07-25-2023, 07:18 AM
Quote:A Tesla electric vehicle burst into flames after striking a piece of metal debris on the highway near Wilmington, North Carolina. The driver, Craig Lippe, was able to safely exit the vehicle and no injuries were reported.
...
The driver, Craig Lippe, was returning home from work when the incident occurred. “A truck driver next to me opened up his window and was pointing frantically. So I pulled off into the breakdown lane. And when I got out you can see flames from underneath the car in the front,” Lippe recounted.
...
Firefighters arrived promptly at the scene, but the nature of the electric vehicle fires present unique challenges. Unlike traditional vehicles that burn combustible materials, supposedly eco-friendly electric vehicles can expel immense energy from their batteries when they are damaged, leading to a much larger fire.
Raymond Griswold, the deputy fire marshal at New Hanover County Fire Rescue, explained the complexities of such situations. “You’re not burning combustibles like you are with normal cars,” Griswold said. He further noted that fire departments are still learning how to effectively deal with electric vehicle fires. “There are some learning curves that we are working on to figure out how to put these things out,” Griswold added.
Despite the dramatic incident, Lippe remains a staunch supporter of electric vehicles. He expressed his continued faith in Tesla, stating, “I still love the Tesla and probably going to order another one.”
Quote:Campaigns of Fraudulent Job offers target university students in North America, asking victims to pay a fee in exchange for work.
The campaigns began as early as March 2023 and continued through June 2023; the threat actors were purported to be related to bioscience and health entities.
...
The main goal of this campaign is to extract money from the victims who fall into the trap of this scam.
The threat actors mostly target students of the university since the job easily attracts offers with a fascinating salary.
They sent an email containing an attachment of a job offer that explains the summary of the job role and responsibilities, similar to a legit offer.
In order to look legit, they create fake domains with appending “careers” in the company’s domain name.
Initially, the threat actor sent an email with the subject line of re: interview, interview invite, and an invitation to interview (FRND), offering an interview call with the attachment of the offer letter.
The spoofed PDFs contained the same text content overall, with some details changed, including the brand logo, company name, website, and location.
Quote:A 28 years old Former IT security analyst of an Oxford-based company has been sentenced to three years for deceiving the company to extort money.
On 27 February 2018, the man impersonated a ransomware group that targeted the company at the time and exploited this opportunity for his benefit.
...
During the primary attack, Ashley worked on the incident response team and traced that the attacker demanded ransom payment through email.
Taking advantage of this, he commenced a secondary attack on his company and accessed the emails of senior members over 300 times.
He modified the original email from the attacker by adding his payment details and sender email address and sent that email to his company to demand ransom.
However, the company refused to pay the ransom and discovered an unauthorized access attempt to the private emails.
In the event of an investigation, it was identified that the access had originated from Liles’s home address.
Quote:A North Korea based threat actor targeting personal accounts of technology firms through low-profile social engineering attempts.
This campaign utilizes a combination of repository invitations and a malicious npm package to target the victim’s accounts associated with blockchain, cryptocurrency, or online gambling sectors.
According to the latest article by Github, this campaign actor is linked up with a group likely known as Jade Sleet by Microsoft Threat Intelligence and TraderTraitor by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
GitHub confirmed that no GitHub accounts or npm systems accounts were compromised in this campaign.
Initially, the threat actor impersonates a developer or recruiter by creating professional profiles on Github and some other social media websites.
They utilize both personal accounts as well as compromised accounts by jade sleet to contact the victims.
The actor may initiate contact on one platform and then switch the conversation to another platform.
Once connected with a target, the threat actor invites the target to collaborate on a GitHub repository and manipulates the target to clone and execute its contents.
In some cases, the actor may send the malicious software straight through a messaging or file-sharing service, skipping the step of inviting people to the repository and cloning it.
Quote:CISA urged government agencies to apply the patch immediately for Microsoft Office and Windows HTML remote code execution vulnerabilities exploited in the wild.
As a result, these vulnerabilities have frequently been exploited and pose significant risks to the federal enterprise.
...
Microsoft is aware of exploitation by using specially-crafted Microsoft Office documents; the attackers enable them to perform remote code execution.
...
Notably, Microsoft help to customers by providing a security update through our monthly release process or an out-of-cycle security update, depending on customer needs.
The severity range of this vulnerability:8.8 (High).
