Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands
Microsoft's Digital Crimes Unit, cybersecurity firm Fortra and the Health Information Sharing & Analysis Center announced legal action Thursday to seize domains related to criminal activity involving cracked copies of the security testing application Cobalt Strike, which has become a favorite tool for cybercriminals to carry out attacks around the world. READ MORE...
Tesla workers shared images from car cameras, including "scenes of intimacy"
From 2019 to at least mid-2022, Tesla employees used an internal messaging system to share "sometimes highly invasive videos and images recorded by customers' car cameras," according to a lengthy Reuters report based on interviews with nine former Tesla employees. Although Tesla says its in-car cameras are "designed from the ground up to protect your privacy," today's Reuters report described employees as having easy access to the cameras' output and sharing that freely with other employees: READ MORE...
Cisco Patches Code and Command Execution Vulnerabilities in Several Products
Cisco this week announced patches for multiple vulnerabilities across its product portfolio, including high-severity issues impacting its Secure Network Analytics and Identity Services Engine (ISE) products. Tracked as CVE-2023-20102, the first bug is described as insufficient sanitization of user-provided data parsed into memory. An authenticated, remote attacker could send crafted HTTP requests to an affected device to achieve arbitrary code execution. READ MORE...
Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance
Sophos this week announced security updates that resolve several vulnerabilities in Sophos Web Appliance, including a critical bug leading to code execution. A web security solution, the Sophos Web Appliance allows administrators to set web access policies, define them by users or groups, and enforce them as necessary, from a single interface. The critical issue was identified in the warning page handler of the appliance and it could be exploited without authentication. READ MORE...
Medusa ransomware claims attack on Open University of Cyprus
The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations. OUC is an online university based in Nicosia, Cyprus, that provides remote learning. It offers 30 higher-level education programs to 4,200 students and participates in various scientific research activities. Last week, the university published an announcement about a cyberattack that had occurred on March 27. READ MORE...
Hackers use Rilide browser extension to bypass 2FA, steal crypto
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge. The malware is designed to monitor browser activity, take screenshots, and steal cryptocurrency through scripts injected in web pages. Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities. READ MORE...
IT security leaders still told to keep data breaches quiet, study finds
More than 2 in 5 IT and security professionals in the U.S. and Western Europe have been told to keep a cyber breach confidential, despite knowing the incidents should be disclosed, according to a report released Wednesday from Bitdefender. The disparity in the U.S. is even more stark - 7 in 10 IT and security professionals said they were given the same instructions. The report is based on a survey of 400 IT and security professionals in the U.S., U.K., Germany, France, Spain and Italy. READ MORE...
Stop! Are you putting sensitive company data into ChatGPT?
Helping to reduce costs and enhance productivity are both things that your employer will look kindly upon. But what if you use an external tool for those tasks and the tasks involve confidential data that ended up on a server outside of the control of your company? That's a problem. As a news writer at Tom's Hardware reported there were 3 incidents in 20 days where Samsung staff shared confidential information with ChatGPT. READ MORE...
Tesla Retail Tool Vulnerability Led to Account Takeover
A vulnerability in the Tesla Retail Tool (TRT) application allowed a researcher to take over the accounts of former employees. Designed with support for both employee and vendor logins, TRT stores various types of enterprise information, including financial information, details on Tesla locations, contact information, building plans, network circuit details, and details on local, ISP, and utility account logins. READ MORE...
- ...in 1954, international action film star Jackie Chan ("Rumble in the Bronx", "Rush Hour") is born in Hong Kong.
- ...in 1964, IBM announces the System/360, the first mainframe computer system designed to cover the full range of scientific and commercial applications.
- ...in 1983, astronauts Story Musgrave and Don Peterson make the first Space Shuttle spacewalk on Challenger's maiden voyage.
- ...in 2001, the Mars Odyssey orbiter is launched. It will go on to become the longest-serving spacecraft at Mars, with a mission duration of 19 years and counting.
