More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. From a report: The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms…
Tag: vulnerabilities
China Accused of Spying On Americans Via Caribbean Phone Networks
“A mobile security expert has accused China of exploiting cellphone networks in the Caribbean to conduct ‘mass surveillance’ on Americans,” reports Newsweek: Gary Miller, a former vice president of network security at California-based analytics company Mobileum, told The Guardian he had amassed evidence of espionage conducted via “decades-old vulnerabilities” in the global telecommunications system. While not explicitly mentioned in the report,…
Open Source Developers Say Securing Their Code Is ‘Insufferably Boring’ and ‘Soul-Withering’
“A new survey of the free and open-source software (FOSS) community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this,” reports TechRepublic: Moreover, responses indicated that many respondents had little interest in increasing time and effort on security. One respondent commented that they “find the…
FireEye, a Top Cybersecurity Firm, Says It Was Hacked By a Nation-State
An anonymous reader quotes a report from The New York Times : For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be. Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies…
Python Beats Java Again in New GitHub Annual Report
This week the Microsoft-owned code repository site GitHub released its annual report with statistics about its community, writes programming columnist Mike Melanson: The report offers a deep dive into three specific areas, with a look at developer productivity in the time of COVID, community and collaboration, and open source security. Highlights include increased productivity with 35% more repositories created in 2020…
The Supreme Court Will Hear Its First Big CFAA Case
The Supreme Court will hear arguments on Monday in a case that could lead to sweeping changes to America’s controversial computer hacking laws — and affecting how millions use their computers and access online services. From a report: The Computer Fraud and Abuse Act was signed into federal law in 1986 and predates the modern internet as we know it, but…
‘Smart’ Doorbells For Sale On Amazon, eBay Came Stocked With Security Vulnerabilities
The U.K.-based security company NCC Group and consumer advocacy group Which? have found vulnerabilities in 11 “smart” doorbells sold on popular platforms like Amazon and eBay. CyberScoop reports: One flaw could allow a remote attacker to break into the wireless network by swiping login credentials. Another critical bug, which has been around for years, could enable attackers to intercept and manipulate…
US Congress Passes an IoT Security Bill ‘That Doesn’t Totally Suck’
Shotgun (Slashdot reader #30,919) shared these thoughts from The Register: Every now and again the U.S. Congress manages to do its job and yesterday was one of those days: the Senate passed a new IoT cybersecurity piece of legislation that the House also approved, and it will now move to the President’s desk. As we noted back in March when the…
Ubuntu Patches Bug That Tricked Gnome Desktop Into Giving Root Access
“Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges,” reports Ars Technica: “This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few…
HP Replaces ‘Free Ink for Life’ Plan With ’99 Cents a Month Or Your Printer Stops Working’
In a new essay at EFF.org, Cory Doctorow re-visits HP’s anti-consumer “security updates” that disabled third-party ink cartridges (while missing real vulnerabilities that could actually bypass network firewalls). Doctorow writes that it was just the beginning: HP’s latest gambit challenges the basis of private property itself: a bold scheme! With the HP Instant Ink program, printer owners no longer own their…