There is another security vulnerability affecting Western Digital Network Access Storage (NAS) systems, and it allows the remote installation of firmware on the NAS devices. This means that malicious hackers could use a low-privileged user with a blank password to execute harmful code that could brick your device, among other things. This is called a…
Now removed by Google, there were 9 apps in the Google Play app store that stole users’ Facebook passwords. The apps were downloaded more than 5.8 million times and were called: Rubbish Cleaner. Inwell Fitness. Horoscope Daily. App Lock Keep. Lockit Master. Horoscope Pi. App Lock Manager. A clear trend here is apps that require…
Microsoft has accidentally signed a driver called Netfilter, which contains malware and is distributed within gaming environments. Cybersecurity researchers have been tracing the malware and its activities and found that it communicates with Chinese command and control (C2) IP addresses. That type of malware is called a rootkit, which means that it is programmed to…
A Mercedes-Benz data breach exposed sensitive information owned by their customers. 1.6 million customer records were audited and the breach was found to affect fewer than 1,000 customers. The information in the breach included drivers license numbers, social security numbers, self-reported customer credit scores, credit card numbers, and dates of birth. The German automaker disclosed…
How to create email addresses that you can easily delete or replace from time to time, so you can throw spammers off your trail and transition from compromised accounts.
Telephones were invented more than a century ago, before the Internet existed. They provided a quick and easy way to communicate with friends, family, and acquaintances in a somewhat affordable manner. As high-speed, unmetered Internet connections become more ubiquitous, they have resulted in the mainstream adoption of calling and instant messaging services that vastly outperform…
Apple is rolling out the iOS 12.5.4 update for older iPhones, iPads, and iPods including but not limited to the iPhone 5s, iPhone 6, 6th generation iPod Touch among others. It is a security update that addresses memory corruption and arbitrary code execution (ACE) vulnerabilities. It addresses the following vulnerabilities: CVE-2021-30737 The update addresses WebKit…
Users of eufy smart home cameras (eufyCams) have been seeing the camera feeds of strangers, even in other countries. The controls of affected cameras are also accessible. eufyCams allow users to access their camera feeds anywhere in the world over the Internet. This feature (in any brand of camera) obviously poses a privacy and security…
Gas stations across the United States experienced gasoline shortages due to the shutdown of Colonial Pipeline. The shortages resulted in some gas stations running out of gasoline, while others were packed with long lines of customers waiting to buy gasoline. Unsurprisingly, the shortage prompted gasoline hoarding. It was a ransomware attack. Ransomware typically encrypts the…
Cisco has issued software updates to address multiple vulnerabilities in their SD-WAN vManage software that could allow remote arbitrary code execution (ACE), unauthorized access to sensitive information, DoS attacks, or gain escalated privileges. Cisco says that the following products are not affected: IOS XE SD-WAN Software SD-WAN cEdge Routers SD-WAN vBond Orchestrator Software SD-WAN vEdge…
Dell has released an update for the severe access control vulnerability CVE-2021-21551, which affects Dell computers dating back to 2009. The vulnerability can cause privilege escalation, information disclosure, and denial of service.
Apple has released iOS 14.5.1, which provides a memory corruption bug fix and patches an arbitrary code execution (ACE) vulnerability in WebKit — a web browser engine. Arbitrary code execution refers to an attacker executing code that they should not be able to execute. A malicious website could theoretically execute harmful code on your iPhone,…