Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…
Category: EN
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
A week in security (January 13 – January 19)
Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe! This article has been indexed from Malwarebytes Read the original article: A week in security (January 13 – January 19)
Tik Tok returns, Noem’s CISA plans, Avery labels breach
Tik Tok is back, with strings attached Noem promises to curtail CISA Label company Avery announces data breach Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that…
Sneaky 2FA Attacks Microsoft 365 Users Breaking Two Factor Authentication (2FA): Cyber Security Today Monday January 20, 2025
Cybersecurity Today: Sneaky 2FA Phishing Attack & AI-Powered Scams In this episode of Cybersecurity Today, host Jim Love explores the emergence of Sneaky 2FA, a new phishing-as-a-service attack that compromises two-factor authentication for Microsoft 365 users. The episode also covers…
Partial ZIP File Downloads, (Mon, Jan 20th)
Say you want a file that is inside a huge online ZIP file (several gigabytes large). Downloading the complete ZIP file would take too long. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original…
Researchers Accessed Windows BitLocker Encrypted Files Disassembling the Laptop
Cybersecurity researchers have uncovered a major flaw in the Windows BitLocker encryption system, allowing attackers to access encrypted data without requiring physical disassembly of the target laptop. The exploit, named “bitpixie”, demonstrates how attackers can extract the disk encryption key, bypassing…
Rhino Linux 2025.1 Released – Update Now!
Rhino Linux is roaring into the new year with the exciting release of Rhino Linux 2025.1! After a brief pause to refine the system, this latest snapshot introduces an array of updates and improvements, solidifying Rhino Linux as a reliable and…
Sage Copilot grounded briefly to fix AI misbehavior
‘Minor issue’ with showing accounting customers ‘unrelated business information’ required repairs Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker’s accounting tools, this month after it blurted customer information…
Otelier data breach triggers serious data security concerns
Otelier, a widely used data management software in the hospitality industry, has recently made headlines after becoming the target of a data breach, raising significant concerns about the security of customer information. The platform, which serves major hotel chains like…
How a TikTok Ban Could Address Cybersecurity Concerns for the US Government
In recent years, the debate surrounding the potential ban of TikTok in the United States has intensified, driven primarily by growing concerns over national security and cybersecurity. TikTok, a social media platform owned by the Chinese company ByteDance, has faced…
How much does your electric car know about you?
Electric cars went mainstream this century. And like most recent inventions, new shiny EVs are packed with smart tech that collects all sorts of data… The post How much does your electric car know about you? appeared first on Panda…
PoC Exploit Released for QNAP RCE Vulnerability
A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-53691, has recently come to light, affecting users of QNAP’s QTS and QuTS Hero operating systems. This vulnerability enables remote attackers with user access privileges to traverse the file system and…
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below…
Securing Health Data in 2025: The Rising Cybersecurity Challenges
Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been the cornerstone of patient privacy. The act established standards for how healthcare organizations handle and share patient data, creating a framework for ensuring confidentiality. But the healthcare landscape…
Decentralization is happening everywhere, so why are crypto wallets “walled gardens”?
The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a world where both face unprecedented threats. Yet at one crucial level, the decentralization…
Multiple HPE Aruba Network Vulnerabilities Allows Remote Arbitrary Code Execution
Hewlett Packard Enterprise (HPE) has confirmed multiple vulnerabilities in its Aruba Networking products that could allow remote arbitrary code execution. These vulnerabilities, CVE-2025-23051 and CVE-2025-23052, affect various versions of the AOS-8 and AOS-10 Operating Systems, specifically impacting Mobility Conductors, Controllers,…