It said the group downloaded 161 gigabytes from the company, which it would sell for more than $640,000 or more than 16 million in Bitcoin.Īmong the stolen files, according to CISO Advisor, are financial data, passwords and commercial accounts. ‘You will win and we will win,’ read an apparent message from the group, which was later posted on Twitter. The team revealed on Monday it had infiltrated the drinks company and got out ‘without their knowledge.’ Coca-Cola said it has launched an urgent investigation and already contacted the police. Stormous said it stole 161 gigabytes of financial data, passwords and accounts before putting the information on the market for $640,000 or 16million Bitcoin. Tech companies are joining together to combat threats, alongside the help of diligent users, to prevent future vulnerabilities.Ĭoca-Cola was also recently hacked by a Russian group, which is now selling its data. Google recently announced the increase in hacks to Chrome and other browsers and several other tech companies have reported hacking vulnerabilities. Users can manually update their browsers through the settings features, but Chrome will automatically update within a few days. ‘We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,’ the company also said. The US cybersecurity organization noted, “These types of vulnerabilities are a common attack vector for malevolent cyber actors of all types and represent a significant danger to the government enterprise.” CISA today added 30 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that they have been exploited in the open.It is unclear who hacked the firm, and whether any users’ security was put at risk.įurther hack details are currently being restricted by the company ‘until a majority of users are updated with a fix.’ Federal Civilian Executive Branch Agencies (FCEB) must safeguard their systems against these vulnerabilities, according to a binding operational directive (BOD 22-01) issued in November, with CISA giving them until April 18th to patch. It could allow threat actors to execute arbitrary code on targeted devices.Īfter a proof-of-concept (POC) exploit was publicly revealed on March 10th, the Muhstik malware gang developed a specialized spreader exploit for the Redis Lua sandbox escape vulnerability (recorded as CVE-2022-0543). ![]() The Chrome zero-day security flaw (recorded as CVE-2022-1096) is a high severity type confusion weakness in the Chrome V8 JavaScript engine, according to a Google advisory published on Friday. The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian entities to patch a Google Chome zero-day and a severe Redis vulnerability, both of which are being actively exploited in the wild, within the next three weeks. It’s now in their Catalog of Known Exploited Vulnerabilities. As a result, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an order for federal personnel to update to the current version of the software within the next three weeks in order to patch the vulnerability. The attack, according to media outlet Bleeping Computer, allows hackers to launch destructive commands on target machines. ![]() The problem, though, is with Chrome’s V8 component, an open-source JavaScript engine, and the threat level is “high,” according to the company. ![]() Google is keeping quiet about any specific details, presumably because of the potential for widespread damage from the hack. Anyone who does not install the most recent security update is at risk. The warning comes after the discovery of a zero-day hack (meaning the breach was known to hackers before the vulnerability is patched) was uncovered, which Google says is currently “out in the open”. A vulnerability in Google Chrome and Microsoft Edge is known as CVE-2022-1096 has prompted Google to issue a warning advising users to update to the most recent version. Chrome users on Windows, macOS, and Linux have received an urgent upgrade notice from Google.
0 Comments
Leave a Reply. |