A federal report published today found that Tesla’s Autopilot system was involved in at least 13 fatal crashes in which drivers misused the system in ways the automaker should have foreseen—and done more to prevent. Not only that, but the report called out Tesla as an “industry outlier” because its driver assistance features lacked some […]
Mandiant found that while attacker dwell time decreased in 2023, ransomware and other threats continued to rise. The cybersecurity company published on Tuesday its ‘M-Trends 2024 Special Report,’ which offered some bright spots for organizations amid an increasingly complex and expansive threat landscape. According to the report, which is based on Mandiant Consulting investigations during […]
A dependency confusion vulnerability has been found within an archived Apache project. According to new data by Legit Security, who made the discovery, the finding underscores the importance of scrutinizing third-party projects and dependencies, particularly those archived and potentially neglected in terms of updates and security patches. The technical post, published today, suggests that despite […]
Cybersecurity researchers have found almost 30 phishing websites spoofing the electronic toll collection service E-ZPass following an FBI warning last week. The FBI said in an alert that since early March the Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing texts impersonating road toll collection services from at least three states. […]
Apr 22, 2024NewsroomRootkit / Software Security New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. “When a user executes a function that has a path argument in Windows, the DOS path at which the file or […]
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with […]
Apr 16, 2024NewsroomCloud Security / DevSecOps New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. “Some commands on Azure CLI, AWS CLI, and […]
Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, the leading hub for sharing AI models and applications. In a blog post published on April 4, Wiz Research described the two flaws and the risk they could pose to AI-as-a-service providers. These are: Shared Inference infrastructure takeover […]
Oops, your XML now contains shell code The following XML code was found in the layout_update database table and is responsible for periodic reinfections of your system. Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands. Because the layout block is tied to the checkout cart, this […]