GPS Tracker | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in  MiCODUS MV720  Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of the global positioning system tracker," CISA  said . "These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed." Available on sale for $20 and manufactured by the China-based MiCODUS, the company's tracking devices are employed by major organizations in 169 countries spanning aerospace, energy, engineering, government, manufacturing, nuclear power plant, and shipping sectors. The top countries with the most users include Chile, Australia, Mexico, Ukraine, Russi

What if the tech intended to ensure that your kids, senior citizens, and pets are safe even when they're out of sight inadvertently expose them to stalkers? An estimated 600,000 GPS tracking devices for sale on Amazon and other large online merchants for $25–$50 have been found vulnerable to a handful of dangerous vulnerabilities that may have exposed user's real-time locations, security researchers have claimed. Cybersecurity researchers from Avast discovered that 29 models of GPS trackers made by Chinese technology company Shenzhen i365 for keeping tabs on young children, elderly relatives, and pets contain a number of security vulnerabilities. Moreover, all over half a million tracking devices were shipped with the same default password of "123456," leaving an opportunity for attackers to easily access tracking information for those who never changed the default password. Vulnerabilities in GPS Tracking Devices The reported GPS tracking device vulnerabili

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services. The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as ' Trackmageddon ' in a report , detailing the key security issues they have encountered in many GPS tracking services. Trackmageddon affects several GPS services that harvest geolocation data of users from a range of smart GPS-enabled devices, including children trackers, car trackers, pet trackers among others, in an effort to enable their owners to keep track of where they are. According to the researchers, the vulnerabilities include easy-to-guess passwords (such as 123456), exposed folders, insecure API endpoints, and insecure direct object reference (IDOR) issues. By exploiting these flaws, an unaut

Do you own an Android smartphone? If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google. Google has been caught collecting location data on every Android device owner since the beginning of this year (that's for the past 11 months)—even when location services are entirely disabled, according to an investigation conducted by Quartz. This location-sharing practice doesn't want your Android smartphone to use any app, or turn on location services, or even have a SIM card inserted. All it wants is to have your Android device to be connected to the Internet. The investigation revealed that Android smartphones have been collecting the addresses of nearby cellular towers, and this data could be used for " Cell Tower Triangulation "—a technique widely used to identify the location of a phone/device using data from three or more nearby cell towers. Each time your Android device come

Do you need a FitBit Tracker while jogging or running or even sleeping? Bad News! FitBit can be hacked that could allow hackers to infect any PC connected to it. What's more surprising? Hacking FitBit doesn't take more than just 10 Seconds . Axelle Aprville , a researcher at the security company Fortinet, demonstrated "How to hack a Fitbit in only 10 seconds," at the Hack.Lu conference in Luxembourg. Aprville's test was a proof of concept (POC) that did not actually focus on executing malicious payload, rather a logical attack. By using only Bluetooth, Aprville was able to modify data on steps and distance. However, she said it is possible to infect the device in an attempt to spread malware to synced devices. Fitbit Flex tracker is a flexible wristband that measures health statistics, such as blood pressure and heart rate. The Flex is a product of Fitbit, and its salient features are: It can wake you up with a silent vibrati

Using Popular Online Dating app - Tinder on iPhone ?? Then you are at significant risk that exposed members' private information without their knowledge. Online Dating app Tinder, available for the iPhone from the app store , has become incredibly popular in the past few months. Tinder app allows you to find dates nearby your location within a few miles and connects you with them, but a vulnerability allowed the attacker to potentially pinpoint your exact location to within 100 feet. Security Researchers at Include Security discovered that Tinder GPS vulnerability making members vulnerable to hackers. The Security flaw was discovered by the company last October, that enabled any member with some programming skills to access the app's API (Application Programming Interface) to get the exact latitude and longitude for another member. " Due to Tinder's architecture, it is not possible for one Tinder user to know if another took advantage of this vu