September 26, 2024 at 03:55PM Security researchers found critical flaws in Kia’s dealer portal, allowing hackers to locate and steal millions of Kia cars made after 2013 by using the vehicle’s license plate. Based on the meeting notes, the key takeaway is that security researchers have identified critical vulnerabilities in Kia’s dealer portal that could … Read more
September 23, 2024 at 08:06AM The text discusses the impact of password expiry policies, exploring the reasons behind them and the potential drawbacks. It highlights concerns about weak password reuse, IT burden, and compromised password risks. It also suggests implementing a comprehensive password strategy, advocating for longer and stronger passwords alongside measures to detect compromised … Read more
September 18, 2024 at 08:24AM CISA and the FBI issued a Secure by Design alert highlighting the prevalence of cross-site scripting (XSS) vulnerabilities. They urge organizations to eliminate XSS flaws by validating and sanitizing user input, implementing additional security measures, conducting code reviews, and using modern web frameworks. The agencies also recommend implementing secure by … Read more
September 17, 2024 at 12:55PM Ransomware group Rhysida claims to have stolen over 3 TB of data from Port of Seattle, including personal information, and is auctioning it for 100 Bitcoin. The Port confirmed the ransomware attack and its refusal to pay the ransom. While services are being restored, the timeline for full recovery remains … Read more
September 16, 2024 at 08:21AM The text discusses the growing threat of identity-based cyber attacks and the need for organizations to adapt their incident response plans accordingly. It highlights the importance of an identity-focused playbook in detecting, containing, and recovering from identity breaches. The accompanying webinar promises to provide strategies for IT security professionals, incident … Read more
September 13, 2024 at 06:56PM The Port of Seattle, a US government agency, confirmed that the Rhysida ransomware operation was responsible for a recent cyberattack on its systems. This attack has affected the port and airport for the past three weeks. Based on the meeting notes, it seems that the Port of Seattle has confirmed … Read more
September 13, 2024 at 05:03AM GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions … Read more
September 12, 2024 at 12:04PM Google has empowered Chrome’s Safety Check to take security decisions on the user’s behalf. This feature now automatically runs in the background, revoking unneeded permissions, canceling deceptive notifications, and notifying users about security issues. It also provides more control over website permissions and extensions, aiming to improve user safety and … Read more
September 12, 2024 at 10:50AM GitLab has released critical updates to address multiple vulnerabilities, including the most severe CVE-2024-6678, allowing an attacker to trigger pipelines as arbitrary users. The release encompasses versions 17.3.2, 17.2.5, and 17.1.7 for both CE and EE, and addresses a total of 18 security issues. GitLab urges immediate upgrading to the … Read more
September 12, 2024 at 05:24AM Palo Alto’s Unit 42 threat intel team warns of a rising tactic used by phishers to steal victims’ credentials. They identified over 2,000 large-scale phishing campaigns abusing HTTP header refresh entries to redirect visitors to malicious websites. The phishing attacks primarily target business and economy sectors, highlighting the need for … Read more