Security News

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

Chinese upstarts are selling smartphone motherboards - and kit to run and manage them at scale - to operators of outfits that use them to commit various scams and crimes, according to an undercover investigation by state television broadcaster China Central Television revealed late last week. The report shows what appear to be chassis filled with 20 smartphone motherboards each, wired to a monitor that displays the screens of all 20 units.

Even fake data breaches can have real repercussions. Epic Games, maker of Fortnite was a victim of a fake data breach by a cybercrime group that claimed without evidence it had absconded source code and sensitive user data.

WebCopilot is an open-source automation tool that enumerates a target's subdomains and discovers bugs using various free tools. Subdomain enumeration: It leverages tools like Assetfinder, Subfinder, Amass, and httpx to comprehensively discover subdomains.

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7. Rapid7 isn't sure how the gang distributes its latest attack, but is confident the payload includes poisoned Microsoft Compiled HTML Help files along with ISO, VHD, ZIP and RAR files.

In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining traction as the next frontier of programming productivity, collaboration, and security.

As the undisputed leader in leaked secrets detection, GitGuardian has been meticulously identifying and reporting the prevalence of such secrets on public GitHub for years. Hardcoding secrets in source code repositories, Committing secrets to public code repositories, Exposing secrets in developer communication channels, Leaking secrets in container images or artifacts at build time.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year - closely followed by phishing and ransomware. The research found that 43% of enterprises failed a compliance audit in the past twelve months - with the report highlighting a very clear correlation between compliance and data security.

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber...

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction....