Category: InfoSec

Telehealth Poll: How Risky Are Remote Doctor Visits?

Threatpost’s latest poll probes telehealth security risks and asks for IT cures.Threatpost’s latest poll probes telehealth security risks and asks for IT cures.Read More

Hacking a Coffee Maker

As expected, IoT devices are filled with vulnerabilities:

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord.

[…]

In any event, Hron said the ransom attack is just the beginning of what an attacker could do. With more work, he believes, an attacker could program a coffee maker — ­and possibly other appliances made by Smarter — ­to attack the router, computers, or other devices connected to the same network. And the attacker could probably do it with no overt sign anything was amiss.

As expected, IoT devices are filled with vulnerabilities:
As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord…Read More

Amazon introduceert contactloos betalen via scan van handpalm

Amazon heeft een nieuwe betaalmethode geïntroduceerd die klanten van fysieke winkels van het bedrijf via hun handpalm laat …Amazon heeft een nieuwe betaalmethode geïntroduceerd die klanten van fysieke winkels van het bedrijf via hun handpalm laat …Read More

Cisco waarschuwt voor misbruik van Zerologon-lek in Windows Server

Na Microsoft en de Amerikaanse overheid heeft ook Cisco een waarschuwing afgegeven voor actief misbruik van het “Zerologon-lek” …Na Microsoft en de Amerikaanse overheid heeft ook Cisco een waarschuwing afgegeven voor actief misbruik van het “Zerologon-lek” …Read More

Dekker: AP heeft onvoldoende capaciteit om alle online diensten te monitoren

De Autoriteit Persoonsgegevens heeft onvoldoende capaciteit om alle online diensten die in Nederland actief zijn te monitoren, …De Autoriteit Persoonsgegevens heeft onvoldoende capaciteit om alle online diensten die in Nederland actief zijn te monitoren, …Read More

DuckDuckGo verwijderd uit keuzescherm voor zoekmachines op Android

DuckDuckGo is verwijderd uit het keuzescherm waarmee Android-gebruikers hun standaard zoekmachine kunnen instellen. De op …DuckDuckGo is verwijderd uit het keuzescherm waarmee Android-gebruikers hun standaard zoekmachine kunnen instellen. De op …Read More

Microsoft Netlogon exploitation continues to rise

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used to update computer passwords by forging an authentication token for specific Netlogon functionality. This flaw allows attackers to impersonate any computer, including the domain controller itself and gain access to domain admin credentials.

Read more

The post Microsoft Netlogon exploitation continues to rise appeared first on Cisco Blogs.

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used
The post Microsoft Netlogon exploitation continues to rise appeared first on Cisco Blogs.Read More