A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world.
Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw.
Read more…
Source: TechCrunch
Related:
- Android zero-day vulnerabilities actively abused – update as soon as you can
March 5, 2025
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available ...
- Critical Zero-day Vulnerabilities in VMware ESXi, Workstation, and Fusion
March 4, 2025
Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor through a running virtual machine. VMware’s official advisory does not include all affected product versions. VMware’s official advisory VMSA-2025-0004 includes a Response Matrix detailing the fixed releases for each product. VMware have also released an FAQ detailing the following: You are ...
- PayPal’s “no-code checkout” abused by scammers
February 27, 2025
Malwarebytes Labs recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due ...
- Proof-of-Concept Exploits Released for RSync Vulnerabilities
February 26, 2025
Five vulnerabilities have been discovered within the RSync utility. RSync is a popular tool for transferring and synchronising files between different systems. RSync is commonly used in Unix-like operating systems. CVE-2024-12084 is a ‘heap-based buffer overflow’ vulnerability, with a CVSSv3 score of 9.8. When used alongside CVE-2024-12085, attackers could gain remote code execution (RCE). CVE-2024-12085 is an ...
- F5 Releases Quarterly Security Notification
February 24, 2025
F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, 3 rated as medium impact, and 1 as low impact. One of the high impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 ...
- Medixant Releases Security Update for RadiAnt DICOM Viewer
February 24, 2025
Medixant has released a security update to address an improper certificate validation vulnerability in RadiAnt DICOM Viewer. CVE-2025-1001 has a CvSSv4 score of 5.7 and could allow an attacker with privileged network access to impersonate RadiAnt’s update server. An attacker could modify the server’s response to deliver a malicious update to the user, performing a machine-in-the-middle ...