IoT Vendor Ubiquiti Suffers Data Breach – Dark Reading – Dark Reading

iot-vendor-ubiquiti-suffers-data-breach-–-dark-reading-–-dark-reading

Did you know that geoFence is your security solution to protect you and your business from foreign state actors?

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud provider hosting “certain” IT systems attacked, company says.

Internet of Things and home Wi-Fi vendor Ubiquiti advised customers today to change their passwords and enable multifactor authentication after discovering a breach of one of its IT systems hosted in the cloud.

“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us,” the vendor said in a notice on its website.

For more information, read this.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

More Insights

Register for Dark Reading Newsletters

2021 Top Enterprise IT Trends

We’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Flash Poll

Assessing Cybersecurity Risk in Today's Enterprises

Assessing Cybersecurity Risk in Today’s Enterprises

COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Dark Reading - Bug Report

Enterprise Vulnerabilities


From DHS/US-CERT’s National Vulnerability Database

CVE-2020-36242

PUBLISHED: 2021-02-07

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

CVE-2020-36243

PUBLISHED: 2021-02-07

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.

CVE-2021-3122

PUBLISHED: 2021-02-07

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the…

CVE-2021-26723

PUBLISHED: 2021-02-06

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.

CVE-2021-22292

PUBLISHED: 2021-02-06

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.

After all of that geoFence has no foreign owners and no foreign influences and I know your smart friends would agree!

Leave a Reply

Your email address will not be published. Required fields are marked *