Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This vulnerability could allow a threat actor to remotely track, unlock, and start connected vehicles. The ethical hacker reported to Subaru that they could

Anecdotally, we know that cybercriminals hailing from Russia are a significant risk to U.S.-based and world companies and governmental entities. With two convicted Russian cybercriminals being released this week in the prisoner swap I was curious just how significant Russian cybercriminals play in cybercrime chaos.

According to Bleeping Computer, “Russian-speaking threat actors accounted

If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage of the situation by using fake websites and domains, sending phishing emails impersonating CrowdStrike, and offering malicious products

We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.

New reports from Microsoft and others indicate that since the second quarter of 2024, Scattered Spider is now using RansomHub and Qilin ransomware against victims. Scattered Spider is suspected of attacking hundreds of organizations since its

This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.

The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming

On July 10, 2024, the U.S. District Court for the Eastern District of Wisconsin granted plaintiffs’ Motion for Final Approval of a $12.2 million proposed settlement by Advocate Aurora Health to settle allegations against the 27-hospital system that it disclosed personal information of more than 2.5 million people to Meta and Google without consent.

The

Mercedes-Benz reportedly suffered a security incident that exposed confidential source code on an Enterprise Git server. The incident occurred due to a compromised GitHub exposed by an employee. Although the incident occurred on September 29, 2023, it wasn’t discovered until January 11, 2024. A cybersecurity firm discovered the token during an internet scan and informed

The International Committee of the Red Cross (ICRC) has taken a new step to regulate the activities of civilian hackers in conflict zones. To address the rise in the involvement of civilian hackers in inter-state conflicts, the ICRC has come up with eight directives to ensure that these hackers don’t end up harming non-combatants.

According

Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than