News

Cisco has released a hardware tool, called 4CAN, developed to help researchers to discover vulnerabilities in automotive systems.  Computer systems in modern vehicles are very complex, they contain a huge quantity of devices and units that exchange a lot of data in real-time. These components communicate via the vehicle’s network, dubbed Controller Area Network (CAN). […] The post Cisco released 4CAN hardware tool to find flaws in automotive computers appeared first on Security Affairs. […]

UK authorities have seized over £920,000 ($1.1 million) worth of Bitcoin from a prolific hacker, the funds will be used to compensate his victims. Grant West, aka ‘Courvoisier,’ is a hacker that was arrested by the police on September 2017 as result of a two-year-long investigation code-named ‘Operation Draba.’ The man was charged with multiple […] The post Hacker will compensate victims with $1.1 million Bitcoin illegally earned appeared first on Security Affairs. […]

Some versions of the Squid web proxy cache server built with Basic Authentication features are affected by a heap buffer overflow vulnerability. The heap buffer overflow security flaw, tracked as CVE-2019-12527, could be exploited by attackers to trigger DoS condition and also to execute arbitrary code on the vulnerable servers. The flaw received a high severity CVSS […] The post Buffer overflow exposes unpatched Squid servers to RCE and DoS attacks appeared first on Security Affairs. […]

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation notified the data breach to the German and Belgian Data Protection Authorities. The data leaked online includes customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. “The Belgian Data […] The post Mastercard data breach affected Priceless Specials loyalty program appeared first on Security Affairs. […]

Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. “A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log […] The post Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes appeared first on Security Affairs. […]

Experts at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect systems. Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. Asruex first appeared in the […] The post A new variant of Asruex Trojan exploits very old Office, Adobe flaws appeared first on Security Affairs. […]

An Android app containing malicious spyware had to be removed twice from Google Play. […]

The FBI has charged 80 people in connection with a $46 million case of online fraud. […]

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. The CVE-2018-13379 is a path traversal vulnerability in the […] The post Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs appeared first on Security Affairs. […]

The Linux Foundation announced the formation of the Confidential Computing Consortium […]