Data Breach Occurs at Agency in Charge of Secure White House Communications
Hackers have compromised the Department of Defense (DoD) agency in charge of securing and managing communications for the White House, leaking personally identifiable information (PII) of employees and leading to concerns over the safety of the communications of top-level U.S. officials in the run-up to the 2020 presidential election. Reuters first reported the data breach on Friday, citing letters seen by the news outlet that were sent to people allegedly affected by the breach. READ MORE...
Vulnerabilities Allow Hackers to Access Honeywell Fire Alarm Systems
Gjoko Krstic, researcher at industrial cybersecurity firm Applied Risk, discovered that the NOTI-FIRE-NET Web Server (NWS-3) is affected by authorization bypass (CVE-2020-6972) and information disclosure vulnerabilities (CVE-2020-6974). The NOTI-FIRE-NET interface allows organizations to connect multiple intelligent fire alarm control panels to one network. The web server enables remote access to this network, allowing users to see event history and status, device properties, etc. READ MORE...
KidsGuard stalkerware leaks data on secretly surveilled victims
"KidsGuard?" What an inappropriate name. It should be called KidsStalk-N-Dox, given that the makers of this consumer-grade stalkerware left a server open and unprotected, regurgitating the private data it slurped up from thousands of victims' devices after a parent or other surveillance-happy person stealthily installed it. The spyware app's unprotected Alibaba cloud storage bucket was found by Till Kottmann. He's a developer who reverse-engineers apps to see how they tick (or leak, in this case). READ MORE...
By exploiting an LTE vulnerability, attackers can impersonate mobile phone users
Exploiting a vulnerability in the mobile communication standard LTE, researchers at Ruhr-Universität Bochum can impersonate mobile phone users. Consequently, they can book fee-based services in their name that are paid for via the mobile phone bill - for example, a subscription to streaming services. According to the researcher, attackers can not only make purchases in the victim's name, but can also access websites using the victim's identity. READ MORE...
