September 29, 2024 at 11:13PM
Cybersecurity expert Sam Curry discovered a vulnerability in Kia vehicles, allowing unauthorized access and the theft of personal details. Another critical vulnerability in Ivanti Traffic Manager was identified, and a UK citizen faces charges for hacking US companies. Additionally, Monaco-based Namebay experienced a ransomware attack, while a cyber attack on a water treatment plant was thwarted in Kansas. Furthermore, TikTok removed Russian government-affiliated media outlets over concerns of misinformation.
From the meeting notes, the following key points can be derived:
1. Vulnerabilities in Kia vehicles:
– Attackers were able to remotely control various functions of the vehicles as well as access personal details of the victims due to a vulnerability in one of Kia’s web portals used by dealerships.
– The vulnerability has since been fixed by Kia, and the exploit no longer works.
2. Ivanti exploit:
– There have been multiple exploits in Ivanti software, with the latest one, CVE-2024-7593, rated 9.8. Users are recommended to ensure they are on safe versions of the software.
3. Hacking charges against UK citizen:
– The US Securities and Exchange Commission filed charges against a UK citizen, Robert Westbrook, for hacking US companies to steal financial secrets.
– Westbrook used various methods to conceal his identity and obtained access by resetting passwords of senior executives’ accounts.
4. Ransomware attack on Namebay:
– Namebay, a domain registrar, fell victim to a ransomware attack, affecting its mail and web hosting services. The attack occurred on September 21, and as of September 27, some services are still not fully restored.
5. Cyber attack on Arkansas City’s water treatment plant:
– The water treatment plant in Arkansas City experienced a cyber attack, but city officials reassured that residents’ drinking water is safe and the city is operating under full control.
– The attack took the plant’s control systems offline but did not compromise any city or customer information.
6. TikTok’s action against Russian media:
– TikTok ejected multiple media outlets linked to the Russian government, citing violations of its Community Guidelines related to covert influence operations.
These are the main takeaways from the meeting notes.