Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…
Here’s some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile…
D-Link agreed to make several security enhancements that overhaul the firm’s security platform to settle a Federal Trade Commission (FTC) litigation case concerning allegations that the company misrepresented the security of its products. The case stems from a 2017 complaint against D-Link for the company’s routers and IoT cameras leaving sensitive consumer information, including live…
A newly discovered variant of Echobot, an offshoot of the Mirai family of Internet of Things botnet malware, was found to contain a whopping 26 different exploits for infecting victim machines. This revelation is the latest in a string of research reports detailing Mirai-related malwares with increasingly large exploit totals. In a company blog post…
Researchers at Trend Micro have discovered another new variant of Mirai botnet malware that uses a unique combination of 13 exploits designed to hijack IoT devices. With these 13 exploits, this “Backdoor.Linux.MIRAI.VWIPT” variant is capable of targeting Vacron network video recorders, Dasan GPON routers, D-Link devices, various CCTV-DVR vendors, devices using Realtek SDK with the…
Modern automobiles collect copious amounts of data ranging from driving habits to the weight of its occupants but this leaves the gray area of ownership and how the data is used. In addition, vehicles also track how much weight we gain, how many children we have and even financial information. The consulting firm McKinsey estimates…
A recent Ponemon Institute study found, there has been a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017. The study found these breaches account for 26 percent of incidents, up from 15 percent, although the actual number may be greater as most organizations aren’t aware of…
The current and older versions of PrinterLogic Print Management Software contain three high-severity vulnerabilities that would-be attackers could exploit to reconfigure the software and remotely execute code. According to a security advisory from the CERT/CC at Carnegie Mellon University’s Software Engineering Institute, the PrinterLogic agent fails to properly validate the PrinterLogic management portal’s SSL certificate…
At least two million internet-connected devices featuring the peer-to-peer (P2P) communications technology iLnkP2P contain two major security flaws that could allow malicious actors to discover the products online, snoop on them and hijack them. Security researcher Paul Marrapese discovered the issue in hundreds of brands of security cameras, baby monitors, smart doorbells and digital video…
The most recent iteration of the Child’s Play franchise features the murderous doll Chucky as a rogue IoT device gone mad. The new film’s trailer features Chucky connected to the “Buddi” platform which allows users to control all of their connected home devices including various electronics, toys, and anything else that can be forged into…
