Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This vulnerability could allow a threat actor to remotely track, unlock, and start connected vehicles. The ethical hacker reported to Subaru that they could
multifactor authentication
AI Phishing Attacks Illustrate the Importance of Employee Awareness
Retool, a software development firm offering modular code for customizable enterprise software, recently notified 27 customers that a threat actor had accessed their accounts. The attacker was able to navigate through multiple layers of security controls after taking advantage of an employee through an SMS-based phishing attack. The attacker then used this access to target…
Joint Advisory Warns of Snatch Ransomware
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.
Snatch has been hitting the Defense Industrial Base (DIB)…
CISA/FBI Advisory Warns of Destructive Malware Used Against Ukraine
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of destructive malware that is being used to target organizations in Ukraine, with the ongoing warnings of increased cyber-attacks against U.S. organizations.
The malware, WhisperGate and HermeticWiper, is used to “destroy computer systems and render them inoperable.”…