Recent Security News
-
Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations
January 26, 2024 at 08:15AM CISA warned that Westermo Lynx industrial switches are vulnerable to eight flaws, with potential for remote exploitation and device tampering. Spanish cybersecurity researchers identified the flaws, including cross-site scripting and code injection. Although some vulnerabilities are challenging to exploit, the company is addressing the issues with a patch for CSRF…
-
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
January 26, 2024 at 07:37AM Pwn2Own Automotive’s first edition ended with competitors earning $1,323,750, hacking Tesla twice, and demonstrating 49 zero-day bugs in electric car systems at the Tokyo, Japan contest. Team Synacktiv won $450,000, fuzzware.io $177,500, and Midnight Blue/PHP Hooligans $80,000. The next competition is scheduled for March 20th in Vancouver. Further details can…
-
Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist
January 26, 2024 at 07:31AM The Akira ransomware gang claims responsibility for a cyber incident at a UK bath bomb merchant, stealing 110GB of data. Staff-related and company documents, including passport scans, were accessed, with threats to publish soon. The company, Lush, acknowledged the incident and is cooperating with forensic experts. Akira’s ransom tactics and…
-
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps
January 26, 2024 at 05:48AM Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential…