Software Development Kit - SDK - Cyber Security Review

New widespread IoT compromise could affect millions of logic controller chips

Posted onAugust 15, 2023August 16, 2023

Microsoft security researcher Vladimir Tokarev demonstrated an interesting attack on the industrial internet of things automation software called Codesys. Tokarev, who showed the exploit last week at the annual BlackHat security conference in Las Vegas, used a miniature elevator model Read More …

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

Posted onAugust 10, 2023September 18, 2023

Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions Read More …

Major security flaws in popular Quickblox chat and video framework expose sensitive data of millions

Posted onJuly 12, 2023July 16, 2023

Real-time chat and video services available within telemedicine, finance, and smart IoT device applications used by millions of people, rely on the popular QuickBlox framework. QuickBlox supplies mobile and web application developers with a SDK and APIs to deliver not Read More …

U.S. Special Operations Command Paid $500,000 to Secretive Location Data Firm

Posted onMarch 30, 2021January 5, 2023

A section of U.S. Special Operations Command (SOCOM), a part of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, paid half a million dollars to a company that sells access to location data harvested from ordinary apps installed on Read More …

U.S. Government Contractor Embedded Software in Apps to Track Phones

Posted onAugust 7, 2020January 5, 2023

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents Read More …

RSA coughs to critical-rated bug in its authentication SDK

Posted onDecember 3, 2017December 5, 2017

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Read More …

Over 500 Android Apps On Google Play Store Found Spying On 100 Million Users

Posted onAugust 22, 2017August 23, 2017

Over 500 different Android apps that have been downloaded more than 100 million times from the official Google Play Store found to be infected with a malicious ad library that secretly distributes spyware to users and can perform dangerous operations. Read More …