- Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems
November 15, 2022
A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ...
- Pro-Russian hackers claim cyber attack on FBI website
November 15, 2022
A group of pro-Russian hackers claimed to hack into the FBI website this week, the latest in a string of supposed attacks on U.S. government websites. The group Killnet took responsibility for infiltrating the website on its Telegram page Monday. It said the group was doing justice and guarding Russian cyberspace, writing “Glory to Russian and ...
- Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
November 15, 2022
State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. Symantec, by Broadcom Software, was able to link this activity to a group we track as Billbug due to the use in this campaign of tools previously attributed to this group. Billbug (aka Lotus ...
- Shocker: EV charging infrastructure is seriously insecure
November 15, 2022
If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today. That’s what scientists at Sandia National Laboratory in Albuquerque, New Mexico have ...
- DTrack activity targeting Europe and Latin America
November 15, 2022
DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, Kaspersky researchers seen it being used in financial environments where ATMs were breached, in attacks on a nuclear power ...
- Android malware: A million people downloaded these malicious apps before they were finally removed from Google Play
November 15, 2022
Google has removed a series of apps downloaded by over a million Android users from the Google Play Store that infected smartphones with malware and bombarded devices with malicious pop-up ads. The malware has been detailed by cybersecurity researchers at Malwarebytes. The apps were still available to download for a number of days after the research ...
- Russia-based Pushwoosh tricks US Army and others into running its code – for a while
November 15, 2022
US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company – which presents itself as American – is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications ...
- CISA Has Added One Known Exploited Vulnerability to Catalog
November 14, 2022
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date ...
- Whoosh confirms data breach after hackers sell 7.2M user records
November 14, 2022
The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Whoosh is Russia’s leading urban mobility service platform, operating in 40 cities with over 75,000 scooters. On Friday, a threat actor began selling the stolen data on a hacking ...
- Google will pay $391M to settle Android location tracking lawsuit
November 14, 2022
Google has agreed to pay $391.5 million to settle a privacy lawsuit filed by a coalition of attorneys general from 40 U.S. states. The settlement shows that the U.S. attorneys general discovered while investigating a 2018 Associated Press article that the search giant misled Android users and tracked their locations since at least 2014 even when ...
- Australia: Government considers making cyber ransom payments illegal after Medibank hack
November 13, 2022
It could soon be illegal for companies that fall victim to data breaches to pay ransoms to the hackers. The home affairs minister, Clare O’Neil, confirmed the government was examining whether new laws were needed to stop ransom payments in the wake of the Medibank and Optus data breaches. O’Neil said while short-term successes were needed in ...