Two Santa Cruz students uncover security bug that could let millions do their laundry for free


A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world.

Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw.

Read more…
Source: TechCrunch


Sign up for our Newsletter


Related:

  • Law firm Kirkland sued in class action over MOVEit data breach

    June 10, 2024

    U.S. law firm Kirkland & Ellis, the world’s largest law firm by revenue, has been pulled into U.S. litigation over a wide-ranging data breach linked to a file transfer tool that compromised data at hundreds of organizations. A proposed class action, opens new tab filed on Friday accused Kirkland and several other companies, including health insurer ...

  • Microsoft Recall snapshots can be easily grabbed with TotalRecall tool

    June 6, 2024

    Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a ...

  • Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

    June 5, 2024

    The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading ...

  • The Dreaded Network Pivot: An Attack Intelligence Story

    June 4, 2024

    Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to their annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with their detection and response and threat intelligence teams. It is designed to provide the clearest view yet into ...

  • The impact of legacy vulnerabilities in today’s cybersecurity landscape

    June 4, 2024

    Of the top five most widely used network attacks against SMBs, the ‘newest’ vulnerability represented were nearly three years old, while the oldest were over a decade old – which is primitive when considering the modern threat environment. The results are a clear reminder for CISOs and cybersecurity leaders that they must assess organizational threats based ...

  • CVE-2024-24919: Check Point Security Gateway Information Disclosure

    May 30, 2024

    On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, ...