BleepingComputer.com

"Pwn20wn Automotive:  $1.3M for 49 zero-days, Tesla hacked twice."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 26 January 2024, 1446 UTC.

Content and Source:  https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

LATEST ARTICLES

• 
   
  SECURITY

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

• The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.

  • SERGIU GATLAN
   
  • JANUARY 26, 2024
   
  • 07:32 AM
   
  •  0
• 
   
  DEALS

Get started in ethical hacking training with hundreds off this training bundle

• White-hat hacking is one of the best ways to block malicious actors from accessing the systems you're responsible for. This 18-course cybersecurity training bundle shows you how to get it done for $45.99, $1052 off the $1098 MSRP.

  • BLEEPINGCOMPUTER DEALS
   
  • JANUARY 26, 2024
   
  • 07:19 AM
   
  •  0
• 
   
  SECURITY

23andMe data breach: Hackers stole raw genotype data, health reports

• Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.

  • SERGIU GATLAN
   
  • JANUARY 25, 2024
   
  • 05:05 PM
   
  •  0
• 
   
  SECURITY

Blackwood hackers hijack WPS Office update to install malware

• A previously unknown advanced threat actor tracked  as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.

  • BILL TOULAS
   
  • JANUARY 25, 2024
   
  • 03:30 PM
   
  •  0
• 
   
  DEALS

Upgrade your ethical hacking skills with $150 off this training bundle

• White-hat hacking is a crucial discipline for the safety of your organization. This nine course ethical-hacking training bundle teaches you the skills you need for $29.99, $150 off the $180 MSRP.

  • BLEEPINGCOMPUTER DEALS
   
  • JANUARY 25, 2024
   
  • 02:09 PM
   
  •  0
• 
   
  SECURITY

Russian TrickBot malware dev sentenced to 64 months in prison

• Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.

  • SERGIU GATLAN
   
  • JANUARY 25, 2024
   
  • 01:52 PM
   
  •  0
• 
   
  SECURITY, APPLE, MOBILE

iPhone apps abuse iOS push notifications to collect user data

• Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.

  • BILL TOULAS
   
  • JANUARY 25, 2024
   
  • 01:28 PM
   
  •  0
• 
   
  SECURITY

Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo

• Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.

  • SERGIU GATLAN
   
  • JANUARY 25, 2024
   
  • 10:49 AM
   
  •  2
• 
   
  SECURITY

Cisco warns of critical RCE flaw in communications software

• Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.

  • BILL TOULAS
   
  • JANUARY 25, 2024
   
  • 09:41 AM
   
  •  0
• 
   
  SECURITY

Hackers target WordPress database plugin active on 1 million sites

• Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.

  • BILL TOULAS
   
  • JANUARY 25, 2024
   
  • 09:15 AM
   
  •  2
• 
   
  DEALS

A lifetime of e-learning is only $120 for a limited time in this deal

• Get The Ultimate Lifetime Bundle of StackSkills + Infosec4TC + Stone River on sale for just $119.99 (reg. $480) for a limited time only

  • BLEEPINGCOMPUTER DEALS
   
  • JANUARY 25, 2024
   
  • 07:11 AM
   
  •  0
• 
   
  SECURITY

HPE: Russian hackers breached its security team’s email accounts

• Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.

  • LAWRENCE ABRAMS
   
  • JANUARY 24, 2024
   
  • 04:50 PM
   
  •  0
• 
   
  SECURITY

VexTrio TDS: Inside a massive 70,000-domain cybercrime operation

• A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.

  • BILL TOULAS
   
  • JANUARY 24, 2024
   
  • 02:46 PM
   
  •  0
• 
   
  SECURITY

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

• Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

  • BILL TOULAS
   
  • JANUARY 24, 2024
   
  • 12:55 PM
   
  •  2
• 
   
  DEALS

Save $384 in this CISSP exam preparation course bundle deal

• Getting a CISSP credential can be intimidating. This eight-course CISSP exam prep bundle breaks it down into manageable pieces for $39.99, $384 off the $424 MSRP.

  • BLEEPINGCOMPUTER DEALS
   
  • JANUARY 24, 2024
   
  • 12:19 PM
   
  •  0
• 
   
  SECURITY

UK says AI will empower ransomware over the next two years

• The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.

  • BILL TOULAS
   
  • JANUARY 24, 2024
   
  • 11:56 AM
   
  •  1
• 
   
  SECURITY

Global fintech firm EquiLend offline after recent cyberattack

• New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack.

  • SERGIU GATLAN
   
  • JANUARY 24, 2024
   
  • 11:36 AM
   
  •  0
• 
   
  GOOGLE, MOBILE

Google Pixel phones unusable after January 2024 system update

• Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps.

  • BILL TOULAS
   
  • JANUARY 24, 2024
   
  • 10:13 AM
   
  •  7
• 
   
  SECURITY

  SPONSORED CONTENT

How to secure AD passwords without sacrificing end-user experience

• To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. Learn more from Specops Software on an alternative approach that supports security and end-user experience at the same time.

  • SPONSORED BY SPECOPS SOFTWARE
   
  • JANUARY 24, 2024
   
  • 10:02 AM
   
  •  0
• 
   
  SECURITY

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024

• Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.

  • SERGIU GATLAN
   
  • JANUARY 24, 2024
   
  • 08:36 AM
   
  •  2

• 1
 
• 2
 
• 3
 
• 4
 
• 5