Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise
Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments
Info-Tech Research Group has announced the return of Info-Tech LIVE for 2024, an event for IT leaders, exhibitors, and media to explore emerging technology trends and innovative insights.
Patches will be available in late January and February, but until then, customers must take mitigation measures.
Cybersecurity Researchers Detail Defenses Against Attackers Abusing Cloud ServicesWhile cybercriminals and advanced persistent threat groups have long abused legitimate internet services both to scale and disguise various types of attacks, a new report warns of a growing challenge posed by the illegitimate use of GitHub and offers essential defenses for users.
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities
Posing as cyber samaritans, scumbags are kicking folks when they're down Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers.…
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [...]
Path Traversal Flaw Allows Malicious Actors to Exploit Kyocera's Device ManagerResearchers found a path traversal vulnerability in Kyocera's Device Manager product, which is used for overseeing large printer fleets in mid- to large-sized enterprises. Attackers could exploit the flaw to obtain NTLM hashes by changing the location of a backup database.
API Requests Comprise 57% of Global Dynamic HTTP Traffic, Cloudflare ReportsAs the use of application programming interfaces to connect software components continues to surge, many organizations lack visibility into precisely how many APIs they're operating, if they're secured or who's meant to have access to them, researchers warn.
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. [...]
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access
Experts' job made 'straightforward' by crooks failing to update encryption schema after three years Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.…
New research from Check Point explores the significance of code manipulation in malware analysis