Tesla Hacked and Stolen Again Using Key Fob
Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.
Lookalike domains and how to outfox them
Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to discuss. But let’s start from a different angle:…
Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending
VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.
GoDaddy Employees Tricked into Compromising Cryptocurrency Sites
‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.
TA416 APT Rebounds With New PlugX Malware Variant
The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.
Spotify Users Hit with Rash of Account Takeovers
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.
Manchester United: IT Systems Disrupted in Cyberattack
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.
Joe Biden Campaign Subdomain Down After Hacktivist Defacement
A Turkish hacktivist defaced a subdomain of the president-elect’s campaign website.
Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.
VMware Fixes Critical Flaw in ESXi Hypervisor
The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.