A Motherboard report found Ring lacking basic security measures for preventing hackers from hijacking the devices. Serious security holes in the Ring smart doorbell have been uncovered, according to a new investigation. For instance, Ring owners aren’t notified of suspicious login alerts when devices are accessed on various IP addresses — and there are seemingly no limitations for incorrect login attempts.
An attacker could exploit CVE-2019-1491 to obtain sensitive information that could be used to mount further attacks. Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. According to a Microsoft Security Advisory, an attacker could exploit the bug (CVE-2019-1491) to obtain sensitive information and then use that information to mount further attacks.
The data breach disclosure was met with ire from customers whose lab test results, health card numbers and more were accessed. LifeLabs, a Canadian laboratory testing company, said it has paid hackers after they accessed the data of 15 million customers – including highly-sensitive lab test results.
Remote attackers can easily compromise the device and pivot to move laterally through the LAN or WAN. A firmware vulnerability in TP-Link Archer C5 v4 routers (used in enterprise and home environments) could allow unauthorized, remote access to the device with administrative privileges.