Press Release
Nine widely used WiFi routers had 226 vulnerabilities.
Even when using the most recent firmware, security researchers examined nine widely used WiFi routers and discovered a total of 226 possible vulnerabilities in them.
Millions of people use the tested routers, which are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.
The TP-Link Archer AX6000, which has 32 problems, and the Synology RT-2600ac, which has 30 security flaws, are the two devices with the most vulnerabilities.
The examination process
In partnership with CHIP magazine, researchers at IoT Inspector conducted security tests with a focus on models primarily used by small businesses and residential users.
According to Florian Lukavsky, CTO & Founder at IoT Inspector, “vendors provided them with current models, which were upgraded to the newest firmware version, for Chip’s router review.”
“IoT Inspector automatically examined the firmware versions and searched for more than 5,000 CVEs and other security flaws.”
Although not all defects posed the same risk, the researchers discovered a few widespread issues that impacted the majority of the evaluated models:
The firmware contains an outdated Linux kernel.
stale VPN and multimedia features
over-reliance on BusyBox’s earlier iterations
weak default passwords like “admin” are used
Hardcoded credentials are present in plain text.
Changing the router’s default password when configuring it for the first time is one of the most crucial steps you can take to secure it, according to Jan Wendenburg, CEO of IoT Inspector.
Whether an IoT device is used at home or in a corporate network, changing the password upon first use and turning on automatic updates must be regular procedure, according to Wendenburg.
In addition to manufacturer-introduced vulnerabilities, utilising an IoT device with the adage “plug, play, and forget” poses the greatest risk.
Press Release
After discontinuing support for ransom payments, insurer AXA was attacked by ransomware.
A ransomware cyber assault has targeted the Thai, Malaysian, Hong Kong, and Philippine branches of the world’s largest insurance company, AXA.
The Avaddon ransomware organisation claimed yesterday, as reported by BleepingComputer, that it had stolen 3 TB of private data from AXA’s Asian operations.
Additionally, AXA’s international websites were down yesterday for a while due to a Distributed Denial of Service (DDoS) attack, according to BleepingComputer.
The group claims that the compromised data collected by Avaddon includes copies of ID cards, bank account statements, claim forms, payment records, contracts, claim forms for customers that reveal their sexual health diagnosis, and more.
The group’s statement follows AXA’s revelation that it would no longer cover ransomware extortion payments when underwriting cyber-insurance plans in France.
Asian AXA offices are targeted by a ransomware organisation.
The ransomware organisation Avaddon took responsibility for the attack on AXA’s offices in Asia yesterday.
The group also asserted that there was a DDoS attack ongoing against AXA’s websites hosted in Thailand, Malaysia, Hong Kong, and the Philippines:
The Avaddon ransomware gang initially made the threat to launch DDoS assaults to take down victims’ websites or networks until they get in touch and start negotiating to pay the ransom in February 2021.
When ransomware gangs started deploying DDoS assaults against their victims as an extra point of leverage in October 2020, BleepingComputer became the first publication to report on this new development.
About a week after AXA announced that payment for ransomware extortion settlements would no longer be included in their cyber-insurance policies sold in France, Avaddon announced the attack on AXA’s infrastructure.
Avaddon started dumping part of the stolen data on their leak site yesterday, as seen by BleepingComputer, even if the exact date of the incident remains unknown.
Avaddon also threatened to expose AXA’s priceless records if the insurance firm didn’t get in touch with them and work with them within 10 days.
The gang asserts to have obtained 3 TB of AXA data, which includes:
client medical records (including those containing sexual health diagnosis)
customer claims payments to consumers’ bank accounts scanned records content only available to hospitals and physicians (private fraud investigations, agreements, denied reimbursements, contracts)
Identity cards, passports, and other forms of identification
AXA: Access to data by a Thai partner only, “No Evidence”
AXA responded when approached by BleepingComputer as follows:
A recent targeted ransomware assault on Asia Assistance affected its IT operations in Thailand, Malaysia, Hong Kong, and the Philippines.
As a result, someone was able to access some data handled by Inter Partners Assistance (IPA) in Thailand.
“At this time, there is no proof that any additional data was accessed in Thailand beyond IPA.”
“The incident is being investigated by a dedicated taskforce that includes outside forensic experts. Partners in business and regulators have been informed.”
According to an AXA spokesman, “AXA takes data privacy very seriously and will take the appropriate procedures to notify and help all corporate clients and people impacted” if IPA’s investigations reveal that sensitive data of any persons have been affected.
