The Information Highway

The Information Highway

Kia dealer portal flaw could let attackers hack millions of cars

KIA

A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate. 

Continue reading
  188 Hits

Researchers find SQL injection to bypass airport TSA security checks

Airport

 Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits.

Continue reading
  281 Hits

Google tags a tenth Chrome zero-day as exploited this year

Google_Chrome

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests.

Continue reading
  256 Hits

New Brokewell malware takes over Android devices, steals data

image_2

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches.

Continue reading
  451 Hits

Vultur banking malware for Android poses as McAfee Security app

android

Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism.

Continue reading
  712 Hits

Exploit released for Fortinet RCE bug used in attacks, patch now

Fortinet

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

Continue reading
  846 Hits

Researchers expose Microsoft SCCM misconfigs usable in cyberattacks

Hacker-microsoft-windows

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. 

Continue reading
  795 Hits

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024

Pwn2Own_Tokyo-headpic

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.


Continue reading
  756 Hits

Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops

Laptop_finger_print

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. 

Continue reading
  852 Hits

Critical RCE flaws found in SolarWinds access audit solution

connector

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. 

Continue reading
  934 Hits

Recently patched Apple, Chrome zero-days exploited in spyware attacks

Apple

Security researchers with the Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. 

Continue reading
  991 Hits

Charming Kitten hackers use new ‘NokNok’ malware for macOS

Iranian-hacker

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. 

Continue reading
  5727 Hits

Apps with 1.5M installs on Google Play send your data to China

Android-malware

Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality. 

Continue reading
  906 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023