Trustwave SpiderLabs has found a vulnerability in the Sinilink XY-WFT1 Remote WiFi home Thermostat. When running firmware V1.3.6, it allows an attacker to replay the same data or similar data, possibly allowing an attacker to control the device attached to the relay without requiring authentication.
As we start a new year, let's think about how we can draw up a plan to exercise our cyber fitness and make it a culture that sticks. It's a critical time to get this done as we work toward a new era where we're breaking down silos, understanding the new ecosystem movement going forward and the edge computing phenomenon.
Read also: Twitter says there’s no evidence of a new breach, Microsoft fixes a Windows zero-day, and more.
Building a new API for your web app is an exciting undertaking. It’s beneficial for everyone involved: the developers who want to build integrations for your app, the users who will reap the rewards of those connections, and your bottom line as more people are drawn to your network. New APIs may be beneficial for developers, but hackers also see this as an opportunity to gain unauthorized access to data stored on your servers.
The HIPAA 1996 (Health Insurance Portability and Accountability Act) is a federal law enacted by the U.S. Congress that regulates how healthcare organizations handle PHI (protected health information) and ePHI (electronic protected health information). This includes complex and extensive rules for protecting critical medical data and sensitive patient information, so HIPAA non-compliance is often met with severe penalties.
I predict that 2023 will be the year of Passkeys. Passkeys are a new passwordless authentication method allowing users to create online accounts and sign in without entering a password. Passkeys have been years in the making and finally, industry fido alliance collaboration (fido2) and the adoption between Apple, Microsoft, and Google have now made it a reality. Passkeys leverage the WebAuthn API to let users log into various websites and applications.
Google Cloud Provider (GCP) Filestore is a good place to keep lots of rich, unstructured data, such as graphic designs, video editing files, and other media workflows that use files as input and output. Having GCP Filestore backups enables users to protect themselves against the rare case of inaccessibility, accidental changes, ransomware attacks, or other types of disasters.
Mobile device use is pervasive, and has eclipsed traditional computing. We often hear how various malicious mobile apps are released into circulation. For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that must be taken more seriously, as the very real threats to business proliferate.
It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed.
