https://therecord.media/blacksprut-darknet-drug-market-billboards-moscow/
The fact that BlackSprut was openly advertising its services in the Russian capital could mean several things: Either the billboard owners did not know about the platform’s illegal activity, or the billboards were hacked, or no one in a position of authority simply cared.
https://infosec.exchange/@epixoip/109585049354200263
You see, I’m not simply recommending that users bail on LastPass because of this latest breach. I’m recommending you run as far way as possible from LastPass due to its long history of incompetence, apathy, and negligence. It’s abundantly clear that they do not care about their own security, and much less about your security.
So, why do I recommend Bitwarden and 1Password? It’s quite simple:
https://www.cyberscoop.com/car-hackers-vulnerabilities-research/
The vulnerabilities could let attackers remotely track, stop or control a car — even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems.
In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interfaces, or APIs, that automakers rely on so technology inside cars can interact. The vulnerabilities affected Ford, Toyota, Mercedes, BMW, Porsche, Ferrari and others.
…
The findings underscore the security risks for consumers and automakers alike as car manufacturers continue to increase the amount of software in vehicles and provide owners with apps to connect with their cars. It also shows that while automakers have done more to focus on cybersecurity, much remains to be done.
https://www.politico.eu/article/cop-27-climate-change-app-cybersecurity-weapon-risks/
Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said they disrupted patient care, and 59% of them found they increased the length of patients’ stays, straining resources. Almost one-quarter said they led to increased mortality rates at their facilities.
https://apnews.com/article/nato-technology-iran-middle-east-6be153b291f42bd549d5ecce5941c32a
Albania cut diplomatic ties with Iran and expelled the country’s embassy staff over a major cyberattack nearly two months ago that was allegedly carried out by Tehran on Albanian government websites, the prime minister said Wednesday.
The move by NATO member Albania was the first known case of a country cutting diplomatic relations over a cyberattack.
https://www.wired.com/story/john-deere-tractor-jailbreak-defcon-2022/
FARMERS AROUND THE world have turned to tractor hacking so they can bypass the digital locks that manufacturers impose on their vehicles. Like insulin pump “looping” and iPhone jailbreaking, this allows farmers to modify and repair the expensive equipment that’s vital to their work, the way they could with analog tractors. At the DefCon security conference in Las Vegas on Saturday, the hacker known as Sick Codes is presenting a new jailbreak for John Deere & Co. tractors that allows him to take control of multiple models through their touchscreens.
https://www.bleepingcomputer.com/news/security/anonymous-poop-gifting-site-hacked-customers-exposed/
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached
https://therecord.media/microsoft-bug-in-janet-jacksons-rhythm-nation-could-crash-a-laptop/
the vulnerability comes from a phenomenon discovered by Microsoft where playing “Rhythm Nation” would cause any laptop with a certain hard drive to crash.
In its CVE page, the MITRE organization said the 5400 RPM OEM hard drives were shipped primarily with many laptop PCs around 2005. If played near these laptops, the song causes “a denial of service (device malfunction and system crash) via a resonant-frequency attack.”
The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise. The extension isn’t available in Google’s Chrome Web Store, Microsoft’s add-ons page, or any other known third-party source and doesn’t rely on flaws in Gmail or AOL Mail to get installed.
Volexity President Steven Adair said in an email that the extension gets installed “by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.