One of WatchGuard's partners, Trend Micro, found that many devices are still using an older version of a common Universal Plug-n-Play (UPnP) library that suffers from a very serious vulnerability. This new research is very similar HD Moore's UPnP disclosures a few years ago; the difference being Trend Micro specifically found the issue affecting many Internet of Things (IoT) … [Read more...]
WatchGuard Security Week in Review: Episode 50 – UPnP Pwnage
UPnP Pwnage and Hacked Journalists This week is rife with security news. If you want the quick highlights, you've come to the right place. Today's video covers a few Yahoo XSS vulnerabilities, some serious UPnP security flaws, and the alleged China-based hack of the New York Times. Watch the video below for details. Also, if you are interested in some other stories I didn't … [Read more...]
H.D. Moore Unveils Major UPnP Security Vulnerabilities
This week, H.D Moore, the creator of Metasploit, and now CSO of Rapid7, released a detailed report unveiling his team's months-long research into the security of the Universal Plug and Play (UPnP) protocol. If you haven't heard of it, Universal Plug and Play (UPnP) is a set of networking protocols intended to allow network devices to automatically find one another and then … [Read more...]