Source: www.securityweek.com – Author: Eduard Kovacs $1.7 billion were stolen last year as a result of 231 cryptocurrency platform hacks, according to a report from Chainalysis. ...
Author:
Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks....
HPE Says Russian Government Hackers Had Access to Emails for 6 Months – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months....
Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems. The...
Cybersecurity Market Forecasts: AI, API, Adaptive Security, Insurance Expected to Soar – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Cybersecurity market projections for the next years focusing on AI, ICS, email, API, insurance, application and adaptive security.x The post...
Major US, UK Water Companies Hit by Ransomware – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Two major water companies, Veolia in the US and Southern Water in the UK, have been targeted in ransomware attacks...
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. The post Hackers...
New NTLM Hash Leak Attacks Target Outlook, Windows Programs – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two...
In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Noteworthy stories that might have slipped under the radar: WhatsApp privacy issue remains unpatched, spying via tablet ambient light sensors,...
US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs US charges Russian cybercriminals, including man allegedly involved in hacking of Neiman Marcus and Michaels Stores in 2013. The post...
Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited...
VMware vCenter Server Vulnerability Exploited in Wild – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. The...
Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched....
Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Russian threat group ColdRiver has developed Spica, a malware that enables it to compromise systems and steal information. The post...
Ransomware Group Targets Foxconn Subsidiary Foxsemicon – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Foxsemicon’s website defaced with a message from the LockBit ransomware group, which claims to have stolen 5 Tb of data....
AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Researchers show how a new attack named LeftoverLocals, which impacts GPUs from AMD, Apple and Qualcomm, can be used to...
Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549. The...
VMware Urges Customers to Patch Critical Aria Automation Vulnerability – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows....
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and...
Cloud Server Abuse Leads to Huge Spike in Botnet Scanning – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Netscout sees over one million IPs conducting reconnaissance scanning on the web due to increase in use of cheap or...
Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Juniper Networks patches over 100 vulnerabilities, including a critical flaw that can be exploited for remote code execution against firewalls...
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. The post...
Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Intel, AMD, Zoom and Splunk released security advisories on Patch Tuesday to inform customers about vulnerabilities found in their products....
Mandiant Details How Its X Account Was Hacked – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that...
Anecdotes Raises $25 Million for Enterprise GRC Platform – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Anecdotes has raised $25 million in Series B funding, which brings the total investment to $55 million, for its compliance...
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs An engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop....
Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024 – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Industrial giants Siemens and Schneider Electric publish a total of 7 new security advisories addressing 22 vulnerabilities. The post Siemens,...
Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand...
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs NIST has published guidance on adversarial machine learning (AML) attacks and mitigations, warning that there is no silver bullet. The...
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs A total of more than 28,000 CVE IDs were assigned in 2023 and 84 new CVE Numbering Authorities (CNAs) were...