Resources

MiTM phishing attack can let attackers unlock and steal a Tesla
Events

MiTM phishing attack can let attackers unlock and steal a Tesla

The title and content have been clarified to indicate that, while a Flipper Zero was used in this MiTM phishing attempt, other devices might have been used. Researchers gave an example of how to launch a Man-in-the-Middle (MiTM) phishing attack to gain access to Tesla accounts and start the vehicles. The most recent versions of the Tesla OS (11.1 2024.2.7) and app (4.30.6) are vulnerable to the exploit. Security researchers Tommy Mysk and Talal Haj Bakry register a new "Phone key" that may be used to access the Tesla as part of this assault. The researchers informed Tesla of their results, claiming that sufficient identification security is lacking when connecting a car to a new phone read more MiTM phishing attack can let attackers unlock and steal a Tesla. Get up to date on ...
Zero-day vulnerability in MoveIt Transfer under attack
Events

Zero-day vulnerability in MoveIt Transfer under attack

Progress Software's MOVEit Transfer managed file transfer application has a major bug that has been widely exploited in the field to take control of unprotected systems. A serious SQL injection vulnerability that might result in elevated privileges and probable unauthorized access to the environment is the flaw, which has not yet been given a CVE number. The company reported that a SQL injection vulnerability in the MOVEit Transfer online application might give an unauthenticated attacker access to the company's database without authorization read more Zero day vulnerability in MoveIt Transfer under attack. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awareness, and the latest cybersecurity news ...
Telehealth firm Cerebral shared millions of patients data with advertisers
Resources, Risk, Security

Telehealth firm Cerebral shared millions of patients data with advertisers

Cerebral has admitted that it gave advertising and social media juggernauts like Facebook, Google, and TikTok access to the private health data of more than 3.1 million patients in the US, including assessments of their mental state. The telehealth startup revealed the security lapse in a filing with the federal government that it shared patients' personal and health information who used the app to search for therapy or other mental health care services. The telehealth startup, which exploded in popularity during the COVID-19 read more Telehealth firm Cerebral shared millions of patients data with advertisers. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
FBI Warns of Crypto Stealing Play to Earn Games
Availability, Resources, Risk, Security

FBI Warns of Crypto Stealing Play to Earn Games

Customers have been cautioned not to fall for a brand-new class of fraudulent gaming applications that have already defrauded users out of millions of dollars worth of cryptocurrencies. According to a recent PSA from the FBI's Internet Crime Complaint Center, scammers generally contact victims online before introducing them to the online or mobile game in time (IC3). The game claims to give users bitcoin just for playing. The FBI chose the example of a player raising virtual crops on an animated farm, despite the fact that there are numerous variations of this scam read more FBI Warns of Crypto Stealing Play to Earn Games. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solu...
Acer Confirms Unauthorized Access But Says No Consumer Data Stolen
Resources, Risk, Security

Acer Confirms Unauthorized Access But Says No Consumer Data Stolen

Acer, a Taiwanese electronics maker, revealed a case of illegal access to one of its document servers by service professionals. The international firm said that it believes no customer data was accessed as a result of the breach in a statement sent via email to Infosecurity. There is currently no evidence that any customer data was saved on that server, the company stated, adding that its investigation is still in progress. On a dark web forum earlier this week, a threat actor going by the name "Kernelware" took ownership of the attack. They claimed to have carried out the attack in the middle of February read more Acer Confirms Unauthorized Access But Says No Consumer Data Stolen. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our c...
TikTok Initiates Project Clover Amid European Data Security Concerns
Resources, Risk, Security

TikTok Initiates Project Clover Amid European Data Security Concerns

TikTok has unveiled Project Cover and two new European data centres, despite the fact that governments from all around the world have sought to restrict it from being used on official devices due to data security concerns. Only two weeks have passed since the EU Commission prohibited TikTok from being used on corporate devices before the launch of "Project Clover," an improvement to TikTok's 2021 data governance policy. Project Clover will "move away from complying with industry standards to defining a new benchmark entirely when it comes to data security," according to TikTok read more TikTok Initiates Project Clover Amid European Data Security Concerns. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the l...
Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks
Resources, Risk, Security

Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks

For the first time since December 2022, the Remcos Trojan is back on Check Point Software's top ten list of the most desired malware (in position 8). The most recent report, which the business released earlier today, claims that threat actors utilized Remcos extensively in February to conduct phishing operations against Ukrainian government agencies. The research report makes clear that, generally, there were 44% fewer weekly attacks on Ukraine between October 2022 and February 2023 read more Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw
Reputation, Resources, Risk, Security

Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

Lazarus Group, a North Korean threat actor, was observed twice in the past year using holes in undisclosed software to access a South Korean finance company. The information was released by security experts at Asec, who on Tuesday published an advisory about the attacks. The first attack was noted by the corporation in May 2022, while the second one happened in October of that same year. According to reports, the same zero-day vulnerability was used by both operations. The impacted company "was employing a vulnerable version of a certificate application that was commonly used by public institutions and universities during the infiltration read more Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw. Stay informed with the best cybersecurity news and raise your cybe...
SYS01 Stealer Targets Critical Infrastructure With Google Ads
Resources, Risk, Security

SYS01 Stealer Targets Critical Infrastructure With Google Ads

From November 2022, threat actors have infected the systems of key government infrastructure workers, manufacturing organisations, and other targets with the information thief known as SYS01. Security researchers at Morphisec discovered the new effort, which used false Facebook pages to advertise games, sexual content, and cracked software while luring Facebook business accounts with Google advertisements. The enticement then prompted the download of a malicious link. Arnold Osipov, a malware researcher at Morphisec, stated in a Tuesday advisory that the attack "is meant to steal sensitive information read more SYS01 Stealer Targets Critical Infrastructure With Google Ads. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive...
CISA Warns Against Royal Ransomware in New Advisory
Events, Risk, Security

CISA Warns Against Royal Ransomware in New Advisory

Against the Royal Ransomware organization, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a new alert warning system. The paper, which was made public on Thursday in partnership with the FBI as part of the Agency's #StopRansomware campaign, lists indications of compromise (IOCs) and strategies, methods, and procedures (TTPs) related to Various ransomware variants. Since September 2022, recent hostile behavior by threat actors using a specific malware read more CISA Warns Against Royal Ransomware in New Advisory. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.