A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world.
Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw.
Read more…
Source: TechCrunch
Related:
- Thousands of TP-Link routers have been infected by a botnet to spread malware
March 11, 2025
According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity ...
- Patch Tuesday – March 2025
March 11, 2025
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware of public disclosure for one other vulnerability. This is ...
- Cisco Releases Security Advisory for Secure Client
March 6, 2025
Cisco has released a security advisory to address a vulnerability in its Secure Client for Windows. Secure Client is Cisco’s endpoint virtual private network (VPN) solution. CVE-2025-20206 has a CVSSv3 score of 7.1 and if exploited could allow an authenticated, local attacker to achieve arbitrary code execution (ACE) on the affected machine with SYSTEM privileges via ...
- Android zero-day vulnerabilities actively abused – update as soon as you can
March 5, 2025
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available ...
- Critical Zero-day Vulnerabilities in VMware ESXi, Workstation, and Fusion
March 4, 2025
Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor through a running virtual machine. VMware’s official advisory does not include all affected product versions. VMware’s official advisory VMSA-2025-0004 includes a Response Matrix detailing the fixed releases for each product. VMware have also released an FAQ detailing the following: You are ...
- PayPal’s “no-code checkout” abused by scammers
February 27, 2025
Malwarebytes Labs recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due ...