Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force. It stems from the platform using a static key to sign JSON Web Tokens (JWTs) issued to clients. With knowledge of that key, which can be easily obtained, attackers could forge valid requests that would allow them to identify to the system as higher privileged users.
“Because ThingsBoard allowed the default key to be used without requiring administrators to change it, and because that default key was also exposed publicly in the configuration files, the door was opened for attackers to gain unauthorized access in excess of what is intended,” the X-Force researchers said in their report.
Books and short stories get snapped up for adaptations all the time; many, no matter how amazing the source material, never actually get made into movies or TV shows. These 10 sci-fi, fantasy, and horror titles, however, are actively in the works—or at least have big names attached, so there’s definite reason to…
EXECUTIVE SUMMARY: At the mention of island hopping, you’re likely dreaming about adventures in Hawaii, the Caribbean, or similar destinations with majestic views and white-sand beaches. In the context of cyber security, island hopping refers to a sophisticated type of cyber attack. This technique is used by attackers as a means of circumventing advanced cyber […]
The post What is an ‘island hopping’ attack? (and how to stop one) appeared first on CyberTalk.
Experts warn that Telegram is becoming a privileged platform for phishers that use it to automate their activities and for providing various services. Kaspersky researchers have published an analysis of phishers’ Telegram channels used to promote their services and products. The experts pointed out that crooks engaged in phishing activities have started to rely on […]
The post Phishers migrate to Telegram appeared first on Security Affairs.
In 2017 everyone was talking about The Power. The sci-fi novel topped bestseller lists, was featured in book clubs and on morning talk shows, and Barack Obama named it one of the best books he read that year. In the book young women are able to control electrical currents and even emit electricity. The satirical novel…
If you’re on the line, stay on the line! That is: Stay on your iPhone call with emergency services if Apple’s crash detection feature unnecessarily calls for help on your behalf.
