“We always talk about the ease of use, and not impacting user experience, etc, but it turns out that when it comes to their financial accounts…people actually would go the extra mile and will use extra security,” Kessem said. Whether it’s using two factor authentication, an SMS message on top of their password, or any Read more about Consumers prefer security over convenience for the first time ever, IBM Security report finds[…]

It appears that the over-the-air update to the UConnect system went out on Friday, and many, many owners have not had working center-stack systems since then. Many of these vehicles are nearly brand-new, which makes the issue even more maddening. […] The failure of the UConnect system isn’t just limited to not having a radio; Read more about Fiat Chrysler Pushed A UConnect Update That Causes Constant Reboots With No Announced Fix[…]

IBM iNotes SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM Plans to address this vulnerability by providing a fix. Source: IBM Security Bulletin: IBM Notes Privilege escalation in IBM Notes Smart Update Service – United States

The US state of Washington says a miscreant was able to access the system it uses to track the manufacturing and sale of marijuana. The Evergreen State’s Liquor and Cannabis Board – a job that sounds way cooler than it actually is – yesterday admitted that last weekend someone was able to exploit a vulnerability Read more about US state’s pot dealer database pwned after security goes up in smoke[…]

The individual identifying himself as Jim Teeuwen, who maintained GitHub repository for a tool called go-bindata for embedded data in Go binaries, recently deleted his GitHub account, taking with it a resource that other Go developers had included in their projects. The incident echoes the more widely noted 2016 disappearance of around 250 modules maintained Read more about You can resurrect any deleted GitHub account name. If you depend on that account you may find yourself in trouble[…]

Some 17 Netgear routers have a remote authentication bypass, meaning malware or miscreants on your network, or able to reach the device’s web-based configuration interface from the internet, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo. That’s pretty bad news for any vulnerable gateways with remote Read more about Wish you could log into someone’s Netgear box without a password? Summon a &genie=1 – get patching![…]

We describe PinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment’s air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user’s location when all location services, e.g., GPS, are turned off. Source: [1802.01468] PinMe: Tracking a Smartphone User around the World