Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication. Continue reading Whistleblower: Ubiquiti Breach “Catastrophic”

Global WLAN market revenue continues to increase

Worldwide revenue for the combined consumer and enterprise WLAN market segments increased 17.9% year over year in the fourth quarter of 2020 (4Q20) and grew 10.3% for the full year, according to IDC. The enterprise segment grew revenues an impressive 1… Continue reading Global WLAN market revenue continues to increase

Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. “Some of the b… Continue reading Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

Ubiquiti warns customers about potential data breach

American networking tech vendor Ubiquiti is asking customers to change their password because of unauthorized access to some of their information technology systems hosted by a third party cloud provider. They did not specify the cloud provider that ho… Continue reading Ubiquiti warns customers about potential data breach

Regularly updating your wireless router is not enough to ward off attacks

Wireless routers are the most often attacked and exploited type of IoT device. They are also one of the rare IoT devices that most of us can’t do without. We need them to be as secure as can be, but unfortunately most of them are not. The non-pro… Continue reading Regularly updating your wireless router is not enough to ward off attacks

Unpatched flaw opens Ubiquiti Networks devices to compromise

A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a router or firewall, to take over the whole network. The vulnerability The command injection flaw was found in the “pingtest_action.cgi” script and, according to SEC Consult’s Thomas Weber (the researcher who unearthed it in November 2016), one of the reason behind the vulnerability is that the … More Continue reading Unpatched flaw opens Ubiquiti Networks devices to compromise

Vulnerability Disclosed in Ubquiti Networks Admin Interface

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved. Continue reading Vulnerability Disclosed in Ubquiti Networks Admin Interface

Vulnerability Disclosed in Ubquiti Networks Admin Interface

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved. Continue reading Vulnerability Disclosed in Ubquiti Networks Admin Interface