InfoSec News Nuggets 9/11/2024

Predator spyware operation is back with a new infrastructure Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium. In March 2024, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and distribution of the commercial Predator spyware used to target Americans. The surveillance software was…
Read More

InfoSec News Nuggets 8/6/2024

Apache OFBiz Users Warned of New and Exploited Vulnerabilities Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole. The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix. “Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such…
Read More

InfoSec News Nuggets 08/15/2023

Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles  American car maker Ford says that a vulnerability in the Wi-Fi driver of the SYNC 3 infotainment system on certain Ford and Lincoln vehicles does not pose a safety risk. Tracked as CVE-2023-29468, the bug impacts the Texas Instruments-supplied Wi-Fi driver used in the infotainment system of at least a dozen vehicles. The issue is described as a buffer overflow that could lead to remote…
Read More

InfoSec News Nuggets 08/18/2021

Ford bug exposed customer and employee records from internal systems A bug on Ford Motor Company's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford's servers. This week, researchers have disclosed a vulnerability found on Ford's website that let them peek into confidential company records, databases and perform account takeovers. The vulnerability was discovered by Robert Willis and break3r,…
Read More

InfoSec News Nuggets 05/04/2021

1 - Ford's Ever-Smarter Robots Are Speeding Up the Assembly Line IN 1913, HENRY Ford revolutionized car-making with the first moving assembly line, an innovation that made piecing together new vehicles faster and more efficient. Some hundred years later, Ford is now using artificial intelligence to eke more speed out of today’s manufacturing lines. At a Ford Transmission Plant in Livonia, Michigan, the station where robots help assemble torque converters now includes a system that uses AI to learn from previous attempts how to…
Read More

InfoSec News Nuggets 2/7/2020

1 - No expectation of privacy in an IP address, Alberta judge rules Police in Alberta don’t need a court order to get an external IP address from a service provider in trying to identify an internet user, according to a recent Calgary judicial ruling. The decision is a first in Canadian privacy law. The precedent applies for now only in Alberta but it will be cited in other courts across the country and could be…
Read More