Microsoft's Digital Crimes Unit, cybersecurity firm Fortra and the Health Information Sharing & Analysis Center announced legal action Thursday to seize domains related to criminal activity involving cracked copies of the security testing application Cobalt Strike, which has become a favorite tool for cybercriminals to carry out attacks around the world. READ MORE...
From 2019 to at least mid-2022, Tesla employees used an internal messaging system to share "sometimes highly invasive videos and images recorded by customers' car cameras," according to a lengthy Reuters report based on interviews with nine former Tesla employees. Although Tesla says its in-car cameras are "designed from the ground up to protect your privacy," today's Reuters report described employees as having easy access to the cameras' output and sharing that freely with other employees: READ MORE...
Cisco this week announced patches for multiple vulnerabilities across its product portfolio, including high-severity issues impacting its Secure Network Analytics and Identity Services Engine (ISE) products. Tracked as CVE-2023-20102, the first bug is described as insufficient sanitization of user-provided data parsed into memory. An authenticated, remote attacker could send crafted HTTP requests to an affected device to achieve arbitrary code execution. READ MORE...
Sophos this week announced security updates that resolve several vulnerabilities in Sophos Web Appliance, including a critical bug leading to code execution. A web security solution, the Sophos Web Appliance allows administrators to set web access policies, define them by users or groups, and enforce them as necessary, from a single interface. The critical issue was identified in the warning page handler of the appliance and it could be exploited without authentication. READ MORE...
The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations. OUC is an online university based in Nicosia, Cyprus, that provides remote learning. It offers 30 higher-level education programs to 4,200 students and participates in various scientific research activities. Last week, the university published an announcement about a cyberattack that had occurred on March 27. READ MORE...
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge. The malware is designed to monitor browser activity, take screenshots, and steal cryptocurrency through scripts injected in web pages. Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities. READ MORE...
More than 2 in 5 IT and security professionals in the U.S. and Western Europe have been told to keep a cyber breach confidential, despite knowing the incidents should be disclosed, according to a report released Wednesday from Bitdefender. The disparity in the U.S. is even more stark - 7 in 10 IT and security professionals said they were given the same instructions. The report is based on a survey of 400 IT and security professionals in the U.S., U.K., Germany, France, Spain and Italy. READ MORE...
Helping to reduce costs and enhance productivity are both things that your employer will look kindly upon. But what if you use an external tool for those tasks and the tasks involve confidential data that ended up on a server outside of the control of your company? That's a problem. As a news writer at Tom's Hardware reported there were 3 incidents in 20 days where Samsung staff shared confidential information with ChatGPT. READ MORE...
A vulnerability in the Tesla Retail Tool (TRT) application allowed a researcher to take over the accounts of former employees. Designed with support for both employee and vendor logins, TRT stores various types of enterprise information, including financial information, details on Tesla locations, contact information, building plans, network circuit details, and details on local, ISP, and utility account logins. READ MORE...