Quote:It has been reported that any individual could potentially deactivate a WhatsApp account by sending an email, and currently, there is no known method to prevent this from happening. This information has been shared with all WhatsApp users.
...
Particularly, WhatsApp has made it simple for users to deactivate their accounts. Yet, as one top security expert has cautioned, WhatsApp may have exposed every user to an all-too-simple denial of service attack by simplifying the procedure a bit too much.
According to Jake Moore, the global cybersecurity advisor at ESET and a former law enforcement head of digital forensics, it allows anybody with your phone number, including a malicious actor or just about anyone else, to remotely deactivate your WhatsApp account.
The account will be immediately deactivated, according to WhatsApp, by simply emailing the words “Lost/Stolen: Please deactivate my account” which also contains the phone number connected to that account to a given email address.
This deactivation request, according to Moore, might come from any email address, not simply the one belonging to the account holder.
...
For up to 30 days following the deactivation, messages will be kept as pending. This is crucial since your account will be terminated if you don’t revive it within those 30 days.
By building a script that repeatedly sends the deactivation email over 30 days, this could be used to carry out a denial of service attack against a user, as Moore and others noted in the Twitter thread.
...
WhatsApp seems to have finally appropriately backtracked from the automatic and instant termination of accounts.
Users now receive a follow-up message after receiving the notice mentioned above, asking for more account ownership proof before a deactivation may occur. Documentation, such as a copy of the phone bill or contract, is required for such verification.
Quote:Google released Chrome 115 to the stable channel for Windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, including 11 that were discovered by external researchers.
Four security issues were assessed to be of “high severity,” while six were determined to be of “medium severity.”
This browser update also fixes a ‘low-severity’ issue with Themes’ insufficient validation of untrusted input.
...
System failures or data corruption may result from a use-after-free vulnerability that enables an attacker to run arbitrary code.
On the other side, a vulnerability that allows for out-of-bounds memory access might allow a hacker to access data that they are not meant to, potentially resulting in data breaches.
...
Chrome 115 fixes six medium-severity vulnerabilities that were reported externally.
Inappropriate implementations of several components, including Picture in Picture, Custom Tabs, Notifications, Autofill, WebApp Installs, and Web API Permission Prompts, caused the flaws.
If exploited, these flaws might have adverse effects, including enabling attackers to get around access restrictions and take illegal acts.
Quote:The Russian ransomware group ‘Clop’ exploits a flaw in Progress Software’s MOVEit product suite in late May to steal data from unprotected networks.
According to German cybersecurity research firm KonBriefing, as of now, the MOVEit hack has affected 421 organizations and 22 million people.
...
The criminal behind the hack, renowned for using the CL0P ransomware, have access to a vast amount of information that might be used in phishing and business email compromise (BEC) attacks.
Most of the MOVEit hacks appear to have occurred between May 30 and May 31, when CL0P targeted a zero-day vulnerability in MOVEit.
...
UK-based Zellis, a payroll and HR firm, suffered a direct impact while big organizations that rely on Zellis’ services, including the BBC and British Airways, suffered an indirect impact.
The US Department of Energy, other federal institutions, and large firms, including Shell, a leading energy provider, Deutsche Bank, PwC, and TJX Companies, a leader in the retail industry, were all impacted.
Additionally, Marshalls, HomeGoods, HomeSense, and Sierra are among the retail brands owned by TJX.
Emerson is another industrial corporation.
...
Siemens Energy and Schneider Electric have also been impacted. The cybersecurity company Netscout is also included on the Cl0p website.
...
Several German banks as well as the photo-sharing website Shutterfly have acknowledged being attacked.
...
The industrial giant Honeywell has now been added to the list
...
The number of people whose personal information – usually Social Security numbers – was compromised: Fidelity & Guaranty Life Insurance Co., 873,000 victims; 1st Source Bank in Indiana, 450,000 victims; Franklin Mint Federal Credit Union in Pennsylvania, 141,000 victims; TSG Interactive US Services Limited, which operates as PokerStars, 110,291 victims; Athene Annuity and Life Company in Iowa, 70,412 victims; and Massachusetts Mutual Life Co., aka MassMutual, 242 victims.
The ransomware group has begun disseminating files that were taken from several businesses that declined to pay. The hackers assert that they deleted all information taken from the affected government entities.
According to The Wall Street Journal, Progress Software is dealing with at least 13 lawsuits alleging that the MOVEit flaw was caused by inadequate security.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE