<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/1/2022

SHARE

Breaches

LastPass, GoTo announce security incident

LastPass and its affiliate GoTo (formerly LogMeIn) have announced that they suffered a security incident and, in LastPass' case, a possible data breach. "Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service," GoTo CEO Paddy Srinivasan noted, and explained that the third-party cloud storage service in question is shared by GoTo and LastPass, the company behind the popular password manager of the same name. READ MORE...


Hackers Dump Australian Health Data Online, Declare 'Case Closed'

The hackers leaking stolen Australian health records to the dark web on Thursday appeared to end their extortion attempt by dumping a final batch of data online and declaring:"Case closed." In November the hackers demanded health insurer Medibank pay US$9.7 million to keep the records off the internet -- or one dollar for each of the company's impacted customers, which included Prime Minister Anthony Albanese. READ MORE...

Hacking

New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from a relatively new entrant. Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm Zerodium. READ MORE...

Software Updates

Nvidia GPU Driver Bugs Threaten Device Takeover & More

A new update from Nvidia for its GPU Display Driver includes fixes for a full 29 security vulnerabilities, seven with a base score of more than 7. The company's graphics cards are built to accelerate computing processing to support real-time or data-intensive applications. As such, they're known for their use by gamers, graphic designers, and other creative producers, and for artificial intelligence and machine learning. READ MORE...

Exploits/Vulnerabilities

Chrome, Defender, and Firefox 0-days linked to commercial IT firm in Spain

Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. Variston IT bills itself as a provider of tailor-made information security solutions, including: technology for Internet of Things integrators, custom security patches for proprietary systems, tools for data discovery, security training, and the development of secure protocols for embedded devices. READ MORE...


Hyundai app bugs allowed hackers to remotely unlock, start cars

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to "remotely unlock, start, locate, flash, and honk" them. READ MORE...


Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data

The Synopsys Cybersecurity Research Center (CyRC) is warning of multiple vulnerabilities found in three applications that allow Android users to use their device as a keyboard and mouse. The three apps, Lazy Mouse, Telepad, and PC Keyboard, are available in Google Play in both free and paid versions and have more than two million downloads combined. The applications work by connecting to a server on a computer and sending keyboard and mouse events to it. READ MORE...


SeveralCar Brands Exposed to Hacking by Flaw in Sirius XM Connected Vehicle Service

Sirius XM claims on its website that its connected services are used by more than 12 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota cars. Researcher Sam Curry on Wednesday described a recent car hacking project targeting Sirius XM, which he and his team learned about when looking for a telematic solution shared by multiple car brands. READ MORE...

On This Date

  • ...in 1913, Henry Ford establishes the first assembly line for automobile production, which he modeled after the production line at Kahn's Meat Packing in Cincinnati.
  • ...in 1940, comedian/actor/writer Richard Pryor ("Silver Streak", "Jo Jo Dancer, Your Life is Calling") is born in Peoria, IL.
  • ...in 1945, actress/singer/comedian Bette Midler ("The Rose", "Hocus Pocus") is born in Honolulu, HI
  • ...in 1955, activist Rosa Parks is jailed for protesting Montgomery, AL's racial segregation laws, by refusing to give up her bus seat for a white passenger.