Archive for the ‘Security’ Category

Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus ‘Security Updates’ – endangering networks because people stop updating

Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It’s just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers […]

Detect and disconnect WiFi cameras in that AirBnB you’re staying in

There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with […]

Researcher finds simple way of elevating user privileges on Windows PCs and nobody notices for ten months

A security researcher from Colombia has found a way of assigning admin rights and gaining boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique. What’s more surprising, is that the technique was first detailed way back […]

Branch.io bug left ‘685 million’ netizens open to website hacks

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps. The software sniffers said they first came across the exploitable programming blunder while digging into webpage code on dating websites. After […]

Senators to Google: Why didn’t you disclose massive Google+ vulnerability sooner? Oh, and Why can’t you Google the breach itself?

3 GOP senators want Google to give answers over data leak that affected 500,000 users. Source: Senators to Google: Why didn’t you disclose Google+ vulnerability sooner? It’s only three senators and chances are you haven’t heard of the massive, millions affected data breach suffered by Google, that they didn’t report. Interestingly, if you try to […]

Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln

The vuln (CVE-2018-6977) allows an attacker with normal local user privileges to trigger an infinite loop in a 3D-rendering shader. According to VMware, a “specially crafted 3D shader may loop for an infinite amount of time and lock up a VM’s virtual graphics device”. If that happens, VMware warned, the hypervisor may rely on the […]

MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords – AWS strikes again

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password. The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric […]

Pentagon’s weapons systems are laughably easy to hack

New computerized weapons systems currently under development by the US Department of Defense (DOD) can be easily hacked, according to a new report published today. The report was put together by the US Government Accountability Office (GAO), an agency that provides auditing, evaluation, and investigative services for Congress. Congress ordered the GAO report in preparation […]

World’s largest CCTV maker Xiongmai leaves at least 9 million cameras open to public viewing

Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses. This time, it’s Chinese surveillance camera maker Xiongmai who was named and shamed by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed to were exposed […]

Google shutting down Google+ after exposing data of up to 500,000 users and not disclosing breach

A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday. Google said it found no evidence of data misuse. Still, as part of the response to the incident, Google plans to shut down the social network […]

California bans default passwords on any internet-connected device

In less than two years, anything that can connect to the internet will come with a unique password — that is, if it’s produced or sold in California. The “Information Privacy: Connected Devices” bill that comes into effect on January 1, 2020, effectively bans pre-installed and hard-coded default passwords. It only took the authorities about […]

Apple forgot to lock Intel Management Engine in laptops, so get patching

In its ongoing exploration of Intel’s Management Engine (ME), security biz Positive Technologies has reaffirmed the shortsightedness of security through obscurity and underscored the value of open source silicon. The Intel ME, included on most Intel chipsets since 2008, is controversial because it expands the attack surface of Intel-based hardware. If compromised, it becomes side-channel […]

UK ruling party’s conference app editable by world+dog, blabs members’ digits

Party chairman Brandon Lewis was planning to sell the “interactive” app – which will allow attendees to give feedback on speeches as they happen – as evidence that the ruling party was embracing tech in a bid to win over the youth vote (another idea was to have the culture secretary appear as a hologram). […]

DEFCON hackers’ dossier on US voting machine security is just as grim as feared

Hackers probing America’s electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms. The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps […]

Cisco Video Surveillance Manager Appliance Default Root Password Vulnerability (again)

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static […]

Windows handwriting recognition on? Then all your typing is stored in plain text on your PC.

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years. This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, […]

Mikrotik routers pwned en masse, send network data to mysterious box

More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server. This is according to researchers from 360 Netlab, who found the routers had all been taken over via an exploit for CVE-2018-14847, a vulnerability first disclosed in the Vault7 data dump of supposed […]

Mobile spyware maker mSpy leaks 2 million records

mSpy, a commercial spyware solution designed to help you spy on kids and partners, has leaked over 2 million records including software purchases and iCloud usernames and authentication tokens of devices running mSky. The data appears to have come from an unsecured database that allowed security researchers to pull out millions of records. “Before it […]

Data center server BMCs are terribly outdated and insecure

BMCs can be used to remotely monitor system temperature, voltage and power consumption, operating system health, and so on, and power cycle the box if it runs into trouble, tweak configurations, and even, depending on the setup, reinstall the OS – all from the comfort of an operations center, as opposed to having to find […]

It’s either legal to port-scan someone without consent or it’s not, fumes researcher: Halifax bank port scans you when you visit the page

Halifax Bank scans the machines of surfers that land on its login page whether or not they are customers, it has emerged. Security researcher Paul Moore has made his objection to this practice – in which the British bank is not alone – clear, even though it is done for good reasons. The researcher claimed […]

Critical OpenEMR Flaws Left Medical Records Vulnerable

Security researchers have found more than 20 bugs in the world’s most popular open source software for managing medical records. Many of the vulnerabilities were classified as severe, leaving the personal information of an estimated 90 million patients exposed to bad actors. OpenEMR is open source software that’s used by medical offices around the world […]

Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the […]

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of […]

Bluetooth security: Flaw could allow nearby attacker to grab your private data

A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and flagged today by Carnegie Mellon University CERT. The flaw, which […]

The SIM Hijackers: how hackers take your phone number and then all of your accounts

In the buzzing underground market for stolen social media and gaming handles, a short, unique username can go for between $500 and $5,000, according to people involved in the trade and a review of listings on a popular marketplace. Several hackers involved in the market claimed that the Instagram account @t, for example, recently sold […]

 
Skip to toolbar