Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it...

The post Security Vulnerability in Saflok’s RFID-Based Keycard Locks appeared first on Security Boulevard.

The post Unsafelok Threat Highlights It’s About Both IoT Devices and Applications appeared first on Viakoo, Inc.

The post Unsafelok Threat Highlights It’s About Both IoT Devices and Applications appeared first on Security Boulevard.

Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.”

The post EPA and White House Raise Alarm on Water Cybersecurity appeared first on Security Boulevard.

The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070. These jets, which are wholly unsuited for countering proliferated low-cost enemy drones in the air littoral, present enormous opportunity costs for the service as a whole. In a set of comments posted on LinkedIn...

The post Drones and the US Air Force appeared first on Security Boulevard.

Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities.

The post Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date appeared first on Security Boulevard.

Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti.

The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard.

The post Emerging Trends in Embedded Linux IoT Security appeared first on TuxCare.

The post Emerging Trends in Embedded Linux IoT Security appeared first on Security Boulevard.

Cloudflare wants to help organizations wall off their large-language models (LLMs) from cyberthreats and give enterprises an AI framework to ward off risks, many of which are themselves based on the emerging technology. The cloud connectivity and cybersecurity company this week introduced the Firewall for AI, another layer of protection for LLMs that are foundational..

The post Cloudflare Unveils a Firewall Designed to Keep LLMs Safe appeared first on Security Boulevard.

Phobos, a complex ransomware-as-a-service (RaaS) operation that has been around for five years and is includes multiple variants, continues to target a range of critical infrastructure in the United States, including education, healthcare, and emergency services, according to federal agencies. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued a warning with a list..

The post CISA Warns Phobos Ransomware Groups Attacking Critical Infrastructure appeared first on Security Boulevard.

EKEN IoT FAIL: Amazon, Sears and Shein still sell security swerving stuff.

The post Cheap Video Doorbell Cams: Tools of Stalkers and Thieves appeared first on Security Boulevard.