Researchers find hole in EU-wide identity system
The EU has fixed a flaw in the powerful yet complex eIDAS digital identification system that let people authenticate as someone else. Continue reading Researchers find hole in EU-wide identity system
Category Archives: SEC Consult
Millions at risk from default webcam passwords
Hangzhou Xiongmai Technology Co.,Ltd (Xiongmai), the Chinese manufacturer that made many of the devices left vulnerable to Mirai, is back with another vulnerability that puts millions of devices across the world at risk yet again. Continue reading Millions at risk from default webcam passwords
9 million Xiongmai cameras, DVRs wide open to attack
SEC Consult researchers have issued a warning about a handful of critical vulnerabilities they discovered in video surveillance equipment by Chinese manufacturer Hangzhou Xiongmai Technology. About the vulnerabilities The discovered vulnerabilities inc… Continue reading 9 million Xiongmai cameras, DVRs wide open to attack
Naming & Shaming Web Polluters: Xiongmai
What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiong… Continue reading Naming & Shaming Web Polluters: Xiongmai
Naming & Shaming Web Polluters: Xiongmai
What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras. Continue reading Naming & Shaming Web Polluters: Xiongmai
Vulnerability research and responsible disclosure: Advice from an industry veteran
“Everything changes once you have to supervise and mentor and schedule and coordinate and keep in mind all the things others don’t. You often have to hold back your own wish to research a certain thing yourself or crack things open, because peopl… Continue reading Vulnerability research and responsible disclosure: Advice from an industry veteran
Crypto flaw in Oracle Access Manager can let attackers pass through
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account. About the vulnerability The vulnerability arises from a flawed cryptographic format used by… Continue reading Crypto flaw in Oracle Access Manager can let attackers pass through
Another baby monitor is allowing strangers to spy on children
Researchers say Mi-Cam is easy to hijack: turn it off to keep the kids from being eyeballed by prying eyes or chatted up by strangers. Continue reading Another baby monitor is allowing strangers to spy on children
What online sex toys can teach you about secure coding
Like other IoT security flubs, this one is full of elementary errors that you’re just not supposed to make any more. Continue reading What online sex toys can teach you about secure coding
Microsoft’s October Patch Batch Fixes 62 Flaws
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start. Continue reading Microsoft’s October Patch Batch Fixes 62 Flaws