we performed some retests to see whether Google and Amazon implemented sufficient checks to mitigate the attacks.
SRLabs research suggests that security vulnerabilities remain unpatched for many Ethereum blockchain participants for extended periods of time, putting the blockchain ecosystem at risk.
In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) [1]. RCS is poised to replace calling and text messaging for billions of people.
Most remote video cameras are not exposed directly to the internet. However, insecure cloud services put them at a similar risk of becoming part of the next IoT camera botnet.
