IT alert:

Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.

Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points (APs) used by mid-size enterprises in their offices or small warehouses.

It also issued a slew of additional patches addressing other flaws in its products.

The most severe of the AP bugs is a critical glitch that could allow unauthenticated, remote attackers to gain unauthorized access to targeted devices – giving them elevated privileges such as the ability to view sensitive data and tamper with the device configuration. The flaw exists in Cisco’s software that powers the Aironet networking APs, which allow other Wi-Fi devices to connect to a wired network.

[Read more]

Man Who Targeted Celebrities Sentenced;
Simple Precautions Can Keep Your Information Safe

Kwamaine Ford traveled in famous circles. He worked for a celebrity and had social media accounts that showed him living a glamorous life, surrounded by well-known people.

But Ford, now 28, funded his lifestyle with an illegal hobby—using his knowledge of celebrities to phish their personal accounts and charge the associated credit cards.

Between 2015 and 2018, Ford, posing as an Apple customer service employee, emailed various celebrities to ask them to change or share their passwords.

More than 100 victims, including athletes and musicians, unwittingly gave Ford their passwords. Since the passwords were for their iCloud accounts, he had access to anything stored in the cloud, including email and photos.

Apple notified the FBI, who began investigating.

Popular key-copying kiosks pose a new security threat

(CBS News) — A convenient key-copying kiosk is posing new threats to buildings that use electronic access cards, according to security experts.

KeyMe, founded in 2012, has self-service kiosks located in retailers across the U.S. — including 7-Eleven, Bed Bath & Beyond, Safeway, Sears, Rite Aid and more. The company rolled out its machines as a cheap and easy way to copy brass keys.

Now, the company is expanding its machines capable of duplicating electronic keys — like RFID cards and fobs to offices, residential buildings and vehicles. It can also code the RFID key into a sticker. It cost a CBS News journalist just $25 to copy an apartment building key fob.

Security consultant Jim Elder says the KeyMe kiosks have made it too easy to copy electronic keys like “proximity cards” to buildings, posing potential security concerns.

[Read more]

Hackathon helps track down missing persons.

350+ hackers hunt down missing people in first such hackathon

More than 350 ethical hackers got together in cities across Australia on Friday for a hackathon in which they worked to “cyber trace a missing face”, in the first-ever standalone capture-the-flag (CtF) event devoted to finding missing persons.

Similar CtFs have been held before, alongside conferences such as DEF CON and B-Sides, but this was the first such event focused entirely around a missing persons hackathon.

Organizers called the results “astounding,” ABC News reports.

During the six hours the competing teams hammered away at the task of searching for clues that could potentially solve 12 of the country’s most frustrating cold cases. 100 leads were generated every 10 minutes.

The National Missing Persons Hackathon was run by the AustCyber Canberra Innovation Node, which partnered with the Australian Federal Police, the National Missing Persons Coordination Centre and Trace Labs: a nonprofit with a mission of crowdsourcing open-source intelligence (OSINT) and training people on OSINT tradecraft.

[Read more]