The incident’s timing is interesting in light of this week’s FBI and Australian Cyber Security Centre (ACSC) alerts on ongoing Avaddon ransomware assaults aimed at enterprises from a wide range of industries in the US and around the world.
Attackers who use ransomware on enterprises continue to expand and interrupt many operations while demanding extortionate ransom payments.
The DarkSide cyberterrorist organisation recently requested $5 million to reactivate the Colonial Pipeline infrastructure.
Additionally, just this week, BleepingComputer reported that a $20 million ransomware demand was made on Ireland’s Health Services.
Press Release
Microsoft provides a fix for persistent Outlook login issues.
Microsoft is attempting to resolve ongoing sign-in issues that are preventing certain users of Outlook for Microsoft 365 from accessing their accounts.
Users who attempt to enter into Outlook using their Outlook.com accounts or those who have already added the accounts to their Outlook profiles are affected by the login issues.
The users will get the following error messages instructing them to use a work or school account rather than signing in: “You are unable to log in using a personal account here. Use your account from work or school instead.”
Although Microsoft claims that the Outlook Team is working on a patch for this known problem, users can access their accounts using an official workaround until a fix is released.
“You can get around the problem by disabling Support Diagnostics, which disables the ability to contact support through the In App Help menu by choosing Contact Support. The fault is connected to how Outlook is authenticating for the diagnostics in some cases, “explained Microsoft.
You must enable the DisableSupportDiagnostics policy setting in Outlook to turn off support diagnostics and stop it from informing support services about client failure.
According to the Group Policy Administrative Templates Catalog, “This policy setting determines whether Outlook can communicate client information on failure to support services with the intent of diagnosing the issue or making the information available to support to help with the diagnosis/resolution of the issue and/or provide contextual error messaging to the user.”
A different flaw that can prohibit users from configuring Exchange Online mailboxes in Outlook for Windows is something Redmond claimed it was attempting to fix last week.
Early in October, the company started releasing a remedy for a different problem that has been causing Outlook for Microsoft 365 to freeze and crash after opening since August.
Press Release
After discovering a credit card skimmer, Costco admits a data breach.
Customers who recently made purchases at one of Costco Wholesale Corporation’s stores have received notification letters informing them that their credit card information may have been stolen.
According to Fortune 500 rankings, the retail giant—also known as Costco Wholesale and Costco—is an American multinational that runs a sizable chain of membership-only retail locations. It is the fifth-largest retailer in the world and the tenth-largest firm in the US by total revenue.
It runs e-commerce websites with 737 warehouses across the world that cater to the Americas, Europe, and Asia, among other global regions.
planted skimmer in the Costco warehouse
During a regular check by Costco staff, a credit card skimming device was found in one of the company’s warehouses, leading to the discovery of the breach.
The business got rid of the gadget, let the authorities know, and is now assisting the police in their investigation.
In breach notification letters, Costco informed possibly impacted customers that they had recently visited a Costco facility where a payment card skimming device had been found.
“Our member records show that throughout the possible operational period of the device, you swiped your payment card to make a purchase at the impacted terminal.”
probable theft of customer financial information
Costco said that if those who placed the card theft device had been successful in accessing the data prior to the skimmer being discovered and taken out, then consumers affected by the incident may have had their payment information stolen.
The magnetic stripe of your credit card, which contains your name, card number, card expiration date, and CVV, may have been obtained by unauthorised individuals if they were able to remove information from the device before it was identified, according to Costco.
Customers were given advice by the retailer to check their bank and credit card statements for fraudulent payments and alert the appropriate financial institutions to any suspect activities.
The total number of customers who were impacted or the warehouse where the skimmer device was discovered were not disclosed in the data breach notification letters sent to affected consumers.
Although the business withheld details on the incident’s exact timing, Costco customers have been complaining about fraudulent charges on their credit cards at least since February.
-
Apps1 year ago
Why is Everyone Talking About Hindi Keyboards?
-
Social Media1 year ago
Who is Rouba Saadeh?
-
Apps1 year ago
Things you need to know about Marathi keyboard today
-
Apps1 year ago
Stuck with Your default Bangla keyboard? Isn’t it time for a change?
-
Games1 year ago
Top 7 Popular Puzzle and Card Games for Relaxing Your Brain on Mobile, Featuring Solitaire
-
Social Media1 year ago
Mati Marroni Instagram Wiki (Model’s Age, Net Worth, Body Measurements, Marriage)
-
Entertainment1 year ago
12 Online Streaming Sites that Serve as Best Alternatives to CouchTuner
-
Entertainment1 year ago
Movierulz Website: Movierulzz 2021 Latest Movies on Movierulz.com