Security Leftovers

posted by Roy Schestowitz on Aug 21, 2025

• Security Week ☛ New Exploit Poses Threat to SAP NetWeaver Instances

  A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks.

• Unicorn Media ☛ ‘Smart’ Gadgets, Dumb Ideas: Why Consumer IoT Went Off the Rails

  From cat lasers to AI-powered pacifiers, Consumer IoT promises genius but mostly delivers nonsense. Here’s why the so-called “smart” tech trend is spectacularly off the rails.

• Security Week ☛ 1.1 Million Unique Records Identified in Allianz Life Data Leak

  Have I Been Pwned has analyzed the information made public by the hackers who recently targeted Allianz Life.

• Security Week ☛ New Research Links VPN Apps, Highlights Security Deficiencies

  Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications.

• Security Week ☛ Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield

  From hacked satellites to nuclear threats in orbit, the battle for dominance beyond Earth is redefining modern warfare and national security.

• Krebs On Security ☛ SIM-Swapper, Scattered Spider Hacker Gets 10 Years

  A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims.

• Security Week ☛ Hacktivist Sentenced to 20 Months of Prison in UK

  Al-Tahery Al-Mashriky of the Yemen Cyber Army has been accused of hacking into and defacing many websites as part of hacktivist campaigns.

• Tom's Hardware ☛ Security researcher driven by free nuggets unearths McDonald's security flaw — changing 'login' to 'register' in URL prompted site to issue plain text password for a new account

  A security researcher called "BobDaHacker" revealed how they repeatedly gained access to a McDonald's platform that's supposed to be closed off to the public.

• Tom's Hardware ☛ Researcher downloaded the data of all 270,000 defective chip maker Intel employees from an internal business card website — massive data breach dubbed 'Intel Outside' didn't qualify for bug bounty

  Security researcher Eaton was inspired to do some gentle prying of defective chip maker Intel websites, after considering the company's hardware security reputation.

• Windows TCO / Windows Bot Nets

  • Cyble Inc ☛ Europol Targets Qilin Ransomware Group With $50k Reward

    Qilin has been the top ransomware group in recent months, so it’s not surprising that the group has apparently attracted the attention of law enforcement.