UK Proposes Weak Security Law for IoT Devices; Calls it Strong The UK is proposing a law similiar to California’s existing IoT law and calls it strong security. What makes it strong is that they call it strong, maybe? The bill requires that default passwords on IoT devices be unique (likely part of the serial […]
Continue reading → [DISPLAY_ACURAX_ICONS]Orphaned Data in the Cloud Researchers at security firm vpnMentor found an unsecured S3 bucket with passport, tax forms, background checks, job applications and other sensitive data for thousands of employees of British consultancies. Many of the firms involved are no longer in business. The researchers reported this to Amazon and the UK’s Computer Emergency […]
Continue reading → [DISPLAY_ACURAX_ICONS]Albany Int’l Airport Hit By Ransomware via MSP In what is becoming an all too common story, the Managed Service Provider that supported Albany, NY’s airport, Logical Net of Schenectady, NY, was hacked and from there, the hackers were able to connect to the airports administrative network and infect it with REvil ransomware, the same […]
Continue reading → [DISPLAY_ACURAX_ICONS]Starbucks Leaves Their API Key in a Public Github Repository Vulnerability hunter Vinoth Kumar found a Starbucks API key in a public Github repo. The flaw was set to CRITICAL after they verified that the key gave anyone access to their Jumpcloud (An AD alternative) directory. The problem was reported on October 17th and it […]
Continue reading → [DISPLAY_ACURAX_ICONS]