Security Alerts & News
by Tymoteusz A. Góral

#2089 Another challenge for IoT: Open backdoors
Problems with hardcoded credentials are hitting consumer IoT devices, industrial SCADA devices, and even critical infrastructure. Despite the appeal on source code and firmware audition, this type of vulnerability recurs and threatens users’ privacy and data security.

Security researcher Elliot Williams posted on Hackaday that most GSM-to-IP devices made by DBLTek have a remotely accessible hardcoded credential which leads to a shell with root privileges. The finding was reported to the manufacturer, who didn’t really fix the underlying vulnerability. Instead, they implemented a workaround: they added an extra challenge-response process, whose algorithm can be obtained by reverse-engineering. Trustwave’s blog post summarizes the entire chain of events. A tool exploiting this vulnerability is also available on Github.
Read more
#2093 Aggressive ad-displaying Google Play app tricks users into leaving high ratings
#2092 Facebook Lite infected with spy FakePlay
#2091 Cisco and Apache issue warnings over 0day flaw being targeted in the wild
#2090 Emsisoft releases a decryptor for the CryptON ransomware
#2089 Another challenge for IoT: Open backdoors
#2088 Apple has already fixed most of the iOS exploits the CIA used
#2087 Leaked docs suggest NSA and CIA behind Equation cyberespionage group
#2086 Vault 7: WikiLeaks docs hint CIA could bypass 21 security products
#2085 China mulls national cryptocurrency in race to digital money
#2084 After CIA leaks, tech giants scramble to patch security flaws
#2083 Product Security Advisory – PSA0002 – dnaLIMS
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12