Everything old is exploitable again? DarkReading reports: Abandoned cloud storage buckets present a major, but largely overlooked, threat to Internet security, new research has shown. The risks arise when bad actors discover and re-register these neglected digital repositories under their original name, and then use them to deliver malware or carry out other malicious actions […]
Mobile phone owners are strongly advised to install the latest security update ASAP The Irish Sun reports: ANDROID users have been told to update their phones immediately to fix two bugs that allowed hackers to hijack devices. One bug, which meant hackers could install malware or steal files from devices without even needing a password, […]
The Record reports: Federal agencies are warning hospitals of a backdoor discovered in a popular line of patient monitors sold by Chinese company Contec. The Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) released warnings on Thursday about an embedded function they found in the firmware of the Contec CMS8000 — […]
Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity. Cybersecurity Dive reports: SonicWall issued an alert Friday that a critical remote code execution vulnerability in its SMA appliances is under active exploitation by malicious hackers and urged customers to immediately update any vulnerable firmware. Researchers from Microsoft Threat Intelligence had warned SonicWall about the […]
Another day, another vulnerability. CSO Online reports that a researcher discovered an OpenAI development oversight that could allow attackers to launch DDoS attacks on unsuspecting victims: OpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher […]
Security researchers gained complete control of Subaru vehicles worldwide using only basic customer information like license plates or ZIP codes Motor Illustrated reports: Security researchers discovered a critical vulnerability in Subaru‘s STARLINK connected vehicle service that allowed unauthorized access to vehicles and customer data across the United States, Canada, and Japan, according to a blog post published by […]
Another day, another critical patch. The Register reports: Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices. Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform. […]
Details from more than 15,000 devices exposed If you use Fortinet, Computing.co.uk has information that you need to know: Hackers calling themselves Belsen Group have leaked details of users of Fortinet firewalls on the dark web. Researcher Kevin Beaumont, who has reviewed the data dump, says he believes it to be genuine, since devices in […]
As if there weren’t enough concerns with misconfigured Amazon AWS s3 buckets exposing data, now we read this: Security researchers at Rhino Security Labs have uncovered a concerning vulnerability in Amazon Web Services (AWS) S3 storage systems that could allow attackers to execute ransomware attacks against cloud-stored data. The research demonstrates how attackers can encrypt S3 bucket […]
There are breaches and then there are really really embarrassing breaches. Jalopnik reports: Things aren’t going so great at Volkswagen right now, and while the latest scandal likely won’t rise to the level of the diesel emissions scandal, a security lapse by VW’s in-house software developer Cariad did expose the locations of about 800,000 electric vehicles to […]
