Security News
A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu.Jiang added that his team had been "Notified of a case in which a user started a print on someone else's printer" - and linked through to a Reddit post where someone had used a stranger's printer to print the words: "TSD is not secure/ I randomly connected /sorry had to inform u.".
A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu. Jiang added that his team had been "Notified of a case in which a user started a print on someone else's printer" - and linked through to a Reddit post where someone had used a stranger's printer to print the words: "TSD is not secure/ I randomly connected /sorry had to inform u.".
Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the "Biggest [attack] in DeFi history." Protocols like Poly Network allow cryptocurrency traders to exchange digicash across various blockchains; they can be used to swap Bitcoin for Ethereum, for example.
US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices. The settlement was filed Saturday in an attempt to end a class action that alleged Zoom indulged in unlawful activities - including misrepresenting its end-to-end encryption capabilities and unauthorized transfer of personal data to third parties like Facebook, Google and LinkedIn - as well as implementing grossly inadequate security and privacy controls.
Fans of John le Carré's Tinker Tailor Soldier Spy know how top military secrets are extracted from the enemy. If head KGB spy Karla wanted to learn intricate details of the British military today, he'd just have to check WhatsApp.
Mozilla Thunderbird spent the last couple of months saving some users' OpenPGP keys in plain text - but that's now been patched, the author of both the bug and the patch fixing it has told The Register. The vulnerability, assessed as "Low" impact by Mozilla, existed in the free open source Thunderbird email client between version 78.8.1 and version 78.10.1 after a crestfallen maintainer realised carefully designed protections were in fact not protecting users' private OpenPGP keys.
The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers. Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".
Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue.
TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.
Privacy-focused browser maker Brave has responded to complaints about affiliate links by apologising for a coding error but also stating that adding affiliate links to search queries is standard practice. The browser was never guilty of the more serious accusation of injecting affiliate links into the HTML rendered for a page, said Brave.