Security researchers at IBM have found, reported and disclosed 19 vulnerabilities in five popular visitor management systems, which they say can be used to steal data on visitors — or even sneak into sensitive and off-limit areas of office buildings. You’ve probably seen one of these visitor check-in systems before: they’re often found in lobbies […]
View More Flawed visitor check-in systems let anyone steal guest logs and sneak into buildingsCategory: vulnerability
Hacker who stole 620 million records strikes again, stealing 127 million more
A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from 8 more websites, TechCrunch has learned. The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — […]
View More Hacker who stole 620 million records strikes again, stealing 127 million moreFortnite bugs put accounts at risk of takeover
With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who says the bug is now fixed. Researchers at Check Point say the three vulnerabilities chained together could have affected any of its 200 million players. The flaws, if exploited, would have stolen the account access token […]
View More Fortnite bugs put accounts at risk of takeoverCybersecurity 101: Five simple security guides for protecting your privacy
With hundreds of millions of people home for the holidays, now is a better time than ever to spread good tidings and cheer, and — well, some much-needed security advice for all the family. Security sounds complicated, but it doesn’t have to be. Privacy is more important than ever. With an ever-changing and evolving landscape […]
View More Cybersecurity 101: Five simple security guides for protecting your privacyA bug left your Microsoft account wide open to complete takeover
Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.
While working as a security researcher with cybersecurity site SafetyDetective, Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it. Read more…
More about Microsoft, Hacking, Office, Bugs, and Vulnerability
View More A bug left your Microsoft account wide open to complete takeoverSecurity flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to […]
View More Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feedsBuggy software in popular connected storage drives can let hackers read private data
Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user’s private and sensitive data. The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to […]
View More Buggy software in popular connected storage drives can let hackers read private dataTumblr says it’s fixed a security bug, but says ‘no evidence’ any user data was exposed
Tumblr has disclosed a security vulnerability on its site that in some cases could have exposed account information. The bug was found in the part of the site that recommends other Tumblr blogs to users, according to a blog post. The blogging site said the “recommended blogs” module — only visible to logged-in users — […]
View More Tumblr says it’s fixed a security bug, but says ‘no evidence’ any user data was exposedMedical device maker Medtronic finally fixes its hackable pacemaker
Medtronic, a maker of medical devices and implants, has pulled the plug on its internet-based software update system, which security researchers had found had a dangerous security vulnerability The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software […]
View More Medical device maker Medtronic finally fixes its hackable pacemakerGoogle brings vulnerability scanning to its Cloud Build CI/CD platform
Google today announced an important update to its Cloud Build CI/CD platform that brings vulnerability scanning to all container images built using the service. Container Registry vulnerability scanning, which is now in beta, is meant to ensure that as businesses adopt modern DevOps practices, the container they eventually deploy are free of known vulnerabilities. As […]
View More Google brings vulnerability scanning to its Cloud Build CI/CD platformPassword bypass flaw in Western Digital My Cloud drives puts data at risk
A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypass the admin password on the drive, gaining […]
View More Password bypass flaw in Western Digital My Cloud drives puts data at riskSurveillance camera vulnerability could allow hackers to spy on and alter recordings
In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage. The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including hospitals, banks and schools around […]
View More Surveillance camera vulnerability could allow hackers to spy on and alter recordings