Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack

Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The “Kia Challenge” started circulating in mid-2022 and explained Read More …

CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier this month, CircleCi disclosed that they suffered a security incident and warned customers Read More …

PyTorch dependency poisoned with malicious code

An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data. Developers who last week downloaded the nightly builds of the open source PyTorch framework Read More …

Cyber Signals: Risks to critical infrastructure on the rise

Today, the third edition of Cyber Signals was released spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. In this edition, we share new insights on wider risks that converging IT, Internet Read More …

UK arrests five for selling ‘dodgy’ point of sale software

Tax authorities from Australia, Canada, France, the UK and the USA have conducted a joint probe into “electronic sales suppression software” – applications that falsify point of sale data to help merchants avoid paying tax on their true revenue. A Read More …

Cybersecurity laws to be updated to boost UK protection from cyber attacks

The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced. The Network and Information Systems (NIS) Regulations will be updated so Read More …

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain

Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Read More …

Russia-based Pushwoosh tricks US Army and others into running its code – for a while

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company – which presents itself as American – is actually Russian, according to Reuters. Pushwoosh is a software Read More …

NSA to developers: Think about switching from C and C++ to a memory safe programming language

The National Security Agency (NSA) is urging developers to shift to memory safe languages – such as C#, Go, Java, Ruby, Rust, and Swift – to protect their code from remote code execution or other hacker attacks. Of the languages Read More …