Cybersecurity
- Israel army hacked the communication network of the Beirut Airport control towersecurityaffairs.com Israel army hacked the communication network of the Beirut Airport control tower
Israel allegedly hacked Beirut airport's control tower, warning an Iranian plane not to land, forcing it to return to Tehran.
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of deviceswww.theregister.com Critical Linux bug is CUPS-based remote-code execution hole
No patches yet, can be mitigated, requires user interaction
- Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bugwww.wired.com Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
> Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
- Novel Exploit Chain Enables Windows UAC Bypasswww.darkreading.com Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP
> Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.
- Public Wi-Fi Compromised in UK Train Stationswww.darkreading.com Public Wi-Fi Compromised in UK Train Stations
British Transport Police and Network Rail are investigating the incident, in which bad actors posted Islamophobic messages on the transport system's network.
- Flaw in Kia’s web portal let researchers track, hack carsarstechnica.com Flaw in Kia’s web portal let researchers track, hack cars
Bug let researchers track millions of cars, unlock doors, and start engines at will.
- A critical Nvidia Container Toolkit bug can allow a complete host takeoverwww.csoonline.com A critical Nvidia Container Toolkit bug can allow a complete host takeover
The flaw allows a rogue user to escape their container and access entire file systems of the underlying host to perform code execution, and denial of service.
cross-posted from: https://lemmy.zip/post/23512381 > The flaw allows a rogue user to escape their container and access entire file systems of the underlying host to perform code execution, and denial of service.
- Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consentthehackernews.com Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent
Mozilla faces a privacy complaint from noyb for enabling Firefox's PPA feature without user consent.
- NIST proposes barring some of the most nonsensical password rulesarstechnica.com NIST proposes barring some of the most nonsensical password rules
Proposed guidelines aim to inject badly needed common sense into password hygiene.
- Congress Advances Bill to Add AI to NVDwww.darkreading.com Congress Advances Bill to Add AI to NVD
The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.
> The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.
- ChatGPT macOS app Flaw Could've Enabled Long-Term Spyware via Memory Functionthehackernews.com ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function
ChatGPT vulnerability patched by OpenAI after discovery of persistent spyware risk in memory feature, potentially exposing user data.
- Kaspersky deletes itself, installs UltraAV antivirus without warning
> Starting Thursday, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers' computers across the United States and automatically replaced it with UltraAV's antivirus solution.
- Parsec Remote Access installed without user knowing
So I've got a few systems where parsec is installed and I can't uninstall it. Has anyone come across this? The only reason I know it's installed is by running a script that scans for RAT's. I can't find it anywhere else so it could be a false positive but it's a very strange one. Curious if anyone knows of bad actors using it like the other remote access software scammers use. The only difference is these are computers where no scammer has accessed via their usual phishing means.
- Unauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yet
EDIT: Original post seems to have been removed, try this Nitter mirror instead.
- New Android banking trojan Octo2 targets European bankssecurityaffairs.com New Android banking trojan Octo2 targets European banks
A new version of the Android banking trojan Octo, called Octo2, supports improved features that allow to takeover infected devices.
- Kansas water plant cyberattack forces switch to manual operations
> Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.
- Hacker Leaks 12,000 Alleged Twilio Call Records with Audio Recordingshackread.com Hacker Leaks 12,000 Alleged Twilio Call Records with Audio Recordings
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
- WPA3 upgrade module using a small SBC?
I had this thought.
Many IOT devices, including local devices like printers, streaming boxes, cameras etc. may be outdated.
Those may use Wifi but only support WPA2, which can be easily cracked using Kali Linux, a kernel module integrated in Kali, and aircrack.
Many of these devices have an Ethernet or at least USB jack. Ethernet will always work, USB over usb-tethering should work often.
Couldnt you just use a tiny sbc, with a wifi antenna and support for WPA3, and serve the connection via Ethernet or USB to the device?
Like a small plug-in adapter.
Should be rock stable and update atomically and automatically (waiting for you, CentOS bootc, Alma bootc, Rockylinux bootc).
Do you know if this exists or have some caveats in mind?
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Riskthehackernews.com Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
Severe vulnerabilities in Microchip ASF and MediaTek Wi-Fi chipsets expose IoT devices to remote code execution risks. No fix for CVE-2024-7490.
- 11 million devices infected with botnet malware hosted in Google Playarstechnica.com 11 million devices infected with botnet malware hosted in Google Play
Necro infiltrated Google Play in 2019. It recently returned.
- Hackers Claim Second Dell Data Breach in One Weekhackread.com Hackers Claim Second Dell Data Breach in One Week
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
- Hacktivist group Twelve is back and targets Russian entitiessecurityaffairs.com Hacktivist group Twelve is back and targets Russian entities
Hacktivist group Twelve is back and targets Russian entities to destroy critical assets and disrupt their operations.
- New PondRAT Malware Hidden in Python Packages Targets Software Developersthehackernews.com New PondRAT Malware Hidden in Python Packages Targets Software Developers
North Korean hackers use poisoned Python packages from PyPI to spread PondRAT malware, targeting developers in a supply chain attack.
- Is Malwarebytes worth paying for on windows?
I’ve had Malwarebytes for years on my personal windows pc and it’s up for renewal. Is Defender sufficient or something else cheaper but better? My default is to cancel.
- Hackers stole over $44 million from Asian crypto platform BingXsecurityaffairs.com Hackers stole over $44 million from Asian crypto platform BingX
Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX.
- Apple's macOS Sequoia Update Breaks Security Toolshackread.com Apple's macOS Sequoia Update Breaks Security Tools
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
- CISA Releases Plan to Align Cybersecurity Across Federal Agencieswww.darkreading.com CISA Plan Aligns Cybersecurity Across Federal Agencies
The FOCAL plan outlines baselines to synchronize cybersecurity priorities and policies across, as well as within, agencies.
> The FOCAL plan outlines baselines to synchronize cybersecurity priorities and policies across, as well as within, agencies.