This week, Verizon has been patching their home routers, another GPS watch got breached, Shodan added an IoT monitoring service, and we take a look at API security best practices, webinars, and recommendations.
Vulnerabilities
Verizon is urgently updating their Verizon Fios Quantum Gateway home routers. Researchers from Tenable found multiple security issues in the device’s API. For example, HTTPS was not enforced, and some API call parameters were not sanitized. This enabled attackers to sniff logins, decrypt password from its hash, perform a command injection attack, and take control of the device.