Baltimore. The city was breached, crippled and held for ransom. The ransomware attack was discovered on May 7th, shutting down a major portion of the city’s infrastructure. The latest news is that an NSA-written tool, EternalBlue, is responsible for the attack. Except maybe it isn’t? First off, digging back through the history of an attack […]
There are a lot of bad days at work. Often it’s the last day, especially when it’s unexpected. For the particularly unlucky, the first day on a new job could be a bad day. But the day you find an unknown wireless device attached to the underside of your desk has to rank up there […]
Do you know what your router is doing? We have two stories of the embedded devices misbehaving. First, Linksys “Smart” routers keep track of every device that connects to its network. Right, so does every other router. These routers, however, also helpfully expose that stored data over JNAP/HNAP. Some background is needed here. First, HNAP […]
A song by Rockwell, “Somebody’s Watching Me” might be the anthem for the tin foil hat crowd. But a new paper reveals that it might be just as scary to have someone listening to you. Researchers have used common microphones to listen in on computer monitors. The demonstration includes analyzing audio to determine input from […]
The idea behind a dummy security camera is that people who are up to no good might think twice about doing anything to your property when they think they’re being recorded. Obviously a real security camera would be even better, but sometimes that’s just not economically or logistically possible. Admittedly they’re not always very convincing, […]
Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a […]
Back in October 2018, a bombshell rocked the tech industry when Bloomberg reported that some motherboards made by Supermicro had malicious components on them that were used to spy or interfere with the operation of the board, and that these motherboards were found on servers used by Amazon and Apple. We covered the event, looking […]
Cisco CVE-2019-1804 Some switches in Cisco’s 9000 series are susceptible to a remote vulnerability. It’s a bit odd to call it a vulnerability, actually, because the software is operating as intended. Cisco shipped out these switches with the same private key hardcoded in software for all root SSH logins. Anyone with the key can log […]
Security researchers have found a way to remotely execute code on a fax machine by sending a specially crafted document to it. So… who cares about fax? Well apparently a lot of persons are still using it in many institutions, governments and industries, including the healthcare industry, legal, banking and commercial. Bureaucracy and old procedures […]
Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, […]