Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks, Carnegie Mellon University's CERT/CC warns.
All desktop and laptops shipped by Dell since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it, opening users to the danger of Man-in-the-Middle and signed malware attacks.
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices - routers, DSL/cable modems, VoIP phones, IP/CCTV cameras - represent a significant attack surface.
Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are actively searching for servers running vulnerable versions of the popular Internet forum software package.
Yan Zhu, a Technology Fellow at the Electronic Frontier Foundation, has unearthed a flaw in the Gmail Android app that can lead to very effective phishing attacks.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.