January 9, 2023Rabbi Lakshmananautomotive security Multiple bugs affecting millions of vehicles from 16 different manufacturers can be exploited to unlock, start and track vehicles, and potentially impact vehicle owners’ privacy there is. Security vulnerabilities in automotive APIs and software in…
According to Check Point, the number of cyberattacks recorded last year was almost two-fifths (38%) of the total volume observed in 2021. Security vendors attributed this increase primarily to a surge in attacks against healthcare organizations, which saw the largest…
January 9, 2023Rabbi LakshmananNetwork Security / Supply Chain Yet another campaign targeting Python Package Index (PyPI) repositories found six malicious packages deploying information stealers on developer systems. Now-removed packages discovered by Phylum between December 22nd and December 31st, 2022 include…
January 9, 2023Rabbi LakshmananSupply Chain / CodeSec A new attack vector targeting the Visual Studio Code extension marketplace may be used to upload a rogue extension masquerading as its legitimate counterpart in order to launch a supply chain attack. In…
December 21, 2022Rabbi Lakshmanan of raspberry robin The worm has been used to attack telecommunications and government systems in Latin America, Australia, and Europe since at least September 2022. “The main payload itself is packed with more than 10 layers…
December 22, 2022Rabbi LakshmananSoftware Security / Data Breach Okta, a company that provides identity and access management services, revealed Wednesday that some of its source code repositories were compromised earlier this month. “No customers, including HIPAA, FedRAMP, or DoD customers,…
December 22, 2022Rabbi LakshmananInternet of Things / Patch Management of zero robot The DDoS botnet has undergone a major update that expands its ability to target more internet-connected devices and expand its network. The Microsoft Threat Intelligence Center (MSTIC) is…
January 8, 2023Rabbi LakshmananCyber Espionage / Threat Analysis Russian cyber espionage group known as tower It has been observed piggybacking on attack infrastructure used by decade-old malware to deliver its own reconnaissance and backdoor tools to Ukrainian targets. Mandiant, owned…
December 22, 2022Rabbi LakshmananWebsite security/vulnerability Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost. One of them could be exploited to elevate privileges via a specially crafted HTTP request. Ghost is an open source…
December 22, 2022Rabbi LakshmananPassword management Multiple High Severity Vulnerabilities Disclosed password status A password management solution that can be exploited by an unauthenticated, remote adversary to obtain a user’s plaintext password. “A successful exploit could allow an unauthenticated attacker to…
All Rights Reserved. Kowatek Blog by IWUCHI
Home | About Us | Disclaimer | Privacy Policy | Contact Us
