Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without Read more about Foscam, QNAP, Swann send data to iotcplatform.com and others without knowledge or consent[…]

The research of Yang Yu, founder of Tencent’s Xuanwu Lab, has helped Microsoft patch a severe security issue in its implementation of the NetBIOS protocol that affected all Windows versions ever released. Yu says an attacker could leverage this vulnerability to pass as a WPAD or ISATAP server and redirect all the victim’s network traffic Read more about BadTunnel Bug Hijacks All Network Traffic, for All Windows Versions[…]

because nobody regards the vibration sensor as sensitive, smartphones typically leave it with wide-open permissions. What Nirupam Roy and Romit Roy Choudhury did was to hack an Android phone so its vibration sensor acted as a microphone. Well: a vibration sensor is half-way to being a microphone anyhow, in terms of its basic function. As Read more about Boffins shake up smartphone with motion-sensor as microphone[…]

Apple’s U.S. web page showed all applications had resumed as of 11:55 p.m. “There are no reported issues at this time,” the company said a few minutes later on its web page. The iPhone maker said services related to iCloud and the Photos application have also resumed. The issues appear to have started just before Read more about Apple services down for 8 hours, no explanation given[…]

A court or police officer could legally compel you to press your finger onto your smartphone to unlock it, but if your phone is locked with a passcode, no one can legally compel you to open it, says William J. Cook, an attorney and partner at law firm Reed Smith in Chicago, who specializes in Read more about Lawyers Suggest You Stop Using Your Finger to Unlock Your Phone: You are protected against revealing passwords under the Fifth Amendment’s right against self-incrimination, but your biometrics are not.[…]

ERPScan, the ERP security specialist firm which originally discovered the misconfiguration flaw (research pdf here), said that Onapsis’s figures on exposure to the vulnerability are optimistic by more than an order of magnitude. Alexander Polyakov, CTO at ERPScan, told El Reg that its research suggests as many as 533 organisations are at risk. “Onapsis said Read more about 36 firms at risk from that unpatched 2010 SAP vuln? Try 500+[…]

Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers – banks – don’t pay much attention to the security of cash machines. Source: Malware and non-malware ways for ATM jackpotting. Extended cut Read more about Malware and non-malware ways for ATM jackpotting. Extended cut – Securelist[…]

Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Read more about Cisco Finds Backdoor Installed on 12 Million PCs by French Advertiser Tuto4PC[…]

A severe vulnerability in the way Microsoft Office 365 handles federated identities via SAML put an attacker in a position to have access to any account and data, including emails and files stored in the cloud-based service. Microsoft pushed through a mitigation to the service on Jan. 5, seven hours after being notified by researchers Read more about Microsoft Office 365 Flaw Allowed Anyone To Log In To Almost Any Business Account[…]

The issue lies in the wireless USB dongles that the keyboards and mice use to communicate over radio frequencies with the host computer. Bastille says that while communication from most keyboards to the dongle is encrypted, none of the mice it tested encrypt their wireless communication. The dongle, therefore, will accept commands from an attacker Read more about Mousejack Attacks Abuse Vulnerable Wireless Keyboard, Mouse Dongles[…]

The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. Google has found some mitigations that may help prevent exploitation if you are not able to Read more about glibc getaddrinfo stack-based buffer overflow – patch now[…]

More than two months after release, it’s still not possible to pirate Just Cause 3. The same is true for Rise of the Tomb Raider, released for PC in late January. Cracking computer games used to be measured in hours or days, but now, it’s turning into weeks and months. The nature of piracy is Read more about Denuvo Anti-Piracy Tech stays good during the sales window of games, which is long enough[…]

Fraudsters, armed with stolen social security numbers and other personal information on nearly half a million people, used malware to systematically request PINs corresponding to those taxpayers, allowing the crooks to potentially file paperwork on their behalf. The swindlers could put their own bank account details on the tax returns, thus channelling people’s rebates into Read more about Crims unleashed IRS-stabbing malware in bid to rob 464,000 people[…]

Enterprise tech distributor Arrow Inc will take a $13m charge on the chin after a fraudster posing as a company exec transferred money from the corporate bank account to an external one. […] Deloitte has previously highlighted what it reckoned is the growing threat from ‘fake president frauds, “affecting many companies at the moment”. It Read more about Arrow: Fraudsters impersonated one of our execs to steal money • $13m[…]

Rare public appearance from Tailored Access Operations leader NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data. Source: NSA’s top hacking boss explains how to protect your network from his Read more about NSA’s top hacking boss explains how his guys work[…]

there are plenty of open source utilities available to offer a look inside the ESE Database on a standalone mode, i.e. without external support required. However, this entirely depends on the state in which the database is present. Being ESE database, in case of a dirty shutdown of the machine, there is high possibility of Read more about Microsoft Edge Browser private mode leaks data through cache[…]

“SNAP” allows an attacker to run arbitrary JavaScript code on the vulnerable LG devices, according to security researchers from Israeli security firms BugSec and Cynet. This might be easily exploited to allow private data leakage, phishing attacks and/or crash a vulnerable device, say the researchers. The security flaw is rooted in a bug in one Read more about Built-in LG smartphone app created data hack risk[…]

Centene, based in St Louis, says that the hard drives in question contain personal data about people who received laboratory services between 2009 and 2015. Stored on the drives are details including names, addresses, dates of birth, social security numbers, member ID numbers and health information. Source: A Health Insurer Lost Six Hard Drives Holding Read more about A Health Insurer Lost Six Hard Drives Holding Data About 1 Million Customers[…]

Hard-coded password in Lenovo SHAREit for Windows [CVE-2016-1491] When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same. Remote browsing of file system Read more about Lenovo ShareIT comes with hardcoded password and directory traversal[…]

Skype is fully committed to delivering as safe and secure of an experience as possible to our customers. We have recently introduced the ability to hide a Skype user’s IP address and we’ve set this as a default status in the latest versions of Skype. Starting with this update to Skype and moving forward, your… Read more about Skype finally hides IP adresses[…]

By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft’s recent versions of Windows. Source: Hot Potato Exploit Gives Attackers the Upper Hand in Multiple Windows Versions

Find open webcams on Shodan! Source: Server: SQ-WEBCAM – Shodan Search