Welcome to another Lunch Time breakout:
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.
The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.
Android malware apps with 2 million installs spotted on Google Play
A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. […]
OpenAI’s new ChatGPT bot: 10 coolest things you can do with it
From precisely spotting security vulnerabilities in your code, to writing an entire block of functional code on a whim, to opening portals to another dimension, OpenAI’s newly launched ChatGPT is a game changer with its possibilities seeming limited only by your limitedness. […]
North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps
The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity.
“This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents,”
SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM.
The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle’s vehicle identification number (VIN), researcher Sam Curry said in a
Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware
A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor’s offices and courts.
“Although it disguises itself as a ransomware and extorts money from the victim for ‘decrypting’ data, [it] does not actually encrypt, but purposefully destroys data in the affected system,” Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said in a
Follow for more…