<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/27/2024

SHARE

Top News

Millions of Kia Cars Were Vulnerable to Remote Hacking

Vulnerabilities in a website dedicated to Kia vehicle owners could have allowed attackers to remotely control millions of cars, security researcher Sam Curry says. The issues, the researcher explains, could have allowed attackers to gain control of key vehicle functions in roughly 30 seconds, using only the car's license plate. Furthermore, the bugs allowed the attackers to harvest the victim's personal information and to create a second user on the vehicle, without the owner's knowledge. READ MORE...

Hacking

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

A small group of transportation and logistics companies in North America has been targeted in cunning business email compromise (BEC) attacks. Since May, an unknown threat actor has weaponized at least 15 email accounts associated with its targeted companies. In a blog published on Sept. 24, Proofpoint researchers could not say how the threat actor first obtained access to these accounts. READ MORE...

Software Updates

Security Upgrades Available for 3 HPE Aruba Networking Bugs

HPE Aruba Networking fixed three critical vulnerabilities found in its systems that could allow unauthenticated attackers remote code execution on compromised devices. The vulnerabilities, tracked as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, lie in the command line interface (CLI) service of Aruba access points (APs) and can be exploited by sending packets to Aruba's AP management protocol UDP port to gain privileged access and execute arbitrary code. READ MORE...

Malware

New RomCom malware variant 'SnipBot' spotted in data theft attacks

A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. Palo Alto Network's Unit 42 researchers discovered the new version of the malware after analyzing a DLL module used in SnipBot attacks. The latest SnipBot campaigns appear to target a variety of victims across various sectors, including IT services, legal, and agriculture, to steal data and pivot on the network. READ MORE...


Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

The war in Ukraine, which started in February 2014 and intensified with Russia's invasion of the country on February 24th, 2022, exemplifies a multifaceted war, rife with disinformation campaigns and cyberwarfare. Throughout these years, ESET Research has revealed several high-profile cyberattacks conducted by Russia-aligned advanced persistent threat (APT) groups targeting Ukrainian entities and Ukrainian speakers, analyzed various operations, and kept track of multiple APT groups. READ MORE...

Exploits/Vulnerabilities

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices

After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed. In short, if you're running the Unix printing system CUPS, with cups-browsed present and enabled, you may be vulnerable to attacks that could lead to your computer being commandeered over the network or internet. The attacks require the victim to start a print job. Do not be afraid. READ MORE...


Patch now: Critical Nvidia bug allows container escape, complete host takeover

A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. The flaw, tracked as CVE-2024-0132, earned a 9.0 out of 10 CVSS severity rating, and affects all versions of Container Toolkit up to and including v1.16.1, and Nvidia GPU Operator up to and including 24.6.1. READ MORE...

On This Date

  • ...in 1822, French academic Jean-Francois Champollion announces that he has successfully deciphered the Rosetta Stone.
  • ...in 1954, the late-night TV program "Tonight with Steve Allen", which would later become "The Tonight Show", debuts on NBC.
  • ...in 1962, biologist Rachel Carson's environmental science book "Silent Spring" is published.
  • ...in 2003, the SMART-1 lunar satellite is launched by the European Space Agency.