Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions. The analysis demonstrates that most of these devices arbitrarily collect and periodically transmit sensitive data to remote servers without the user knowing about it.This finding is worrisome as these devices quickly grow in popularity, with […]
A hacker released almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While many appliances with the exploited Fortinet vulnerability have since been patched, many VPN credentials seem still to be valid. With these VPN credentials access to a network can be gained to perform data exfiltration, install […]
Apple has abandoned its once-famous commitment to security and privacy. The next version of iOS will contain software that scans users’ photos and messages. Under pressure from U.S. law enforcement, Apple has put a backdoor into their encryption system.
According to the CEO the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.”Compromised information includes customer names, addresses, Social Security numbers […]
Using only a password to access or manage systems remotely is unwise and should be seen as a “bad practice,” according to the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security. In June, the CISA decided to collect bad practices that are extremely risky and actually increase cyber risks for […]
In the USA 10 major data brokers have data on individuals’ demographic characteristics (from race to gender to income level) and political preferences and beliefs (including support for the NAACP, ACLU, Planned Parenthood, and the National LGBTQ Task Force), and on current US government and military personnel. Several of these firms also market: Americans’ geo-locations. […]
The European Commission has a plan which enables citizens to identify themselves and share electronic documents from a special wallet app for smartphones. Major platforms will be required to accept the new European digital identity. The European Commission states that the use of identity by citizens will be voluntary. “The new European digital identity wallets […]
Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. Nagios is an open-source IT infrastructure tool that offers monitoring and alerting services for servers, network cards, applications, and services.
Cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments. Now AXA in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit… by a ransomware attack. The ransomware gang posted on its website over the weekend that it had stolen 3 terabytes worth of data, including: customers’ […]
Researchers reported on Tuesday that Amazon Web Services System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents.