LastPass and its affiliate GoTo (formerly LogMeIn) have announced that they suffered a security incident and, in LastPass' case, a possible data breach. "Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service," GoTo CEO Paddy Srinivasan noted, and explained that the third-party cloud storage service in question is shared by GoTo and LastPass, the company behind the popular password manager of the same name. READ MORE...
The hackers leaking stolen Australian health records to the dark web on Thursday appeared to end their extortion attempt by dumping a final batch of data online and declaring:"Case closed." In November the hackers demanded health insurer Medibank pay US$9.7 million to keep the records off the internet -- or one dollar for each of the company's impacted customers, which included Prime Minister Anthony Albanese. READ MORE...
Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from a relatively new entrant. Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm Zerodium. READ MORE...
A new update from Nvidia for its GPU Display Driver includes fixes for a full 29 security vulnerabilities, seven with a base score of more than 7. The company's graphics cards are built to accelerate computing processing to support real-time or data-intensive applications. As such, they're known for their use by gamers, graphic designers, and other creative producers, and for artificial intelligence and machine learning. READ MORE...
Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. Variston IT bills itself as a provider of tailor-made information security solutions, including: technology for Internet of Things integrators, custom security patches for proprietary systems, tools for data discovery, security training, and the development of secure protocols for embedded devices. READ MORE...
Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to "remotely unlock, start, locate, flash, and honk" them. READ MORE...
The Synopsys Cybersecurity Research Center (CyRC) is warning of multiple vulnerabilities found in three applications that allow Android users to use their device as a keyboard and mouse. The three apps, Lazy Mouse, Telepad, and PC Keyboard, are available in Google Play in both free and paid versions and have more than two million downloads combined. The applications work by connecting to a server on a computer and sending keyboard and mouse events to it. READ MORE...
Sirius XM claims on its website that its connected services are used by more than 12 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota cars. Researcher Sam Curry on Wednesday described a recent car hacking project targeting Sirius XM, which he and his team learned about when looking for a telematic solution shared by multiple car brands. READ MORE...