(Illustration by The Real Deal)
In 2018, the company that manages the Brooklyn condominium where cybersecurity expert Roman Sannikov lives was hacked.
The hacker locked down the property manager’s IT system and demanded the company pay a ransom to get back in. Sannikov, who leads a team of analysts scouring the dark web for intel on cybercrime and hacktivism, wasn’t personally affected by the breach; he pays his maintenance fees the old-fashioned way: by check. But as a member of the condo’s board, he had to notify residents and contend with the aftermath.
Yet Sannikov found that many of his neighbors simply shrugged off the news. “People didn’t pay attention to [it] as much as they should have,” he said.
100 Websites That Shaped The Internet As We Know It
Share
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.
The World Wide Web is officially old enough for us judge what it’s produced. That’s right, it’s time for the world to start building a canon of the most significant websites of all time, and the Gizmodo staff has opinions.
What does a spot on this list mean? It certainly
Have I Been Pwned founder’s keynote offered a sobering counterpoint to the well-meaning ‘World Password Day’
Imagine a parent’s terror when the geolocation of their child’s smart watch suddenly switches from tennis practice to the middle of the ocean.
This was precisely the scenario simulated by Ken Munro of UK infosec firm Pen Test Partners via exploitation of an insecure direct object reference (IDOR) vulnerability in an IoT device, and with help from Troy Hunt, creator of data breach record index Have I Been Pwned, and his daughter.
This was one of many eye-opening tales of shoddy security behind the “endless flow of data” into Have I Been Pwned recounted today (May 6) during Hunt’s keynote address at the all-virtual Black Hat Asia 2021.
Plus: Micro-op CPU caches abused to leak data, and more Share
Copy
In Brief Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear.
WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content – a bad webpage can take over the browser, in other words. Apple is aware of a report that this issue may have been actively exploited, it said in its advisory.
Specifically, there are two bugs: memory corruption flaw CVE-2021-30665, which was found by a trio at 360 ATA, and an integer overflow issue CVE-2021-30663, credited to an anonymous researcher. The same holes are fixed in iOS 14.5.1 and iPadOS 14.5.1, and the memory corruption problem is addressed in watchOS 7.4.1.