Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands,

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.
The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in

,

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.
The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in

, ,
https://thehackernews.com/2023/01/millions-of-vehicles-at-risk-api.html

Crypto : 2022 a été l’année des piratages… et ce sera pire en 2023

Crypto : 2022 a été l’année des piratages… et ce sera pire en 2023,

ethereum merge

En 2022, le secteur des cryptomonnaies a subi une centaine d’attaques informatiques. En ciblant les protocoles les plus fragiles de la finance décentralisée, les pirates ont siphonné des milliards de dollars… et ils ne comptent pas s’arrêter là.

,

ethereum merge

En 2022, le secteur des cryptomonnaies a subi une centaine d’attaques informatiques. En ciblant les protocoles les plus fragiles de la finance décentralisée, les pirates ont siphonné des milliards de dollars… et ils ne comptent pas s’arrêter là.

, ,
https://www.01net.com/actualites/crypto-2022-a-ete-lannee-des-piratages-et-ce-sera-pire-en-2023.html

ChatGPT : mauvaise nouvelle, les cybercriminels ont aussi commencé à l’utiliser

ChatGPT : mauvaise nouvelle, les cybercriminels ont aussi commencé à l’utiliser,

hacking, hack, hacker

C’est une tendance inquiétante : les pirates se sont aussi emparés de ChatGPT et certains s’en servent pour créer e-mails de phishing et malwares en quelques secondes. Le début d’une nouvelle ère ?

,

hacking, hack, hacker

C’est une tendance inquiétante : les pirates se sont aussi emparés de ChatGPT et certains s’en servent pour créer e-mails de phishing et malwares en quelques secondes. Le début d’une nouvelle ère ?

, ,
https://www.01net.com/actualites/chatgpt-mauvaise-nouvelle-les-cybercriminels-ont-aussi-commence-a-lutiliser.html

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls,

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly

,

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly

, ,
https://thehackernews.com/2023/01/malicious-pypi-packages-using.html

Top SaaS Cybersecurity Threats in 2023: Are You Ready?

Top SaaS Cybersecurity Threats in 2023: Are You Ready?,

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses

Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

,

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses

Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

, ,
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions,

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique « could act as an entry point for an attack on many organizations, » Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,

,

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique « could act as an entry point for an attack on many organizations, » Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,

, ,
https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors,

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine.
Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called 

,

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine.
Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called 

, ,
https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub,

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group « primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations, » Palo Alto Networks Unit 42

,

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group « primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations, » Palo Alto Networks Unit 42

, ,
https://thehackernews.com/2023/01/hackers-using-captcha-bypass-tactics-in.html

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS,

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.
« While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform, » the tech giant’s Security Threat Intelligence team said in a Thursday report.
The initial vector for these

,

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.
« While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform, » the tech giant’s Security Threat Intelligence team said in a Thursday report.
The initial vector for these

, ,
https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

Dridex Malware Now Attacking macOS Systems with Novel Infection Method,

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research.
It has « adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files, » Trend Micro researcher Armando Nathaniel

,

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research.
It has « adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files, » Trend Micro researcher Armando Nathaniel

, ,
https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html