Reading Time: ~ 2 min.

Children’s Tablets Leave Users Vulnerable

At least one LeapPad
tablet designed specifically for children has been found to harbor critical
vulnerabilities in the app Pet Chat that could allow unauthorized access to
online traffic. The vulnerabilities could be used locate the tablet’s owner by
creating a temporary WiFi network to help the user connect with other devices
in the area. In addition to the remote access, local attackers would be able to
send messages to children through non-HTTPS communications.

UK Universities Lacking Security

A recent study found that nearly 65% of the UK’s top
universities
are currently operating with sub-standard cybersecurity,
especially during the time that students would be sitting for final exams.
Among the remaining 35% of universities that did have some domain
authentication, only 5% of those were using settings that would fully block
phishing emails. If UK university students are requesting any login changes,
they should be cautious when opening anything they receive, as the message may
be compromised.

Intel CPU Patch Issued by Microsoft

Microsoft just released a patch for an Intel
CPU vulnerability
that was brought to light in 2012. The flaw could have
been used to breach memory data from the device. The researchers who discovered
it found they could easily leak sensitive kernel memory data into the normal
user operations, even though a system normally doesn’t allow this. Additionally,
this vulnerability would allow for speculative execution, which is when the
system begins executing certain operations pre-emptively, and simply deleting
those that don’t occur.

AT&T Employees Bribed to Unlock Phones

Employees of AT&T
were found to be illicitly installing hardware onto corporate systems that
would allow an attacker to unlock phones that were prevented from being used on
other mobile providers. Even though some of the conspirators were eventually
fired, many continued to work from within and from outside the company to
further compromise nearly 2 million individual devices until the scam, which
had been ongoing for more than five years, was discovered.

Mobile Bank Customers’ PINs Exposed

Customers of Monzo,
a mobile-only bank in the UK, are being warned to change their PINs after many
customers’ were leaked into internal log files. Fortunately, the data wasn’t
made available outside of the company and the problem of PINs being stored in
an alternate location has been resolved. Even after the company fixed the data
leak, though, many customers were still suspicious when receiving an email
informing them of the PIN reset issue.

The post Cyber News Rundown: Children’s Tablets Show Vulnerabilities appeared first on Webroot Blog.