Security News
Operated by Chinese smart device company ThroughTek, Kalay is pitched as a cloud-based solution for vendors of home automation devices, including security cameras, smart locks, video doorphones, smart power plugs, and even personal cloud storage hardware such as NAS devices. As you can see, the idea is that instead of creating their own protocol, setting up their own servers and building their own home automation service, home device makers can build the Kalay software into their own firmware, and use the existing Kalay network so their customers can manage and access the devices.
LAS VEGAS - Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user's face planted on a tampered clone of an external USB-based webcam. According to research disclosed here at Black Hat USA 2021, the flaw still allows attackers - in some scenarios - to bypass Windows Hello and Windows Hello for Business, used for single-sign-on access to a user's computer and a host of Windows services and associated data.
At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal. An in-depth analysis of the employed malware families suggests that Chinese hacker groups TA428 and TaskMasters were behind a series of attacks that targeted Russian government agencies in 2020, Group-IB says.
A "Left-wing" German infosec researcher was this week threatened with criminal prosecution after revealing that an app used by Angela Merkel's political party to canvass voters was secretly collecting personal data. In May, during federal elections in Germany, the CDU equipped its door-knocking activists with an app called CDU Connect.
Intrinsic ID announced a partnership with the U.S. Defense Advanced Research Projects Agency (DARPA) to make its digital authentication and security technology accessible to DARPA researchers. The...
Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the "Fix list," and even by Apple's brisk and efficient bug-listing standards, the information published was thin. All we know is that Apple says that it "Is aware of a report that this issue may have been actively exploited".
Security researchers at Guardicore Labs are sharing details of a critical vulnerability in Hyper-V that Microsoft patched in May 2021. Tracked as CVE-2021-28476 with a CVSS score of 9.9, the security vulnerability impacts Hyper-V's virtual network switch driver and could be exploited to achieve remote code execution or cause a denial of service condition.
Following cryptic reports of a malware attack that paralyzed the Iranian train system on July 9, SentinelOne threat hunters reconstructed the attack chain and discovered a destructive wiper component that could be used to scrub data from infected systems. In a research paper, SentinelOne threat hunter Juan Andres Guerrero-Saade said the never-before-seen wiper was developed in the past three years and appears designed for reuse in multiple campaigns.
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. "Sadly, actually getting Raven, also known as Raven Fishing, to do anything about the issue proved challenging."We immediately tried to get in touch with Raven once we discovered the open database, but did not receive a response from Raven regarding the breach," SafetyDetectives' researchers noted.
Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is offered as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform.