Flawed visitor check-in systems let anyone steal guest logs and sneak into buildings

Security researchers at IBM have found, reported and disclosed 19 vulnerabilities in five popular visitor management systems, which they say can be used to steal data on visitors — or even sneak into sensitive and off-limit areas of office buildings. You’ve probably seen one of these visitor check-in systems before: they’re often found in lobbies […]

View More Flawed visitor check-in systems let anyone steal guest logs and sneak into buildings

Hacker who stole 620 million records strikes again, stealing 127 million more

A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from 8 more websites, TechCrunch has learned. The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — […]

View More Hacker who stole 620 million records strikes again, stealing 127 million more

Fortnite bugs put accounts at risk of takeover

With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who says the bug is now fixed. Researchers at Check Point say the three vulnerabilities chained together could have affected any of its 200 million players. The flaws, if exploited, would have stolen the account access token […]

View More Fortnite bugs put accounts at risk of takeover

Cybersecurity 101: Five simple security guides for protecting your privacy

With hundreds of millions of people home for the holidays, now is a better time than ever to spread good tidings and cheer, and — well, some much-needed security advice for all the family. Security sounds complicated, but it doesn’t have to be. Privacy is more important than ever. With an ever-changing and evolving landscape […]

View More Cybersecurity 101: Five simple security guides for protecting your privacy

A bug left your Microsoft account wide open to complete takeover

TwitterFacebook

Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.

While working as a security researcher with cybersecurity site SafetyDetective, Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it. Read more…

More about Microsoft, Hacking, Office, Bugs, and Vulnerability

View More A bug left your Microsoft account wide open to complete takeover

Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds

It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to […]

View More Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds

Buggy software in popular connected storage drives can let hackers read private data

Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user’s private and sensitive data. The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to […]

View More Buggy software in popular connected storage drives can let hackers read private data

Tumblr says it’s fixed a security bug, but says ‘no evidence’ any user data was exposed

Tumblr has disclosed a security vulnerability on its site that in some cases could have exposed account information. The bug was found in the part of the site that recommends other Tumblr blogs to users, according to a blog post. The blogging site said the “recommended blogs” module — only visible to logged-in users — […]

View More Tumblr says it’s fixed a security bug, but says ‘no evidence’ any user data was exposed

Medical device maker Medtronic finally fixes its hackable pacemaker

Medtronic, a maker of medical devices and implants, has pulled the plug on its internet-based software update system, which security researchers had found had a dangerous security vulnerability The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software […]

View More Medical device maker Medtronic finally fixes its hackable pacemaker

Google brings vulnerability scanning to its Cloud Build CI/CD platform

Google today announced an important update to its Cloud Build CI/CD platform that brings vulnerability scanning to all container images built using the service. Container Registry vulnerability scanning, which is now in beta, is meant to ensure that as businesses adopt modern DevOps practices, the container they eventually deploy are free of known vulnerabilities. As […]

View More Google brings vulnerability scanning to its Cloud Build CI/CD platform

Password bypass flaw in Western Digital My Cloud drives puts data at risk

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypass the admin password on the drive, gaining […]

View More Password bypass flaw in Western Digital My Cloud drives puts data at risk

Surveillance camera vulnerability could allow hackers to spy on and alter recordings

In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage. The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including hospitals, banks and schools around […]

View More Surveillance camera vulnerability could allow hackers to spy on and alter recordings