Cloud
Toyota spewed vehicle location data for millions onto unsecured cloud databases for 10 years
No lessons learned from last year's T-Connect source code exposure?
Cybersecurity
¡OLÈ! Microsoft patches pre-auth RCE, zero day, warns on BlackLotus bootkit
Although May Patch Tuesday she be but little, she is fierce: Microsoft has pushed out a modest 38 new security fixes for its monthly fix cycle , but don’t get caught napping: They include fixes for a pre-authentication remote code execution (RCE) vulnerability in Outlook, CVE-2023-29325, that requires no user
Cybersecurity
Capita ransomware attack will cost it ~£20m in remediation, as the company leaks more data
Qakbot and leaky buckets...
Cybersecurity
Cryptojacking: Low Risk for Them, High Cost for You
With harvested credentials some groups spun up additional resources until they exhausted the credit cards on file...
Cybersecurity
PowerShell used in 76% of ransomware incidents: Attacks on education sector surge
PowerShell was used in 76% of ransomware incidents in April 2023, according to new data from cybersecurity company BlackFog – a sharp reminder of the extent to which attackers are deploying legitimate tools and platforms to achieve their aims without triggering alarms from many endpoint protection platforms. PowerShell is a task
Cybersecurity
Western Digital hackers spied on incident response, taunt firm
Extortion efforts continue...
Cybersecurity
Major German IT provider Bitmarck hacked, knocking health insurance offline for millions
IT provider serves 80 German health insurers
Cybersecurity
0 of 7 Homeland Security programs had run cybersecurity risk assessments
DHS CIO office had given waivers... "a priority to improve compliance in future"
Cybersecurity
Over 200,000 unique malware samples found in 12 weeks, amid AI threat warnings
Signature-based detection is dying hard.
Cybersecurity
"Cascading" software supply chain attack now has CNI victims in EU, US
Two critical infrastructure providers in the energy sector were breached via a software supply chain attack that also hit business communications provider 3CX and its downstream customers, as well as trading companies. That’s according to cybersecurity firm Symantec this week, which said that its Threat Hunter Team had identified
Cybersecurity
VMware warns over pre-auth RCE bug in logging utility
From remote nobody to root in one deserialization bug exploit...
Cybersecurity
Kubernetes security audit warns over 19 issues, unfixed 2019 bugs
NCC Group audit puts the spotlight on API, permissions weaknesses.