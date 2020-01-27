Proprietary Software and Security Leftovers Research Finds Hackers Can Compromise Smart Bulbs In the past, weve recommended keeping your smart gadgets simple. If you put sensitive devices onto the cloud (such as CCTV cameras), outside agents can access and use these devices. Stuff like smart bulbs, however, seemed too simple for a hacker to manipulate in a devastating way. A recent report from Check Point, however, has discovered a nasty exploit within Philips Hue which shows that even light bulbs are a nasty threat in the IoT world. Related: 5 Ways to Prevent Your IoT Devices from Becoming a Botnet How Does The Attack Work?

Zigbee vulnerability lets [attackers] use Hue bulbs to hijack your network According to Check Point, [attackers] can exploit the Zigbee vulnerability by taking control of an older Hue bulb and making it turn on and off or change color, in hopes of tricking the owner into thinking something's amiss with the bulb. If the user removes the bulb from the Hue app and re-pairs it to the bridge, the [attackers] can then use the compromised bulb to send a "heap-based buffer overload" to the bridge, essentially overwhelming it with data and paving the way for a malware attack on the user's entire network, the Check Point report says.

Oops! Microsoft gets 'black eye' from Teams outage Microsoft Teams users were unable to access the collaboration app for more than two hours Monday due to an expired authentication certificate. The outage is something of an embarrassment for Microsoft which is looking to compete with popular rival Slack in the workplace collaboration market.

Cisco Flaws Put Millions of Workplace Devices at Risk The flaws lie in the implementation of a mechanism known as the Cisco Discovery Protocol, which allows Cisco products to broadcast their identities to each other within a private network. CDP is part of a network's "Layer 2," which establishes the foundational data link between network devices. All devices use some sort of identity broadcasting mechanism, but CDP is Cisco's proprietary version.

Maze ransomware spree continues amid advisories from French, FBI officials Roughly a month after the FBI advised U.S. companies to protect themselves against a pernicious strain of ransomware, [attackers] have continued to attack victims and threaten to publicize their private information. A [cracking] group deploying Maze ransomware has used a network of websites to publicly identify organizations it claimed to [attack], and which of them refused to pay a ransom.

Boeing's passenger spacecraft actually suffered a second unknown software glitch during debut flight But the mission didn't go quite as planned. A software glitch during the launch prevented Starliner from firing its main engines at the right time, and the capsule got into the wrong orbit as a result. The vehicle never made it to the space station and had to land much earlier than expected. Now it seems that there was a second software glitch that Boeing caught while the Starliner was in orbit, according to NASA's Aerospace Safety Advisory Panel, which had a public meeting today. While the details are fuzzy, the glitch would have caused the Starliner's thrusters to needlessly fire while it descended to Earth, and the capsule would have moved uncontrollably.

Google Pigweed: What is it and what we know about it so far The name "Pigweed" was first spotted by a Redditor on the USPTO website and the filing describes it as something related to "computer operating software". 9to5Google also spotted the new name in the Chromium repository and in a proposed code change for the Fuchsia operating system. In the proposed code change case, the name was subsequently changed from Pigweed to Fuchsia.

New League of Legends Anti-Cheat Will Run at Kernel Level A brand new League of Legends anti-cheat system has been detailed, but it also raises some concerns about potential vulnerabilities and Linux users. A blog post on the League of Legends website goes into a very tech-heavy description of a new anti-cheat system that will be coming to League of Legends and other Riot games.