Researchers hack Hyundai app to open and start a car
Researchers used a vulnerability in Hyundai and Genesis software to open a vehicle and start the motor.
The vulnerability was found by Yuga Labs. The team notified Hyundai Motor Group, the parent company of Hyundai and Genesis. The vulnerability has since been fixed.
The problem was caused b... Read more
Atlassian patches critical flaws in Bitbucket and Crowd Server
Atlassian launched critical-severity patches for identity management solution Crowd Server and Data Center and repository management platform Bitbucket Server and Data Center.
Both security flaws have a severity rating of 9 and affect numerous versions of the products. The Crowd Server and Data ... Read more
NSA warns for programming languages without integrated memory security
The US National Security Agency (NSA) urged developers to avoid programming languages that lack integrated memory security features.
According to the security agency, the memory management of applications is increasingly targeted by cybercriminals. Attackers can exploit application memory manag... Read more
Vulnerability in Azure Cosmos DB allows for remote code execution
A vulnerability in Microsoft Azure Cosmos DB allowed unauthorized cybercriminals to remotely execute code in Jupyter Notebook.
Microsoft Azure Cosmos DB is a popular noSQL database among retail and e-commerce organizations. Customers use the database for data processing and storage. The integra... Read more
Fortinet reveals critical vulnerability in firewalls and web proxies
Fortinet warned that its FortiGate firewalls and FortiProxy web proxies may be affected by a recent vulnerability. The vulnerability allows cybercriminals to bypass authentication measures.
According to the security vendor, the issue involves CVE-2022-40684, a vulnerability that allows cybercrim... Read more
Microsoft ignores severe vulnerability in Teams
The desktop version of Microsoft Teams stores unencrypted user credentials. Researchers notified Microsoft of the vulnerability, but the tech giant ignored the problem.
The vulnerability was found by security firm Vectra. The desktop version of Teams stores unencrypted user authentication tokens... Read more
HP firmware still contains unpatched vulnerabilities
Researchers from security firm Binarly warned of unpatched vulnerabilities in HP firmware. Some of the vulnerabilities were reported to HP months ago. Affected hardware remains highly vulnerable.
Binarly develops an AI-based security platform. The company's researchers recently warned of severa... Read more
GIFShell attacks Microsoft Teams users with GIFs
GIFShell is attacking Microsoft Teams users by making them download malicious files on their system via GIFs.
A new malware attack has been surfacing over the past few weeks. GIFShell was created to intercept Microsoft Teams and execute phishing attacks using GIFs. Although many people enjoy a g... Read more
Cisco won’t address vulnerability in legacy VPN routers
Cisco isn't planning on resolving a recently discovered vulnerability in its VPN router models for SMBs. The organization said the models reached end-of-life (EoL) status and won't be updated as a result.
The vulnerability (CVE-2022-20923) was found in the RV110W, RV130, RV130W and RV215W. Acco... Read more
Atlassian warns of critical vulnerability in Bitbucket
Atlassian issued a security alert for its Bitbucket Server and Datacenter solution. A vulnerability allows hackers to execute arbitrary code on affected instances.
Bitbucket is a Git-based code tool for hosting, management and collaboration. The tool integrates with Atlassian's Jira and Trello s... Read more