Category: vulnerability

Echelon exposed riders’ account data, thanks to a leaky API

Image Credits: Echelon (stock image) Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information. Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a…

Read More

Peloton’s leaky API let anyone grab rider’s private account data

Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But…

Read More

America’s small businesses face the brunt of China’s Exchange server hacks

As the U.S. reportedly readies for retaliation against Russia for hacking into some of the government’s most sensitive federal networks, the U.S. is facing another old adversary in cyberspace: China. Microsoft last week revealed a new hacking group it calls Hafnium, which operates in, and is backed by, China. Hafnium…

Read More

Chrome 88 update patches a zero-day that is being actively exploited

Google Chrome’s autoupdate feature means we don’t usually need to think about being on the latest version, but occasionally users will want to take a break and make sure they’re upgraded — this is one of those days. The version of Chrome 88 rolling o… Source

Read More

Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers

Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers. The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities…

Read More

Cybersecurity startup SpiderSilk raises $2.25M to help prevent data breaches

Dubai-based cybersecurity startup SpiderSilk has raised $2.25 million in a pre-Series A round, led by venture firms Global Ventures and STV. In the past two years, SpiderSilk has discovered some of the biggest data breaches: Blind, the allegedly anonymous social network that exposed private complaints by Silicon Valley employees; a…

Read More