PWNED Welcome

All the passwords were stored in Active Directory description fields

PWNED Welcome back to PWNED, the weekly column where we talk about weak security policies and how to avoid them. Hopefully, we can learn from others’ mistakes – or at least have a good laugh at them. Have a story about someone leaving a gaping hole in their network?

Every employee’s password was stored in a single Excel file

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here. Have a story about someone leaving a gaping hole in their network?

Company CEO flooded file share with smut, called for help after he deleted it

Zombie user account let hackers control the city’s water

Hacking your PC using your speaker without ever touching it

In my last post, I talked about reverse engineering my new Creative Sound Blaster Katana V2X's firmware. What initially started as simply wanting to write a Linux tool for communicating with my speaker ended up with me discovering vulnerabilities which allow any attacker within a ~15M range of any Katana V2X to turn it into a covert spying tool and Rubber Ducky - all without ever having to pair with or physically touch the device. CTprotocol background As I explained in my previous post, the...