Amazon Ring | Breaking Cybersecurity News | The Hacker News

Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018. Application security firm Checkmarx  explained  it identified a cross-site scripting (XSS) flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app. The app can then be used to get hold of the user's Authorization Token, that can be subsequently leveraged to extract the session cookie by sending this information alongside the device's hardware ID, which is also encoded in the token, to the endpoint "ring[.]com/mobile/authorize." Armed with th...

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out. To that effect, the company intends to register all compatible devices that are operational in the U.S. into an ambitious location-tracking system called Sidewalk as it prepares to roll out the shared mesh network in the country. Originally  announced  in September 2019,  Sidewalk  is part of Amazon's efforts to build a long-range wireless network that leverages a combination of Bluetooth and 900 MHz spectrum ( FSK ) to help Echo, Ring, Tile trackers, and other Sidewalk-enabled devices communicate over the internet without Wi-Fi. Sidewalk is designed to extend the working range of low-bandwidth devices, and help devices stay connected even if they are outside the range ...

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also makes it a prime target. Microsoft reports over 600 million attacks on Entra ID every day. These aren't just random attempts, but include coordinated, persistent, and increasingly automated campaigns designed to exploit even small vulnerabilities. Which brings us to the core question: Are Entra ID's native protections enough? Where do they fall short — and what steps should you take to close the gaps and ensure you're covered? Understanding Entra ID At its core, Microsoft Entra ID is your enterprise identity and access management system. It defines how users prove who they are, what resources...