Security News > 2023 > June

Infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment - the same explanation it gave when the same thing happened a couple of weeks ago. Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's cloud systems.

As the digital revolution changes the claims process, both carriers and customers are increasingly concerned about data privacy, according to LexisNexis Risk Solutions. "Especially among younger age demographics, digital claims channels are becoming increasingly popular, but growth in self-service options among insurers absolutely must be met with investments in tools to mitigate digital identity fraud. Insurers with a multi-layered approach to mitigating digital identity fraud experience fraud costs that are 25% lower than those who do not, according to our research," added Sheehan.

As a leading voice in AI security, Katie shed some light on how encouraging women to join the cybersecurity revolution today is helping secure the products of tomorrow. One thing is clear, the growing popularity of AI requires the product security world to make even more adjustments to their security strategies, including looking for new ways to recruit rising young men and women who can address the challenges of tomorrow.

In late September 2021, staff at Taiwanese threat intelligence company TeamT5 noticed something very nasty: a fake news report accusing it of conducting phishing attacks against Japan's government and local tech companies. "We can't keep off the internet, even when on holiday. The attackers weren't counting on that," threat intelligence analyst Che-Cheng Chang told The Reg when we dropped in to TeamT5's Taipei offices last week during the Computex conference.

Microsoft's Windows 11 Moment 3 update brings a range of new features and improvements, designed to enhance user experience. The Moment 3 update extends the live captions feature to additional languages, including Simplified and Traditional Chinese, French, German, Italian, Japanese, Portuguese, Spanish, Danish, Korean, and other English dialects.

The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users' wallets, with over $35 million in crypto reportedly stolen. Atomic Wallet is a mobile and desktop crypto wallet allowing users to store various cryptocurrencies.

CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23. The critical flaw is an SQL injection vulnerability that enables unauthenticated, remote attackers to gain access to MOVEit Transfer's database and execute arbitrary code.

A new Magecart credit card stealing campaign hijacks legitimate sites to act as "Makeshift" command and control servers to inject and hide the skimmers on targeted eCommerce sites. A Magecart attack is when hackers breach online stores to inject malicious scripts that steal customers' credit cards and personal information during checkout.

MOVEit Transfer zero-day attacks: The latest infoProgress Software has updated the security advisory and confirmed that the vulnerability is a SQL injection vulnerability in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform.

Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. The new campaign launched this week, with threat actors sending complaints to online store admins through email and website contact forms.