#AxisOfEasy 223: Nine Popular WiFi Routers Were Found To Be Vulnerable To Hundreds Of Vulnerabilities


Weekly Axis Of Easy #223


Last Week’s Quote was “Some of the most vocal critics of the way things are being done are people who have done nothing themselves, and whose only contributions to society are their complaints and moral exhibitionism.”  was Thomas Sowell, no one got it, again.

This Week’s Quote:  “The more often a stupidity is repeated, the more it gets the appearance of wisdom.”  …by ???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


 
In this issue:
  • Nine popular WiFi routers were found to be vulnerable to hundreds of vulnerabilities.
  • NSO Group attacked US Government employees’ iPhones
  • Nuns have taken up the fight against Microsoft
  • Facebook is working on expanding its security program globally by adding more countries
  • Twitter’s Information Policy now prohibits sharing media without consent

Elsewhere online:
  • There might be more to the largest comet ever discovered than we thought; a new study reveals
  • Wikipedia keeps asking for donations; are they really in need?
  • Uber’s former employees cleared of spying charges
  • Study reveals that hackers commonly attack air-gapped systems by using USB drivers
  • UK Government fined £500,000 for leaking home addresses in New Year’s honors
  • Microsoft Edge now bashes Google Chrome by discouraging users from downloading it


Nine popular WiFi routers were found to be vulnerable to hundreds of vulnerabilities

Nine popular WiFi routers presented 226 potential vulnerabilities according to a security test performed by IoT Inspector in collaboration with CHIP magazine.

The researchers found that the vulnerabilities persist even when using the latest firmware on the tested routers, which were made by Asus, D-Link, AVM, Edimax, Netgear, TP-Link, Linksys, and Synology.

TP-Link Archer AX6000 leads the list of vulnerabilities with 32, while Synology RT-2600ac comes in second with 30 bugs.

Florian Lukavsky, CTO & Founder at IoT Inspector, explained that “for Chip’s router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version.”

According to CHIP magazine, the manufacturers of the WiFi routers used by millions of people responded to the research’s results and fixed many of the security flaws identified.


NSO Group attacked US Government employees’ iPhones

The Israel-based NSO Group hacked at least nine US Government employees’ Apple iPhones through a spyware attack.

Sources familiar with the matter say the attacks happened in the last several months and involved American officials working in Uganda or focused on business concerning the East African country.

Some US officials reported NSO attacks previously, but it was unclear whether intrusions had been successful. In this case, the iPhone hack was the most extensive attack on American government officials through NSO technology.

Currently, authorities haven’t found out who is behind this hack; however, historically, some NSO Group’s best-known clients are Saudi Arabia, Mexico, and the United Arab Emirates. The attackers might come from one of these countries.


Nuns have taken up the fight against Microsoft

After surviving brutal battles against competitors like Apple and Google, Microsoft faces a new particular antagonist: the Sisters of St. Joseph of Peace, a congregation leading a group of investors who want to hold the technology company accountable for its work.

The nuns, who make part of a Roman Catholic order founded in 1884 in Nottingham, England, urged Microsoft shareholders to vote for two proposals at their last meeting on November 30:

  • Request that Microsoft ensures its lobbyists adhere to its values and policies concerning racial justice, privacy, and human rights.
  • To stop Microsoft from selling facial recognition software to government entities.

The congregation position might surprise some, but it has a history of promoting social justice as a way of peace. “As shareholders, as tech workers, as campaigners for justice, we can and must hold these companies accountable,” said Sister Susan Francois, the order’s most prominent activist in a campaign video.

As part of its commitment to social justice, the nuns had previously asked Microsoft how its lobbying aligns with its stated principles.

 
Facebook is working on expanding its security program globally by adding more countries

Meta is expanding its Facebook security program globally to help people vulnerable to threads by securing their accounts and preventing potential compromise.

The program, which provides stronger security protections, has been expanding since September 2021, and part of the features it brings is two-factor authentication and monitoring for potential threats. Facebook is especially making these moves to protect individuals at risk, like government officials, journalists, and human rights activists.

The company stated that “these people are at the center of critical communities for public debate. They enable democratic elections, hold governments and organizations accountable, and defend human rights worldwide. Unfortunately, this also means that bad actors highly target them.”

For the time being, more than 1-5 million accounts benefit from the program’s enhanced security, with roughly 950,000 accounts having two-factor authentication enabled.

 
Twitter’s Information Policy now prohibits sharing media without consent

According to a recent blog post of the company, Twitter’s Information Policy now prohibits users from sharing private photos and videos of others without permission.

As a result of an increase in photo and video “leaks” used for blackmailing and online harassment, the policy was updated to control illicit media activities related to media. Unless the content includes sensitive or private photos and videos, this policy does not explicitly apply to media depicting celebrities and public figures. Additionally, it excludes any other media files of general interest.

In the blog post, Twitter stated that “sharing personal media, such as images or videos, can potentially violate a person’s privacy, and may lead to emotional or physical harm. The misuse of private media can affect everyone, but can have a disproportionate effect on women, activists, dissidents, and members of minority communities.”

As part of Twitter’s information policy, the company controls sharing of explicit or sensitive details, including personally identifiable or private information. They took this step further to protect “personal information,” including location details, identity documents, social security numbers, non-public contact information, financial information, and private photos and videos.
 

Elsewhere online: 


There might be more to the largest comet ever discovered than we thought; a new study reveals

https://science.slashdot.org/story/21/12/03/0331250/the-largest-comet-weve-ever-seen-just-delivered-a-curious-surprise


Wikipedia keeps asking for donations; are they really in need?

https://thenextweb.com/news/why-is-wikipedia-asking-for-donations-when-it-has-vast-cash-reserves


Uber’s former employees cleared of spying charges

https://yro.slashdot.org/story/21/11/29/0336230/former-uber-employees-cleared-of-illegal-spying


Study reveals that hackers commonly attack air-gapped systems by using USB drivers

https://www.darkreading.com/attacks-breaches/usb-devices-common-denominator-in-all-attacks-on-air-gapped-systemsd


UK Government fined £500,000 for leaking home addresses in New Year’s honors

https://grahamcluley.com/uk-government-fined-500000-after-revealing-home-addresses-in-new-year-honours-data-breach/


Microsoft Edge now bashes Google Chrome by discouraging users from downloading it

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-bashes-google-chrome-when-you-download-it/
 

2 thoughts on “#AxisOfEasy 223: Nine Popular WiFi Routers Were Found To Be Vulnerable To Hundreds Of Vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *