Security News > 2022 > March

Experts warn a lack of attention on cybersecurity could plague "Smart" car and electric vehicle systems - and users - in years to come, as the use of automotive technology continues to explode. "A hacker can gain complete and unlimited access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target vehicle where the only way to prevent the attack is to either never use your fob or, after being compromised, resetting your fob at a dealership," the post said.

The same personality types that are drawn to helping professions like caregiving, teaching, and law enforcement often gain satisfaction from cybersecurity because, at its core, cybersecurity is about protecting people from "The bad actors." Organizations that are working to bring more people into the industry, such as the Cybersecurity Learning Hub at the World Economic Forum and Women in Cybersecurity are great resources for learning about the field.

Nvidia's ultra-dense GPU-driven AI training and inference systems are prone to covert and side channel attacks, according to research just published from a team led by Pacific Northwest National Laboratory. Let's start with the good news: the problems are most pressing for pre-Ampere GPU generation DGX machines and luckily, the major cloud operators have made the DGX switch to Nvidia Ampere-generation DGX machines.

Apricorn announced findings from a Twitter poll exploring device data and backup processes ahead of World Backup Day on March 31st. When asked to be honest with their admissions regarding when they last backed up the important files and documents on their home computer, a massive 57 per cent responded with "Ummm!" indicating that they do not know, or indeed, may never back up their content. 14 per cent said they had lost important documents and 11 per cent stated that they had lost emails they needed through not backing up vital content or documents on their devices.

Atento, a provider of customer relationship management services, has published its 2021 financial performance results, which show a massive impact of $42.1 million due to a ransomware attack the firm suffered in October last year. More specifically, the disruption caused by the cyberattack affected the company's Brazil-based operations, resulting in a revenue loss of $34.8 million and an additional $7.3 million in costs related to mitigating the impact of the incident.

Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage devices. Though the bug - tracked as CVE-2022-0778 and rated 7.5 on the CVSS severity-rating scale - has been patched by OpenSSL, QNAP hasn't gotten around to applying a fix yet for its NAS devices affected by the vulnerability.

EXCLUSIVE: A bug in the support dashboard of Palo Alto Networks exposed thousands of customer support tickets to an unauthorized individual, BleepingComputer has learned. The exposed information included, names and contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer.

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. Researchers at cybersecurity company Kaspersky discovered recently a malicious variant of the DeFi Wallet app, which installed the legitimate application along with a backdoor disguised as the executable for the Google Chrome web browser.

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online. Thanks to many security researchers, the situation is a bit clearer today and there's no need to panic just yet: Unlike Log4Shell, this new flaw - with no official CVE and currently nicknamed Spring4Shell - seems to only be exploitable in certain configurations.