Amazon Bans Flipper Zero, Claiming It Violates Policy Against Card Skimming Devices
Amazon has banned the incredibly versatile Flipper Zero pen-testing tool on its platform, labeling it as a prohibited card-skimming device.
News & Updates
Apple issues emergency patches for spyware-style 0-day exploits – update now!
A bug to hack your browser, then a bug to pwn the kernel… reported from the wild by Amnesty International.
Polling the Internet: Disinformation or Not?
This week, the New York Times reported that a tranche of classified material had leaked to the web. The documents, which were purported to involve the Pentagon and NATO’s military stratagems to assist the Ukrainians in their war with the Russians, were found on Twitter and the chat app Telegram.
News & Updates
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits.
The impacted products include:
- Scadaflex II controllers made by Industrial Control Links
- Screen Creator Advance 2 and Kostac PLC programming software from JTEKT Electronics
- Korenix JetWave industrial wireless access points and communications gateways
- Hitachi Energy’s MicroSCADA System Data Manager SDM600
- mySCADA myPRO software
- Rockwell Automation’s FactoryTalk Diagnostics
ScadaFlex II series controllers are what’s known in the industry as packaged controllers, stand-alone systems that are built with custom software, processing power and I/O capabilities for controlling and monitoring other industrial processes. According to CISA, multiple versions of the software running on the SC-1 and SC-2 controllers are impacted by a critical vulnerability — CVE-2022-25359 with CVSS score 9.1 — that could allow unauthenticated attackers to overwrite, delete, or create files on the system.
11 Things We Want to See in the Dungeons & Dragons Sequel
It remains to be seen if Dungeons & Dragons: Honor Among Thieves will be popular (and profitable) enough to warrant Hasbro and Paramount making a sequel. It would be a shame if it didn’t, however, as the movie was a blast that stayed nerdy while remaining comprehensible to mass audiences. So if there will be a sequel,…
My New Smart Bird Feeder Showed Me That Birds Are Absolutely Brutal
It’s been one of those weeks where I’ve been quietly toiling away in the lab, getting new gadgets set up for upcoming reviews. One of the latest pieces of kit to come across my desk is the Bird Buddy, a smart bird feeder that dynamically snaps the birds feasting at your outdoor buffet for you, and can even help you…
Security
Friday Squid Blogging: Squid Food Poisoning
University of Connecticut basketball player Jordan Hawkins claims to have suffered food poisoning from calamari the night before his NCAA
News & Updates
Almost Half of Former Employees Say Their Passwords Still Work
It’s not hacking if organizations fail to terminate password access after employees leave.
News & Updates
Apple addressed two actively exploited zero-day flaws
Apple released emergency security updates to address two actively exploited zero-day vulnerabilities impacting iPhones, Macs, and iPads. Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, impacting iPhones, Macs, and iPads. Impacted devices include: Both vulnerabilities were reported by Clément Lecigne of Google’s Threat Analysis Group […]
The post Apple addressed two actively exploited zero-day flaws appeared first on Security Affairs.