Unpatched SQLi vulnerability in SmartVista e-commerce suite
Companies using SmartVista, the popular e-commerce/payment management product suite developed by Swiss company BPC Banking Technologies, are urged to put limit access to its …
Rapid7
Double Robotics Telepresence Robot can be hacked
Rapid7 researchers have discovered a number of vulnerabilities in the Double Robotics Telepresence Robot, the company’s iPad-based telepresence device that looks a bit …
Too many Cisco ASA boxes still open to an EXTRABACON attack
Among the Equation Group exploits leaked by the Shadow Brokers, the one named EXTRABACON that targets Cisco ASA devices got the most attention from security researchers and …
How a security researcher is tackling IoT security testing
“A common misconception people in the industry have regarding my work as a security researcher is that I am sharing information that puts businesses at risk. And also, …
Which passwords to avoid for Internet-facing systems?
For the last year or so, Rapid7 has been collecting login credentials via “Heisenberg,” a network of low-interaction honeypots that the company has set up to analyze login …
Security flaws discovered in smart toys and kids’ watches
Rapid7 researchers have unearthed serious flaws in two Internet of Things devices: The Fisher-Price Smart Toy, a “stuffed animal” type of toy that can interact …
Compromised credentials a leading concern for most security pros
90% of organizations are worried about compromised credentials, though 60% say they cannot catch these types of attacks today, according to a new survey by Rapid7. 62% of …
Linux machines can be “owned” by hitting backspace 28 times
Taking over a Linux machine that has been locked with a password can be as easy as pressing the backspace key 28 times, two researchers from the Cyber Security Research Group …
