A number of apartment complexes using internet-connected intercom/entry systems still use their default credentials, which make them fully accessible to anyone savvy enough to Google their unit’s manual.
Tag: #vulnerability
Misconfig Mapper: Open-source tool to uncover security misconfigurations – Help Net Security
Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks in widely used third-party software and services.
How to manage shadow IT and reduce your attack surface
There is a reason why a lot of organizations shy away from people bringing their own devices to work. https://www.bleepingcomputer.com/news/security/how-to-manage-shadow-it-and-reduce-your-attack-surface/
Microsoft warns of ransomware attacks on US healthcare | CSO Online
The threat actor borrowed initial access from a third-party infection to effect lateral movement within the victim system and place INC encryption on their network.
Unpatchable 0-day in surveillance cam is being exploited to install Mirai | Ars Technica
Akamai said that the attackers are exploiting the vulnerability so they can install a variant of Mirai, which arrived in September 2016 when a botnet of infected devices took down cybersecurity news site Krebs on Security.
13WMAZ.com: U.S. says Georgia Tech put ‘sensitive government information’ at risk. Here’s why
The lawsuit lists a number of alleged cybersecurity violations, ranging from a lab’s computers not having anti-virus software and the university having essentially “no enforcement” of required cybersecurity regulations.
‘You basically have to throw your computer away’: Researchers explain AMD ‘Sinkclose’ vulnerability, but do you need to worry? | Laptop Mag
The firmware vulnerability identified by Nissim and Okupski would allow hackers to run their own code in AMD’s System Management Mode, which is intended to run the processor’s firmware.
LAPD warns residents after spike in burglaries using Wi-Fi jammers that disable security cameras, smart doorbells | Tom’s Hardware
High-tech burglars have apparently knocked out their victims’ wireless cameras and alarms in the Los Angeles Wilshire-area neighborhoods before getting away with swag bags full of valuables.
CISA Broke Into a Federal Agency and Remained There For 5 Months.
CISA calls these SILENTSHIELD assessments. The agency’s dedicated red team picks a federal civilian executive branch (FCEB) agency to probe and does so without prior notice – all the while trying to simulate the maneuvers of a long term hostile nation-state threat group.