Security News

KidsGuard comes from a company called ClevGuard that promises that its "Excellent products" will deliver "All the information" from a targeted device, including real-time location, text messages, browser history, photos, videos, recordings of phone calls, keylogger data for every keystroke entered and the app where it came from, and all the data from all the social apps - hopping over the end-to-end encryption of, for example, WhatsApp. ClevGuard says the app can also be used for iPhones without access to the device if you give it the target's iCloud credentials.

Samsung has admitted that what it calls a "Small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them.

US President Donald Trump promised to pardon WikiLeaks founder Julian Assange if he denied Russia leaked emails of his 2016 election rival's campaign, a London court was told on Wednesday. The White House quickly issued a denial that Trump had dangled a pardon in exchange for help in the Russia controversy, which has cast a shadow over his first term in office.

If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. Dubbed CacheOut a.k.a. L1 Data Eviction Sampling and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port. A hacker has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things devices online on a popular hacking forum in what's being touted as the biggest leak of Telnet passwords to date, according to a published report.

Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that "Personal information and corporate confidential information may have been leaked." According to several reports from Japanese daily newspapers, the company discovered the data breach in late June, when they detected suspicious activities on a server at its Information Technology R&D Center in Kamakura, Kanagawa Prefecture, Japan.

An unprotected database was found to have exposed the data of all Wyze users who created an account before December 26, 2019. Following a report last week of an exposed database containing a great deal of information on Wyze users, the company stepped forward and confirmed the leak, while also revealing that it had launched an investigation into the matter.

Too much information.

The Internet of Things vendor confirmed that customer data was left unsecured on an Elasticsearch database.

The leaky database was online for about a week, exposing customers' vehicles information and personal identifiable information.