Vulnerabilities - The Data Breach Times

January 25, 2025

997 views 24 secs 0

Simple STARLINK Bug Let Hackers Control Every Connected Subaru

Security researchers gained complete control of Subaru vehicles worldwide using only basic customer information like license plates or ZIP codes Motor Illustrated reports: Security researchers discovered a critical vulnerability in Subaru‘s STARLINK connected vehicle service that allowed unauthorized access to vehicles and customer data across the United States, Canada, and Japan, according to a blog post published by […]

Vulnerabilities, Vendor News

January 24, 2025

431 views 4 secs 0

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

Another day, another critical patch. The Register reports: Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices. Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform. […]

Vulnerabilities, Data Breach News

January 16, 2025

1177 views 17 secs 0

Hacking group leaks Fortinet users’ details on dark web

Details from more than 15,000 devices exposed If you use Fortinet, Computing.co.uk has information that you need to know: Hackers calling themselves Belsen Group have leaked details of users of Fortinet firewalls on the dark web. Researcher Kevin Beaumont, who has reviewed the data dump, says he believes it to be genuine, since devices in […]

Vulnerabilities, News

January 13, 2025

444 views 52 secs 0

Researcher Uncovers AWS S3 Ransomware Vulnerabilities

As if there weren’t enough concerns with misconfigured Amazon AWS s3 buckets exposing data, now we read this: Security researchers at Rhino Security Labs have uncovered a concerning vulnerability in Amazon Web Services (AWS) S3 storage systems that could allow attackers to execute ransomware attacks against cloud-stored data. The research demonstrates how attackers can encrypt S3 bucket […]

News, Vulnerabilities

December 30, 2024

1042 views 12 secs 0

Brothel Visits Exposed In Volkswagen Location Data Leak

There are breaches and then there are really really embarrassing breaches. Jalopnik reports: Things aren’t going so great at Volkswagen right now, and while the latest scandal likely won’t rise to the level of the diesel emissions scandal, a security lapse by VW’s in-house software developer Cariad did expose the locations of about 800,000 electric vehicles to […]

Data Breach News, News, Vulnerabilities

December 15, 2024

1099 views 15 secs 0

Clop ransomware claims responsibility for Cleo data theft attacks

There is an update to the reports of a Cleo file transfer vulnerability being exploited by hackers. Bleeping Computer reports that the same actors who were responsible for the massive MoveIT breach have also claimed responsibility for the Cleo breach: The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo […]

Data Breach News, News, Vulnerabilities

December 10, 2024

1107 views 14 secs 0

Multiple Cleo file transfer products being exploited by hackers; patch isn’t sufficient

Here we go again: threat actors are taking advantage of vulnerabilities in file transfer products. This time it is Cleo file transfer products. The Record reports: Cybersecurity researchers are warning that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer. The vulnerability — CVE-2024-50623 — was […]

Data Breach News, News, Vulnerabilities

December 10, 2024

1072 views 26 secs 0

US sanctions Chinese firm for hacking firewalls in ransomware attacks; $10 million reward for information

The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports: According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a […]

Vulnerabilities

November 26, 2024

1035 views 56 secs 0

Russian Hackers Target Mozilla, Windows in New Exploit Chain

Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. GovInfoSecurity reports: Researchers identified two critical vulnerabilities in Mozilla Foundation products. One, tracked as CVE-2024-9680 is a use-after-free flaw allowing code execution in the Firefox and the Thunderbird email client. It […]

New Threats, News, Vulnerabilities

November 19, 2024

1323 views 27 secs 0

One Million Websites Vulnerable To Dangerous Sitting Duck Cyber Attacks

As Forbes reports, hijacking internet domains is nothing new, but a new Infoblox report reveals how the threat has evolved into an ongoing attack methodology. Forbes explains: The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability […]