Happy Thanksgiving! Here’s a look at some of the top product cybersecurity stories from the past week to take you through that turkey coma.
Insecure Kids Smartwatch Exposes Location of Children (AVtest)
A cheap smartwatch for kids includes a glaring security flaw - anyone can easily access its back end without any authorization needed. Once inside, they can get their hands on all types of data - including the child’s geographical location at that very instant.
Russia’s ‘Sandworm’ Hackers Also Targeted Android Phones (Wired)
Google researchers report that the state-sponsored hackers tried to infect Android apps with malware and upload them to the Google Play Store.
Critical Flaws in VNC Put Industry 4.0 Machines at Risk (threatpost)
Researchers find that the open source VNC project used in industrial environments includes 37 different memory-corruption vulnerabilities, including several that are severe and could be used to carry out remote code execution attacks.
Facebook Messenger and Mobility Apps Among Many Found Vulnerable to Remote Code Execution Bugs (ZDNet)
Cybersecurity researchers find that patches issued years ago for popular apps have still not been set up for automatic installation on Google Play, potentially leaving users exposed.
New Report Outlines the Importance of Security by Design in Smart Cars (Report)
New report published this week by Enisa states that manufacturers should consider including a security role within the product engineering team and that security be part of planning from the very beginning of the concept phase, among other recommendations.