Security Affairs

Toyota Italy Inadvertently Leaked Sensitive Data

The company exposed credentials to the Salesforce Marketing Cloud, a provider of digital marketing automation and analytics software and services. Cybernews has reached out to the car manufacturer, and the dataset has been secured.

NullMixer Includes Polymorphic Loaders to Deliver New Threats

The NullMixer package is including new polymorphic loaders by third-party MaaS and PPI service providers in the underground markets, and also pieces of controversial, potentially North-Korean-linked PseudoManuscript code.

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days

On the third day, contestants were awarded $185,000 after demonstrating 5 zero-day exploits targeting the Ubuntu Desktop, Windows 11, and the VMware Workstation software.

Vice Society Claims Attack on Puerto Rico Aqueduct and Sewer Authority

The attack was disclosed on March 19, and threat actors had access to customer and employee information. The agency is going to notify impacted customers and employees via breach notification letters.

Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

On the second day of Pwn2Own Vancouver 2023, the bug hunters demonstrated zero-day attacks against the Oracle VirtualBox virtualization platform, Microsoft Teams, Tesla Model 3, and the Ubuntu Desktop OS.

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts. On the first day, it awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities discovered.

User Data Leak at Korean Beauty Platform PowderRoom Impacts One Million People

The Cybernews research team discovered that the South Korean social platform, powderroom.co.kr – which markets itself as the nation’s biggest beauty community – was leaking the private data of a million users.

Lionsgate Streaming Platform With 37 Million Subscribers Leaks User Data

Cybernews researchers discovered an unprotected 20GB of server logs that contained nearly 30 million entries, with the oldest dated May 2022. The logs exposed subscribers’ IP addresses and user data about devices, operating systems, and web browsers.

Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

“The new variant of the FakeGPT Chrome extension, titled 'Chat GPT For Google,' is once again targeting your Facebook accounts under a cover of a ChatGPT integration for your Browser,” reads the post published by Guardio Labs.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags