Security News > 2024 > March

The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed...

While there are some 880 devices registered, "Only a few tens of distinct ELD models" have hit the road in commercial trucks. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. "In our evaluation of ELD units procured from various resellers, we discovered that they are distributed with factory default firmware settings that present considerable security risks," the authors noted.

The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service attacks. The joint guide, entitled Understanding and Responding to Distributed Denial-Of-Service Attacks [PDF], distinguishes between denial-of-service and DDoS attacks.

Microsoft is the subject of growing criticism in the US over allegations that its Bing search engine censors results for users in China that relate to sensitive subjects the state wants blocked. Republican Senator Marco Rubio has added his voice to criticism of the Redmond software giant for reportedly removing search results from Bing on human rights, democracy, climate change, and other sticky issues within China.

The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote. The Protecting Americans' Data from Foreign Adversaries Act of 2024 was introduced in the house earlier this month alongside the recently-passed TikTok ban bill and gives the Federal Trade Commission authority to go after any data broker that sells PII to North Korea, Russia, China or Iran, or any company controlled by those countries.

Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. Windows Notepad languished without new features for years while more modern text editors, like Notepad2 and Notepad++, were developed and released.

On Wednesday, the KDE team warned Linux users to exercise "Extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. As KDE said, it currently lacks the resources to review the code used by each global theme submitted for inclusion in its official store.

Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by forging a pair of keycards. As first reported by Wired, the researchers were invited to a private hacking event in Las Vegas, where they competed with other teams to find vulnerabilities in a hotel room and all the devices within it.

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The...

A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on WordPress sites to inject the malicious Sign1 scripts rather than modifying the actual WordPress files.