InfoSecBulletin Cybersecurity for mankind
Asus has released a crucial firmware update to address a severe vulnerability that impacts seven of its business router model. Customers are urged to promptly review their firmware status and apply the necessary updates.
The flaw CVE: 2024-3080 with a CVSS score of 9.8 is an authentication bypass vulnerability that leads unauthenticated remote attackers take control of the device. The affected routers, a series of XT8 and RT models, should now be checked for firmware updates.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Asus patches seven router models:
The models affected include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX XT8 V2), RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.
You can find the newest Asus firmware on their download portals. If you can’t update right away, Asus has given instructions to help protect your device. They recommend using strong passwords and disabling certain access options.
Asus has fixed another vulnerability in the update package called CVE-2024-3079. This vulnerability is a buffer overflow issue that requires admin account access to be exploited. Its severity is high, with a CVSS score of 7.2
In January, ASUS fixed a serious vulnerability (CVE-2024-3912, CVSS score: 9.8) that could allow a remote attacker to upload files and run commands on the device without authentication.
