BlackBerry this week informed customers that the QNX embedded operating system is affected by a BadAlloc vulnerability leading to arbitrary code execution or denial of service. Publicly disclosed in April, BadAlloc is a collection of 25 vulnerabilities impacting many Internet of Things (IoT) and operational technology (OT) devices. The flaws can allow malicious attackers to…
Endpoint Security , Internet of Things Security Researchers: Kalay Protocol Flaw Could Affect Millions of Connected Devices Scott Ferguson (Ferguson_Writes) • August 17, 2021 Example of how an attacker could exploit a vulnerability in ThroughTek’s Kalay protocol (Source: FireEye) FireEye researchers and the U.S. Cybersecurity and Infrastructure Security Agency are warning about a…
BlackBerry this week informed customers that the QNX embedded operating system is affected by a BadAlloc vulnerability leading to arbitrary code execution or denial of service. Publicly disclosed in April, BadAlloc is a collection of 25 vulnerabilities impacting many Internet of Things (IoT) and operational technology (OT) devices. The flaws can allow malicious attackers to…
Breach Notification , Cybercrime , Cybercrime as-a-service 40 Million Credit Applications Also Stolen; Social Security Numbers Exposed Mathew J. Schwartz (euroinfosec) • August 18, 2021 T-Mobile’s store in Times Square, New York (Photo: T-Mobile) T-Mobile USA has confirmed that its systems were breached and that investigators have found that details for 8.6 million…
Afghanistan’s former central bank governor has said that he will not return to the country despite assurances from the Taliban that former officials can return with amnesty to their jobs. Ajmal Ahmady told BBC World News that the Taliban had been looking for him, knocking on doors at properties where he had previously lived. Mr…
The thousands of people impacted by the data breach are now being notified by Colonial Pipeline. Colonial Pipeline has discovered a data breach involving the personal information of more than 5,800 individuals. The data breach comes after the headline-grabbing ransomware attack in May. According to Bleeping Computer, Darkside operators collected and exfiltrated documents containing the…
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices | IT Security News 17. August 2021 This article has been indexed from The Hacker News Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made…
The cybersecurity mantra at Jefferson Health is “if we can’t do it well, we’re not going to do it” says Mark Odom, CISO of the Philadelphia-based healthcare organization. Such an approach has proved integral to Jefferson Health’s fast-tracked transition to a cloud-first, remote model to meet the demands of the COVID-19 pandemic. In fact, by…
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management Security Experts Size Up Impact of US Rush to Leave Afghanistan Doug Olenick (DougOlenick) • August 17, 2021 It’s unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning…
It seems like we can’t go a week without hearing about another massive security breach at a mega-corporation. This week’s shocker comes courtesy of T-Mobile, at least according to one self-reported hacker claiming to sell the company’s customer data. T-Mobile says it’s “investigating” the possible theft of data from over 100 million people. If true,…
