Month: December 2018

A vulnerability in the Guardzilla All-in-One home video surveillance system could be exploited by users to watch Guardzilla footage of other users.

The GZ501W camera model contains a shared, hard-coded credential for Amazon Web Services Simple Storage Service (S3), which stores video footage. This means that any user of the Guardzilla All-in-One video surveillance system could access other users’ saved home videos.

While waiting for a patch, users should disable the cloud based storage function, or disconnect the device.

Read more about it here.

A new report published by non-profit Amnesty International details how threat actors are able to bypass 2FA (Two-Factor Authentication) that leverages a text (SMS) message as the second authentication factor.

The process is automated and the 2FA can be cracked within seconds.

Typically in a 2FA, when you open an account, you give the service – Google, Twitter, etc. – your mobile phone number. When you later login with your password, the service sends you a text (SMS) message, which you are prompted to enter. This serves as the second form of authentication.

Amnesty International reported widespread phishing of Google and Yahoo! mail accounts in the Middle East and North Africa throughout 2017 and 2018.

The attackers sent to the victims fake alarms, informing them that their account has been compromised, and asking them to urgently change their password. The phishing e-mail included a link that redirected victims to a well-crafted Google or Yahoo! Mail phishing web site. After the users entered their password, they were prompted to enter the code that was sent to them via SMS.

Read more about it here.

Marriott International Inc. announced it suffered a massive data breach, involving the theft of personal information from 500 million hotel guests. The breach lasted 4 years, possibly longer. Stolen information included a combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some of the guests, payment information may have also been breached. The Marriott brand includes hotel chains such as Starwood, Westin, Sheraton, W Hotels and more.

Marriott is still investigating the root cause of the breach.

In the meantime, investigators suspect China is behind the data breach.

Marriott offered to pay for new passports for guests experiencing fraud following the data breach.

Read more about it here.