10Fold – Security Never Sleeps – 113

Possible Hack from Recycled Phone Number Concerns Lyft Customers

“Lyft’s login process seems to be to blame”

Instead of a standard username and password, ride-hailing application Lyft registers its users with their mobile phone number. While this is convenient for many customers, the number can remain linked to that account, even if the subscriber changes.

Mobile Tracking Devices for iPad and iPhone Riddled with Critical Flaws

“Bluetooth devices can access iTrack”

A number of critical security issues with IoT home devices have recently been uncovered by research group Rapid7. iTrack easy is of particular concern, as information can be obtained if in proximity to a device tracker. This allows cybercriminals to access GPS data, and also allows data modification without any authorization checks.

Schneider Electric PLC simulator flaw exposes workstations to hacking

“Malicious code could run with debug privileges”

Schneider Electric products industrial controllers reportedly can be hacked remotely using a new malware program found in several devices. Researchers from Indegy have been able to observe several events where unauthenticated accounts were able to execute breaches on Windows computers where Unity Pro PLC simulator was in use. Able to run with possible debugging authority creates serious concern over the security of Schneider products.

Physical RAM attack can root Android and possibly other devices

“ARM and x-86-based devices could be vulnerable”

Android devices have been found to have a possible security flaw, but not with its software. Instead the problem comes from its DRAM capacity, which is too large for the hardware it is loaded onto. With use this can lead to memory cells “leaking” electric charges onto other nearby cells, exposing sensitive and private information.



Leave a Reply

Your email address will not be published.