Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jan 26, 2024

Security Week ☛ HPE Says Russian Government Hackers Had Access to Emails for 6 Months [Ed: Misses the point that HP messed up and didn't even detect this for so long; as usual, they attempt to blame Russia]

HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months.

Security Week ☛ Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive

Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks.

Security Week ☛ Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability.

Security Week ☛ Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

A critical flaw in Cisco Unified Communications and Contact Center Solutions products could lead to remote code execution.

Security Week ☛ Fintech Company EquiLend Restoring Systems Following Cyberattack

Fintech firm EquiLend is investigating a cyberattack (possibly a ransomware attack) that knocked some of its systems offline.

Security Week ☛ $1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis

$1.7 billion were stolen last year as a result of 231 cryptocurrency platform hacks, according to a report from Chainalysis.

Security Week ☛ Firefox 122 Patches 15 Vulnerabilities

Updates released for Firefox and Thunderbird resolve 15 vulnerabilities, including five high-severity bugs.