Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network.

Trivially exploitable vulnerabilities in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service have been discovered.

Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks.

A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems.

ExaGrid has removed a private SSH key and weak, hardcoded credentials shipping with all of its disk-based storage appliances. Updated firmware has been available since March 24 and storage and security managers are urged to update devices to version 4.8 P26. Researcher James Lee of Rapid7 privately disclosed the issue to the storage vendor on...