BleepingComputer.com

"Pwn20wn Automotive:  $1.3M for 49 zero-days, Tesla hacked twice."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 26 January 2024, 1446 UTC.

Content and Source:  https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

  • The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.

  • Hacker Remote Access
     

Get started in ethical hacking training with hundreds off this training bundle

  • White-hat hacking is one of the best ways to block malicious actors from accessing the systems you're responsible for. This 18-course cybersecurity training bundle shows you how to get it done for $45.99, $1052 off the $1098 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 26, 2024
    •  
    • 07:19 AM
    •  
    • Comment Count 0
  • 23andMe
     

23andMe data breach: Hackers stole raw genotype data, health reports

  • Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.

  • China Hacker
     

Blackwood hackers hijack WPS Office update to install malware

  • A previously unknown advanced threat actor tracked  as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.

  • Hacking security
     

Upgrade your ethical hacking skills with $150 off this training bundle

  • White-hat hacking is a crucial discipline for the safety of your organization. This nine course ethical-hacking training bundle teaches you the skills you need for $29.99, $150 off the $180 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 25, 2024
    •  
    • 02:09 PM
    •  
    • Comment Count 0
  • Hacker prison
     

Russian TrickBot malware dev sentenced to 64 months in prison

  • Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.

  • iPhone
     

iPhone apps abuse iOS push notifications to collect user data

  • Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.

  • Pwn2Own Tokyo
     

Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo

  • Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.

  • Cisco
     

Cisco warns of critical RCE flaw in communications software

  • Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.

  • WordPress
     

Hackers target WordPress database plugin active on 1 million sites

  • Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.

  • Online Course
     

A lifetime of e-learning is only $120 for a limited time in this deal

  • Get The Ultimate Lifetime Bundle of StackSkills + Infosec4TC + Stone River on sale for just $119.99 (reg. $480) for a limited time only

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 25, 2024
    •  
    • 07:11 AM
    •  
    • Comment Count 0
  • HPE
     

HPE: Russian hackers breached its security team’s email accounts

  • Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.

  • Hackers
     

VexTrio TDS: Inside a massive 70,000-domain cybercrime operation

  • A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.

  • GitLab
     

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

  • Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

  • Cybersecurity ethical hacking penetration testing
     

Save $384 in this CISSP exam preparation course bundle deal

  • Getting a CISSP credential can be intimidating. This eight-course CISSP exam prep bundle breaks it down into manageable pieces for $39.99, $384 off the $424 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 24, 2024
    •  
    • 12:19 PM
    •  
    • Comment Count 0
  • AI hacker security Artificial Intelligence
     

UK says AI will empower ransomware over the next two years

  • The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.

  • EquiLend
     

Global fintech firm EquiLend offline after recent cyberattack

  • New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack.

  • Google Pixel 7
     

Google Pixel phones unusable after January 2024 system update

  • Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps.

  • How to secure AD passwords without sacrificing end-user experience
     
    SPONSORED CONTENT

How to secure AD passwords without sacrificing end-user experience

  • To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. Learn more from Specops Software on an alternative approach that supports security and end-user experience at the same time.

  • Pwn2Own Tokyo
     

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024

  • Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.

Comments

Popular posts from this blog

BleepingComputer.com

The Cyberwire Daily Briefing

SecurityWeek Briefing