New widespread IoT compromise could affect millions of logic controller chips

Microsoft security researcher Vladimir Tokarev demonstrated an interesting attack on the industrial internet of things automation software called Codesys. Tokarev, who showed the exploit last week at the annual BlackHat security conference in Las Vegas, used a miniature elevator model Read More …

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions Read More …

Major security flaws in popular Quickblox chat and video framework expose sensitive data of millions

Real-time chat and video services available within telemedicine, finance, and smart IoT device applications used by millions of people, rely on the popular QuickBlox framework. QuickBlox supplies mobile and web application developers with a SDK and APIs to deliver not Read More …

U.S. Special Operations Command Paid $500,000 to Secretive Location Data Firm

A section of U.S. Special Operations Command (SOCOM), a part of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, paid half a million dollars to a company that sells access to location data harvested from ordinary apps installed on Read More …

U.S. Government Contractor Embedded Software in Apps to Track Phones

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents Read More …

RSA coughs to critical-rated bug in its authentication SDK

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Read More …