Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. “These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses,” Bitsight researcher
A week in security (September 23 – September 29)
Last week on Malwarebytes Labs: Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution Telegram will hand over user details to law enforcement Don’t share the viral Instagram Meta AI “legal” post Romance scams costlier than ever: […]
Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number
In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, […]
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
Authors: Boudewijn Meijer && Rick Veldhoven Introduction As defensive security products improve, attackers must refine their craft. Gone are the days of executing malicious binaries from disk, especially ones well known to antivirus and Endpoint Detection and Reponse (EDR) vendors. Now, attackers focus on in-memory payload execution for both native and managed applications to evade […]
Enhancing Cyber Resilience in Transportation Organizations
2024 Cyber Resilience Research Unveils Transportation Sector Challenges New data illuminates how transportation leaders can prioritize resilience. Transportation organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to transportation providers. Get your complimentary copy of […]
Enhancing Cyber Resilience in Manufacturing Organizations
2024 Cyber Resilience Research Unveils Manufacturing Sector Challenges New data illuminates how manufacturing leaders can prioritize resilience. Manufacturing organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to manufacturing providers. Get your complimentary copy of […]
Cuckoo Mac Malware Mimics Music Converter to Steals Passwords and Crypto
By Deeba Ahmed Cuckoo malware targets macOS users, stealing passwords, browsing history, crypto wallet details & more. Disguised as a music converter, it poses a major security risk. Learn how to protect yourself from this sophisticated infostealer. This is a post from HackRead.com Read the original post: Cuckoo Mac Malware Mimics Music Converter to Steals […]
Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10
This week on the Lock and Code podcast… You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological experiment, in turns out that […]
Introducing LevelBlue: Elevating Business Confidence By Simplifying Security
Today is a monumental day for the cybersecurity industry. Live from RSA Conference 2024, I’m excited to introduce LevelBlue – a joint venture with AT&T and WillJam Ventures, to form a new, standalone managed security services business. You can read more about the news here. In 2022, I founded my private equity firm, WillJam Ventures, […]
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that’s vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting […]