- TrendMicro node.js HTTP server listening on localhost can execute commands – www.trendmicro.com
Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password.
- SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 – seclists.org
- Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears – arstechnica.com
Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet.
- Steal your Wi-Fi key from you doorbell?IoT WTF! – pentestpartners.com
The Ring is a Wi-Fi doorbell that connects to your home Wi-Fi. It’s a really cool device that allows you to answer callers from your mobile phone, even when you’re not home.
- Nest Thermostat Glitch Leaves Users in the Cold – nytimes.com
The Nest Learning Thermostat is dead to me, literally. Last week, my once-beloved “smart” thermostat suffered from a mysterious software bug that drained its battery and sent our home into a chill in the middle of the night.
- OpenSSH Patches Critical Flaw That Could Leak Private Crypto Keys – threatpost.com
OpenSSH today released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys.
- 26-Year-Old Hacker Sentenced to Record 334 Years in Prison – thehackernews.com
Named Onur Kopçak, the hacker was arrested in 2013 for operating a phishing website that impersonated bank site, tricking victims into providing their bank details including credit card information.
- The Evolution of the Wireless Penetration Test – immunityservices.blogspot.com
Times have quickly changed. Access points (from an unauthenticated standpoint, anyway) are much more resilient to outside attacks but wireless networks themselves are made up of more than just an access point – and they are still just as vulnerable.
- Casino Sues Security Firm for Failing to Contain Malware Infection – news.softpedia.com
US casino chain Affinity Games is suing Trustwave Holdings, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity’s servers, which led to the escalation of a previous card breach.