This week's #infosec newsletter issue is out! Have a look at it. It includes, but not only:

• CISA warns of actively exploited #Plex bug after #LastPass breach
• Brazil seizing #FlipperZero shipments to prevent use in crime
• #IBM X-Force on defining the #CobaltStrike Reflective Loader
• Security researchers targeted with new #malware via job offers on #LinkedIn
• Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website
• Xenomorph #Android malware now steals data from 400 banks
• #GitHub makes 2FA mandatory next week for active developers
• The #Akuvox E11 door phone/intercom is riddled with security holes
• Custom Chinese Malware Found on #SonicWall Appliance
• Building Great OT Incident Response Tabletop Exercises, by @hacks4pancakes
• Warning: Don't Let #Google Manage Your #Passwords
• #Fortinet warns of new critical unauthenticated RCE #vulnerability
• #Veeam fixes bug that lets hackers breach #backup infrastructure
• AI-Powered '#BlackMamba' Keylogging Attack Evades Modern #EDR Security
• Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
• #Emotet malware attacks return after three-month break

.. And many more. Subscribe to receive it directly in your inbox every Sunday!

#cybersecurity #security #newsletter

https://0x58.substack.com/p/my-shared-links-week-102023

The #Akuvox E11 door phone/intercom is riddled with #security holes.

The 13 vulnerabilities found by Claroty include a missing authentication for critical functions, missing or improper authorization, hard-coded keys that are encrypted using accessible rather than cryptographically hashed keys, and the exposure of sensitive information to unauthorized users. As bad as the vulnerabilities are, their threat is made worse by the failure of Akuvox—a China-based leading supplier of smart intercom and door entry systems—to respond to multiple messages from Claroty, the CERT coordination Center, and Cybersecurity and Infrastructure Security Agency over a span of six weeks. Claroty and CISA publicly published their findings on Thursday here and here.

#infosec #privacy #smartHome

https://arstechnica.com/information-technology/2023/03/go-ahead-and-unplug-this-door-device-before-reading-youll-thank-us-later/

Go ahead and unplug this door device before reading. You’ll thank us later. - Enlarge / The Akuvox E11 (credit: Akuvox)

The Akuvox E11 is bi... - https://arstechnica.com/?p=1922784 #securityvulnerabilities #internetofthings #doorphones #biz⁢ #akuvox #iot

Ars Technica: Go ahead and unplug this door device before reading. You’ll thank us later. https://arstechnica.com/?p=1922784 #Tech #arstechnica #IT #Technology #securityvulnerabilities #Internetofthings #doorphones #Biz&IT #akuvox #iot