Ford says cars with WiFi vulnerability still safe to drive
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles,...
News
Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk
Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU)...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially...
New Python URL Parsing Flaw Could Enable Command Execution Attacks
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain...
New Python URL Parsing Flaw Enables Command Injection Attacks
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain...
Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested
European and U.S. law enforcement agencies have announced the dismantling of a bulletproof hosting service provider called Lolek Hosted, which...
Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to...
The Week in Ransomware – August 11th 2023 – Targeting Healthcare
While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care....
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS...
Amazon AWS distances itself from Moq amid data collection controversy
Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet...
LOLEKHosted admin arrested for aiding Netwalker ransomware gang
Update 8/11/23: Updated with information from DOJ about alleged Netwalker Ransomware involvement. Police have taken down the Lolek bulletproof hosting provider,...
US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud...
Researchers Suggest Ways to Tackle Thermal Attacks
Researchers at Glasgow University have identified 15 ways users and manufacturers could reduce the risk of thermal attacks to boost...
UK Government Slammed For Encryption Mistruths
The technology secretary has drawn the ire of encryption experts by repeating false claims and half-truths about the Online Safety...
#BHUSA: Security Risks to Boom in the Era of Widespread Generative AI Adoption
The security and privacy concerns around the use of generative AI today could be just the tip of a forming...
CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign
Security researchers have discovered a third novel backdoor that was used in attacks on users of Barracuda ESG appliances recently.The...
Multiple Flaws Found in the Avada WordPress Theme and Plugin
Multiple vulnerabilities have been identified in the widely used Avada theme and its accompanying Avada Builder plugin. These security flaws, uncovered...
DHS to Review Microsoft’s Security in Chinese Email Hack
The US Department of Homeland Security (DHS) has announced it will investigate Microsoft’s security practices in relation to the recent...
DroxiDat-Cobalt Strike Duo Targets Power Generator Network
A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting...
Lapsus$ Hacker Group Exposed in Latest CSRB Report
The US Cyber Safety Review Board (CSRB) has issued a comprehensive report shedding light on the operations of the notorious...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks...
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome...
