Cybersecurity Highlights

OAuth vulnerabilities affect Booking.com

Salt Labs, the research division of Salt Security, has reported several critical vulnerabilities in the implementation of the Open Authorization (OAuth) login functionality used by Booking.com,...

References:

salt.security

infosecurity-magazine.com

darkreading.com

csoonline.com

securityboulevard.com

Tags:

Carmakers update software due to viral challenge

Hyundai and Kia have been forced to develop a free update to their vehicles' anti-theft alarm software logic as a result of a viral TikTok challenge, KIA Challenge, as millions of their vehicles...

References:

nhtsa.gov

theverge.com

washingtonhispanic.com

eleconomista.es

Tags:

Social networks

Transport

Vulnerability

Information leak on Toyota's supplier portal

Toyota's GSPIMS (Global Supplier Preparation Information Management System), a web-based application used by Toyota employees and its suppliers for coordination and other tasks related to the brand...

References:

eaton-works.com

bleepingcomputer.com

securityweek.com

portswigger.net

underc0de.org

ciberseguridadlatam.com

Tags:

ESXiArgs ransomware campaign against VMware ESXi servers

Government agencies and CERTs in several countries have issued warnings about an active exploitation campaign against unpatched VMware ESXi servers affecting their countries, exploiting an old...

References:

cert.ssi.gouv.fr

governo.it

twitter.com

github.com

blog.ovhcloud.com

bleepingcomputer.com

rapid7.com

therecord.media

blog.qualys.com

censys.io

Tags:

Other critical infrastructures

Public administration

Vulnerability

Multiple vulnerabilities discovered in luxury cars

Cyber security researchers have detected multiple vulnerabilities in luxury cars such as BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan,...

References:

samcurry.net

cybernews.com

itpro.co.uk

techradar.com

Tags:

Transport

Vulnerability

0day vulnerability exploited in General Bytes

General Bytes, a global provider of Bitcoin ATMs, has been the victim of a cyber-attack that exploited a 0day vulnerability in the CAS (computer algebra system) administrator interface.According to...

References:

generalbytes.atlassian.net

diariobitcoin.com

cointelegraph.com

es.gizmodo.com

businessinsider.es

unaaldia.hispasec.com

Tags:

5400 rpm hard disks vulnerable to sound frequencies in a song

Raymond Chen, a software engineer at Microsoft, has published a post with information about a vulnerability that is capable of crashing certain laptop models when playing certain sound frequencies,...

References:

devblogs.microsoft.com

bleepingcomputer.com

genbeta.com

elmundo.es

20minutos.es

larazon.es

Tags:

Vulnerability

Twitter confirms a vulnerability that has affected the data of its users

The company Twitter, on an official statement published on its website, from the privacy center, has reported an incident that has allowed the theft of data from some of its user accounts. The...

References:

privacy.twitter.com

abcnews.go.com

economictimes.indiatimes.com

elespanol.com

lavozdegalicia.es

engadget.com

Tags:

2022 CWE Top 25: the most dangerous software weaknesses

The Homeland Security Systems Engineering and Development Institute (HSSEDI) has published the Common Weakness Enumeration (CWE) list of the 25 most dangerous software weaknesses of 2022. That list...

References:

cwe.mitre.org

cisa.gov

threatadvice.com

securitynewspaper.com

Tags:

Vulnerability

Cryptographic flaw in ECDSA implementation in Java

The Elliptic Curve Digital Signature Algorithm (ECDSA), used in Java and Oracle to digitally sign messages and data to verify the authenticity and integrity of content, is vulnerable due to a...

References:

neilmadden.blog

unaaldia.hispasec.com

media.cert.europa.eu

jfrog.com

blog.ehcgroup.io

nakedsecurity.sophos.com

thehackernews.com

Tags:

Encryption

Tool

Vulnerability

Corporate access

Cybersecurity Highlights

OAuth vulnerabilities affect Booking.com

Carmakers update software due to viral challenge

Information leak on Toyota's supplier portal

ESXiArgs ransomware campaign against VMware ESXi servers

Multiple vulnerabilities discovered in luxury cars

0day vulnerability exploited in General Bytes

5400 rpm hard disks vulnerable to sound frequencies in a song

Twitter confirms a vulnerability that has affected the data of its users

2022 CWE Top 25: the most dangerous software weaknesses

Cryptographic flaw in ECDSA implementation in Java

Pages