Security News > 2023

Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. Eagers Automotive is the largest operator of car dealerships in Australia and New Zealand, with over 300 selling points for brands such as Toyota, BMW, Nissan, Mercedes-Benz, Audi, Ford, VW, and Honda.

Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. As reported by BleepingComputer, ParkMobile disclosed a massive data breach in 2021 that exposed the stolen data for 21 million customers.

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. Microsoft says the threat actors use both malicious advertisements for popular software and Microsoft Teams phishing messages to push signed malicious MSIX application packages.

Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. Kroll said the exposed data included coin holdings and balances, which would allow threat actors to pinpoint attractive targets who invest heavily in the cryptocurrency markets.

Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. The links redirect victims to malicious web resources that employ JavaScript to drop a Windows shortcut file that launches PowerShell commands to trigger an infection chain for a new Python malware downloader called 'MASEPIE.'.

From the outside, at least, it appears that Caesars suffered minimal pain and business disruption primarily because it decided to pay the ransom. "Paying a ransom is like cutting the cheese in a packed elevator: it makes other people suffer," Emsisoft threat analyst Brett Callow told The Register.

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Online URL. The researchers further said those scanning vulnerable servers are particularly interested in finding vulnerable Confluence servers.

Kaspersky's Global Research and Analysis Team has exposed a previously unknown 'feature' in Apple iPhones that allows attackers to bypass hardware-based memory protection. Kaspersky reckons the hardware feature might have been intended for testing or debugging.

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An...

AI researcher Tantum Collins and I, a public-interest technology scholar, call this AI overcoming "Lossy bottlenecks." Lossy is a term from information theory that refers to imperfect communications channels-that is, channels that lose information. By storing rich representations of people's preferences and histories on the demand side, along with equally rich representations of capabilities, costs and creative possibilities on the supply side, AI systems enable complex customization at scale and low cost.