Cyber security aggregate rss news

Cyber security aggregator - feeds history

totals: cyware (7) packetstormsecurity (2) thehackernews (2)

CISA orders agencies to patch vulnerability used in Stuxnet attacks

cyware Sep 17, 2022 Malware and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.

Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack

cyware Sep 17, 2022 Threat Intel & Info Sharing

A few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI, using a newly discovered technique called a "prompt injection attack."

LastPass says hackers had internal access for four days

cyware Sep 17, 2022 Incident Response, Learnings

In an update to the security incident notification published last month, Lastpass' CEO Karim Toubba said that the company's investigation found no evidence the threat actor accessed customer data or encrypted password vaults.

Water Tank Management System Used Worldwide Has Unpatched Security Hole

cyware Sep 17, 2022 Malware and Vulnerabilities

A water tank management system used by organizations worldwide is affected by a critical vulnerability that can be exploited remotely and the vendor does not appear to want to patch it.

North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

cyware Sep 17, 2022 Malware and Vulnerabilities

A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client.

Starbucks Singapore Says Customer Database Breached

cyware Sep 17, 2022 Breaches and Incidents

The customer database was breached online, with local media reporting that 200,000 people's information was stolen. However, the company said that no credit card details were taken as it does not store them.

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

cyware Sep 17, 2022 Malware and Vulnerabilities

Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki.

Hacker Couple Deleted Hotel Chain Data For Fun

packetstormsecurity Sep 17, 2022 headline,hacker,data loss

Uber Breach Looks Like It Compromised All Systems

packetstormsecurity Sep 17, 2022 headline,hacker,privacy,data loss,flaw

Hackers Had Access to LastPass's Development Systems for Four Days

thehackernews Sep 17, 2022 Feed

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this

Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This

thehackernews Sep 17, 2022 Feed

Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. show more ...

"All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational."

2022-09