Recent Security News
-
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!
January 25, 2024 at 11:38AM Jenkins recently resolved nine security flaws, including a critical bug (CVE-2024-23897) enabling remote code execution. An arbitrary file read vulnerability through the command line interface was identified. Attackers could exploit this to read arbitrary files on the Jenkins controller file system. The flaw was discovered by Yaniv Nizry and fixed…
-
LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks
January 25, 2024 at 11:38AM Cybersecurity researchers uncovered an updated version of the backdoor malware LODEINFO distributed through spear-phishing attacks. Its capabilities include executing shellcode, taking screenshots, and exfiltrating files to an actor-controlled server. The Chinese nation-state actor Stone Panda is behind the backdoor, with attacks targeting Japan since 2021. Notable changes in the latest…
-
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo
January 25, 2024 at 10:50AM During the Pwn2Own Automotive 2024 hacking contest in Tokyo, Synacktiv Team demonstrated 24 unique bugs, earning $382,500. They hacked the Tesla infotainment system and Automotive Grade Linux, collecting a total of $435,000. The competition focuses on automotive technologies and vendors have 90 days to release security fixes after the event.…
-
Hackers Blast Violent Gaza Message at a Popular Israeli Movie Theater
January 25, 2024 at 10:47AM Turkish hacktivists targeted Israeli movie theaters with political messages condemning the war in Gaza. The attack, executed by the group MeshSec, involved projecting anti-Israeli messages onto digital billboards. The ease of the hack prompted swift removal by the affected theater. This incident reflects a growing trend of politically motivated cyberattacks…