[HackerNews] Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution.
Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] AWS’s AI code reviewer now spots Log4Shell-like bugs in Java and Python code

All posts, ZDNet

Amazon Web Services’ automated code review helps developers find serious security issues in Java and Python applications. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Get all of the training you need to become a cybersecurity analyst for just $26

All posts, ZDNet

You don’t have to go back to school or take time away from your job in order to develop the skills required for a career as a cybersecurity analyst, all you need are affordable self-paced courses. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2021-03-15

Welcome to the era of the mega-hack www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/ We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs – – and use them to create attacks that compromise the computer systems of thousands of organisations, all at once. Right now, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.