Étiquette : vulnerability (page 1 of 21)

“Le système d’alarme de la firme, destiné au grand public, se compose de capteurs de mouvements, d’un clavier et d’une enceinte liés à une application. Mais la société californienne a également révélé la présence d’un microphone, activé récemment pour transformer l’appareil en enceinte connectée. Alors que le produit est disponible à la vente depuis novembre 2017, la société n’en avait jamais parlé.”

Source : Comment un Nest Secure sans micro peut-il devenir un Google Home ? Plot twist : il y avait un micro… caché

“Qui se cache derrière cette opération ? Compte tenu de l’engagement à gauche d’un certain nombre de victimes, en particulier chez les youtubeurs et les personnalités des médias, mais aussi à cause de l’absence de responsables de l’AfD parmi ceux dont les données ont été divulguées, les soupçons se sont d’emblée portés vers l’extrême droite. « Selon moi, il s’agit d’une attaque informatique qui vient de la nébuleuse proche de l’AfD », a ainsi déclaré le député Patrick Sensburg, chargé des questions de renseignement au sein du groupe CDU-CSU du Bundestag”

Source : Vive émotion en Allemagne, après les révélations d’une cyberattaque massive

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret

Location data

“Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher. Her smartphone goes with her. An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times. While Ms. Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.”

Source : Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret – The New York Times

Navy aircraft carrier USS Ronald Reagan conducting an exercise in the South China Sea in August.

“Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities. A series of incidents in the past 18 months has pointed out the service’s weaknesses, highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing. Cyberattacks affect all branches of the armed forces but contractors for the Navy and the Air Force are viewed as choice targets for hackers seeking advanced military technology, officials said.”

Source : Chinese Hackers Breach U.S. Navy Contractors – WSJ

Image from Amazon patent

“Recently, a patent application from Amazon became public that would pair face surveillance — like Rekognition, the product that the company is aggressively marketing to police and Immigration and Customs Enforcement — with Ring, a doorbell camera company that Amazon bought earlier this year.”

Source : Amazon’s Disturbing Plan to Add Face Surveillance to Your Front Door | American Civil Liberties Union

Illustration by Taylor Callery

“Taylor Swift fans mesmerized by rehearsal clips on a kiosk at her May 18th Rose Bowl show were unaware of one crucial detail: A facial-recognition camera inside the display was taking their photos. The images were being transferred to a Nashville “command post,” where they were cross-referenced with a database of hundreds of the pop star’s known stalkers”

Source : The Future of Entertainment – Rolling Stone

A 3D-printed head being made at the Backface studio in Birmingham, U.K.

“No such luck with the iPhone X, though. Apple’s investment in its tech – which saw the company work with a Hollywood studio to create realistic masks to test Face ID – has clearly paid off. It was impossible to break in with the model. Microsoft appeared to have done a fine job too. It’s new Windows Hello facial recognition also didn’t accept the fake head as real. Little surprise the two most valuable companies in the world offer the best security.”

Source : We Broke Into A Bunch Of Android Phones With A 3D-Printed Head

“Le géant américain a annoncé, vendredi 30 novembre, que le système de réservation de Starwood avait été piraté. Il s’agit d’un incident d’une ampleur rare dans l’histoire des fuites de données. Le piratage a en effet rendu accessibles pendant quatre ans les données de centaines de millions de clients. Entre 2014 et septembre 2018, les pirates avaient en effet accès à une base de données contenant des données personnelles de « 500 millions de clients qui ont fait une réservation » dans un des hôtels de l’entreprise Starwood. Cette dernière possède notamment les marques Westin, Sheraton, W Hotels ou Le Méridien.”

Source : Un piratage compromet les données de centaines de millions de clients du groupe hôtelier Marriott

“People underestimate how easy a malicious hacker could have used a vulnerability like this to cause major havoc,” TheHackerGiraffe said. “Hackers could have stolen files, installed malware, caused physical damage to the printers and even use the printer as a foothold into the inner network. “The most horrifying part is: I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes.”

Source : Someone hacked printers worldwide, urging people to subscribe to PewDiePie – The Verge

Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs

“Audio device maker Sennheiser has issued a fix for a monumental software blunder that makes it easy for hackers to carry out man-in-the-middle attacks that cryptographically impersonate any big-name website on the Internet. Anyone who has ever used the company’s HeadSetup for Windows or macOS should take action immediately, even if users later uninstalled the app.”

Source : Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs | Ars Technica

« Older posts

© 2019 no-Flux

Theme by Anders NorenUp ↑