Security News > 2022 > December
Three different security flaws have been disclosed in American Megatrends MegaRAC Baseboard Management Controller software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage," firmware and hardware security company Eclypsium said in a report shared with The Hacker News.
A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "The activity of CryWiper once again shows that the payment of the ransom does not guarantee the recovery of files," the researchers said, stating the malware "Deliberately destroys the contents of files."
Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. While there are good reasons to expose more assets to the internet, the price is an increased attack surface.
Cloud computing company Rackspace has suffered a security breach that has resulted in a still ongoing outage of their Hosted Exchange environment.The connectivity issues for Rackspace Hosted Exchange customers - mostly small to medium size businesses - started on Friday, with users experiencing errors when accessing the Outlook Web App and syncing their email clients.
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number, researcher Sam Curry said in a Twitter thread last week. SiriusXM's Connected Vehicles Services are said to be used by more than 10 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.
The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents," researchers Callum Roxan, Paul Rascagneres, and Robert Jan Mora said.
Or as Sinatra went on to croon, 'try, try, try to separate them, it's an illusion. ' Companies may feel they are forced to choose between securing all their application identities at the cost of speed of development, but this doesn't have to be the case.
From precisely spotting security vulnerabilities in your code, to writing an essay or an entire block of functional code on a whim, to opening portals to another dimension, OpenAI's newly launched ChatGPT is a game changer with its possibilities seeming limited only by your limitedness. Last week, OpenAI research labs unveiled ChatGPT, a chat bot that works from within your web browser-akin to the ones you've seen on websites offering customer support chat.
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.