Threatpost

13 July 2020

• Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack
  Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.
• Google Bans Stalkerware Ads – With a Loophole
  Starting in August Google is banning ads of products or services promoting stalkerware.
• Smartwatch Hack Could Trick Dementia Patients into Overdosing
  Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.
• Report: Most Popular Home Routers Have ‘Critical’ Flaws
  Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.
• Microsoft Warns on OAuth Attacks Against Cloud App Users
  Application-based attacks that use the passwordless "log in with..." feature common to cloud services are on the rise.
• Zoom Zero-Day Allows RCE, Patch on the Way
  Researchers said that the issue is only exploitable on Windows 7 and earlier.
• Joker Android Malware Dupes Its Way Back Onto Google Play
  A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.
• BlueLeaks Server Seized By German Police: Report
  The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.
• ‘Undeletable’ Malware Shows Up in Yet Another Android Device
  Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.
• Advertising Plugin for WordPress Threatens Full Site Takeovers
  Thousands of vulnerable websites need to apply the patch to avoid RCE.