Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed.
experienced attackers could easily create an exploit capable of remotely compromising vulnerable devices without triggering the targets’ attention.
https://therecord.media/blacksprut-darknet-drug-market-billboards-moscow/
The fact that BlackSprut was openly advertising its services in the Russian capital could mean several things: Either the billboard owners did not know about the platform’s illegal activity, or the billboards were hacked, or no one in a position of authority simply cared.
https://infosec.exchange/@epixoip/109585049354200263
You see, I’m not simply recommending that users bail on LastPass because of this latest breach. I’m recommending you run as far way as possible from LastPass due to its long history of incompetence, apathy, and negligence. It’s abundantly clear that they do not care about their own security, and much less about your security.
So, why do I recommend Bitwarden and 1Password? It’s quite simple:
https://www.cyberscoop.com/car-hackers-vulnerabilities-research/
The vulnerabilities could let attackers remotely track, stop or control a car — even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems.
In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interfaces, or APIs, that automakers rely on so technology inside cars can interact. The vulnerabilities affected Ford, Toyota, Mercedes, BMW, Porsche, Ferrari and others.
…
The findings underscore the security risks for consumers and automakers alike as car manufacturers continue to increase the amount of software in vehicles and provide owners with apps to connect with their cars. It also shows that while automakers have done more to focus on cybersecurity, much remains to be done.
https://www.politico.eu/article/cop-27-climate-change-app-cybersecurity-weapon-risks/
Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said they disrupted patient care, and 59% of them found they increased the length of patients’ stays, straining resources. Almost one-quarter said they led to increased mortality rates at their facilities.
https://apnews.com/article/nato-technology-iran-middle-east-6be153b291f42bd549d5ecce5941c32a
Albania cut diplomatic ties with Iran and expelled the country’s embassy staff over a major cyberattack nearly two months ago that was allegedly carried out by Tehran on Albanian government websites, the prime minister said Wednesday.
The move by NATO member Albania was the first known case of a country cutting diplomatic relations over a cyberattack.
https://www.wired.com/story/john-deere-tractor-jailbreak-defcon-2022/
FARMERS AROUND THE world have turned to tractor hacking so they can bypass the digital locks that manufacturers impose on their vehicles. Like insulin pump “looping” and iPhone jailbreaking, this allows farmers to modify and repair the expensive equipment that’s vital to their work, the way they could with analog tractors. At the DefCon security conference in Las Vegas on Saturday, the hacker known as Sick Codes is presenting a new jailbreak for John Deere & Co. tractors that allows him to take control of multiple models through their touchscreens.
https://www.bleepingcomputer.com/news/security/anonymous-poop-gifting-site-hacked-customers-exposed/
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached