Post Tagged with: "patching"

New Ransomware, FessLeak, Taps Adobe Flash Flaws

February 5, 2015 11:200 comments
Invincea says a new family of ransomware, dubbed FessLeak, is spreading in malicious ads by exploiting newly disclosed vulnerabilities in Adobe's Flash technology.

In-brief: A new and sophisticated ransomware family dubbed “Fessleak” is spreading in malicious advertising (or “malvertising”) campaigns by exploiting newly disclosed flaws in Adobe’s Flash technology. Like this:Like Loading…

Read more ›

BMW Fixes ConnectedDrive Flaw with Over the Air Patch

February 2, 2015 10:140 comments
BMW's ConnectedDrive technology is vulnerable to remote attack. The company said it has already issued a patch to some 2 million affected vehicles.

In-brief: German carmaker BMW used a ‘over the air’ wireless patch to close a security flaw that could have allowed hackers to unlock the doors of Rolls-Royce, Mini and BMW vehicles. Like this:Like Loading…

Read more ›

Update: White House Drone Debacle Raises IoT Governance Questions

January 29, 2015 11:367 comments
The Chinese maker of the Phantom "drone" said it will use a mandatory firmware update to enforce a no-fly zone over Washington D.C. But not all DJI customers are happy.

In-brief: Unmanned aerial vehicles manufactured by the Chinese firm DJI will be blocked from flying over the U.S. Capitol according to a statement by the company. The move raises important questions about the role that connected device makers will play in determining how, when and where customers use their products. (Update adds commentary from Justin Davis of – PFR Jan 29, 2015 17:30) Like this:Like Loading…

Read more ›

FTC Report on Internet of Things Urges Security and Privacy Protections

January 27, 2015 18:100 comments
FTC Report on Internet of Things Urges Security and Privacy Protections

In-brief: The FTC issued a report on Tuesday that provides guidance to U.S. businesses on protecting consumers’ privacy and security in the design and deployment of “Internet of Things” devices.  Like this:Like Loading…

Read more ›

The Enduring Terribleness of Home Router Security Matters to IoT

January 21, 2015 10:380 comments
ASUS patched a critical hole in versions of its home broadband routers- just the latest serious vulnerability discovered in the ubiquitous hardware.

Last week, home broadband router maker ASUS was the latest vendor to issue an emergency patch for a critical vulnerability in its products. This, after proof-of-concept exploit code was released for the so-called “Inforsvr” vulnerability that affects several ASUS home routers. That vulnerability -if left unpatched – would allow anyone with access to a home- or small business network that used an ASUS broadband router to, essentially, commandeer the device. The “infosvr” feature is typically used for device discovery by the ASUS Wireless Router Device Discovery Utility, but the service also allowed unauthenticated users to execute commands through it using the “root” permissions, according to researcher Friedrich Postelstorfer, who created a proof of concept exploit for the security hole and released it on January 4. The exploit code finally prompted a patch from ASUS on January 13. The company had spent months analyzing the issue and working on a fix. Patch aside, it has been a worrying month for the […]

Read more ›
%d bloggers like this: