Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues present in both. A fix from Google is incoming in July. At issue is, like many other IoT devices, they don’t require authentication for connections received on a
Researchers are cautioning macOS users that not all the data they store on their encrypted hard drive is protected. In a report published Monday, Apple security expert Patrick Wardle revealed that a macOS feature called QuickLook stores unprotected previews of images and other file types. “Apple states that: ‘we believe privacy is a
More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the
A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted.
389-ds-base -- 389-ds-base 389-ds-base before versions 18.104.22.168, 22.214.171.124 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.2018-06-13not yet calculatedCVE-2018-10850CONFIRMCONFIRMCONFIRMacccheck -- acccheck acccheck.pl in acccheck 0.2.1 allows Command Injection
In a David-and-Goliath moment, a 49-year-old librarian has won damages against credit giant Equifax, in the wake of its head-spinningly massive 2017 data breach. It’s a small but significant victory: a small claims court awarded $600 to Jessamyn West, native of the small town of Randolph in Orange County, Vermont. West told Threatpost
A fresh FBI charge against Marcus Hutchins has led to the Kronos banking trojan and the UPAS Kit backdoor being linked in the news over the past week. However, a fresh analysis this week shows that, at least on a code level, the similarities (and differences) between the two are far from conclusive.
Researchers have discovered a new Android banking trojan that holds striking similarities to the infamous Lokibot – but packed with new tricky features, most notably its ability to implement an overlay attack on Android 7 and 8. Researchers at ThreatFabric, who discovered the trojan, said MysteryBot was running on the same C&C server
Apple said an upcoming iOS software update will remove the infamous iPhone USB access feature, blocking out both hackers – and law enforcement – from accessing a locked phones’ data via the device port. Apple confirmed that new upcoming default settings will disable the iPhone’s Lightning port, its charging and data port, an hour
The 2018 FIFA World Cup is kicking off in Russia today, with at least 1 million visitors expected to travel to Moscow alone to take in the world’s biggest sporting event in person. But the event will feature more than just breathtaking goals and soccer superstars: According to researchers and at least one