Unsaflok: vulnerable locks on three million hotel room doors
dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.
92 articles
dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.
Vehicle makers sell the data collected by connected cars about their users’ driving habits to data brokers – who resell it to insurance companies.
Researchers have learned to recognize the positions and poses of people indoors using Wi-Fi signals. To do this, they used ordinary home routers and machine learning.
A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.
Every time a browser interacts with an advertising tracker, a program called Googerteller emits a short sound.
Dropbox has shared a report on a data breach in the Dropbox Sign e-signature service. What does this mean for users, and what should they do?
By hijacking domains with CNAME records and exploiting forgotten SPF records, attackers seize domains and use them for their own purposes.
How hackers exploit chatbot features to restore encrypted chats from OpenAI ChatGPT, Microsoft Copilot, and most other AI chatbots.
Commercial spyware — what it is, how it infiltrates devices, what it can do once inside, and how to defend against it.
SIM swap fraud is back in vogue. We explain what it is, the danger it poses to organizations, and how to guard against such attacks.
What’s the easiest way to hack a WPA2-protected wireless network? Using PMKID interception. Here’s how it works, and what you can do to protect yourself.
We explain what a pig butchering scam is: how it works, why it’s dangerous, and how to protect yourself from it.
VoltSchemer attacks on wireless Qi chargers using modified power sources can “fry” smartphones and other devices, as well as issue commands to voice assistants.
The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.
Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.
Facebook now collects your link history and uses it to show targeted ads. Here’s how to disable this “handy” feature.
Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.
Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.
What’s the principle of least privilege, why’s it needed, and how does it help secure corporate information assets?
Attackers are hijacking hotel accounts on Booking.com, and stealing their clients’ banking data through its internal messaging system.