Nissan faces NHTSA probe into more than 450,000 vehicles over engine failure concerns

<p>The U.S. car safety agency said it opened a preliminary evaluation into 2021-23 Nissan Rogue, 2019-21 Altima and 2019-21 Infiniti Qx50 vehicles.</p>

https://www.autonews.com/regulation-safe...e-failures

GM's Cruise to slash 24% of work force following management purge

<p>The layoffs are primarily in commercial operations and related corporate functions and come after Cruise fired nine executives on Wednesday, including its chief operating officer.</p>

<p> </p>

https://www.autonews.com/mobility-report...ing-cut-gm

New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities

A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi.
The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it's implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor.
"Recent Gaza Cybergang activities show

https://thehackernews.com/2023/12/new-pi...-gang.html

116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems

Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor.
"In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene

https://thehackernews.com/2023/12/116-ma...-pypi.html

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel.
"The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities," Russian

https://thehackernews.com/2023/12/new-nk...s-nkn.html

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser.
The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

https://thehackernews.com/2023/12/google...on-in.html

New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now

Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances.
The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar.
"Security inside a local network is often

https://thehackernews.com/2023/12/new-se...vered.html

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

Web Application Security consists of a myriad of security controls that ensure that a web application:

Functions as expected.
Cannot be exploited to operate out of bounds.
Cannot initiate operations that it is not supposed to do.

Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet

https://thehackernews.com/2023/12/bug-or...ation.html

Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft

Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets.
The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement.
This allowed the attackers to gain

https://thehackernews.com/2023/12/crypto...upply.html

Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network

Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting the operators millions of dollars in illicit revenue.
"Fraudulent online accounts act as the gateway to a host of

https://thehackernews.com/2023/12/micros...crack.html