Connected cars are great, as they let you communicate with other systems and devices via the internet, but connectivity opens the door to hacking. As it turns out, hacking a Nissan Leaf isn’t nearly as difficult as it might sound if you’ve got the right tools and the right knowledge. Researchers from Budapest-based PCAutomotive traveled Read more about Hackers Manage To Take Control of Nissan Leaf’s Steering Remotely[…]
TeleMessage, a communications app used by former Trump national security adviser Mike Waltz, has suspended services after a reported hack exposed some user messages. The breach follows controversy over Waltz’s use of the app to coordinate military updates, including accidentally adding a journalist to a sensitive Signal group chat. From the report: In an email, Read more about Messaging App Used by Mike Waltz, Trump Deportation Airline GlobalX Both Hacked in Separate Breaches[…]
In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database allegedly belonging to Boulanger Electroménager & Multimédia purportedly exposing 5 Million of their customers. What is Boulanger Electroménager & Multimédia? Boulanger Electroménager & Multimédia is a French company that specializes in the sale of Read more about 1 Million customers from French Boulanger’s Customers Exposed Online for free[…]
[…] fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every Read more about NSA warns about “fast flux” – cycling IP addresses quickly lets attackers keep attacking[…]
[…]The IT break-in occurred between April 20 and April 22, last year, according to a notification filed this month with the US state’s attorney general’s office. California Cryobank spotted unauthorized activity on certain computers on April 21, isolated the affected machines, and launched an investigation. The sperm bank hasn’t disclosed how many individuals were affected, Read more about Personal info feared stolen from sperm bank California Crybank[…]
The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info. The nonprofit, which represents more than 178,000 education professionals in the US state of Pennsylvania, confirmed data was stolen during a July 6 attack. According to The Read more about Cyberattack on nonprofit affects over 500k PA school workers[…]
According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high Read more about Thousands of TP-Link routers have been infected by a botnet to spread malware[…]
[…] They call their technique MINJA, which stands for Memory INJection Attack. “Nowadays, AI agents typically incorporate a memory bank which stores task queries and executions based on human feedback for future reference,” Zhen Xiang, assistant professor in the school of computing at the University of Georgia, told The Register. “For example, after each session Read more about MINJA sneak attack poisons AI models for other chatbot users[…]
A Moscow-based disinformation network named “Pravda” — the Russian word for “truth” — is pursuing an ambitious strategy by deliberately infiltrating the retrieved data of artificial intelligence chatbots, publishing false claims and propaganda for the purpose of affecting the responses of AI models on topics in the news rather than by targeting human readers, NewsGuard Read more about A well-funded Moscow-based global ‘news’ network has infected Western artificial intelligence tools worldwide with Russian propaganda[…]
Update 3/9/25: After receiving concerns about the use of the term ‘backdoor’ to refer to these undocumented commands, we have updated our title and story. Our original story can be found here. The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could Read more about Undocumented commands (backdoor) found in ESP32 Bluetooth chip used by a billion devices[…]
As explained by the researchers in a blog post, they have essentially found a way to turn any device such as a phone or laptop into an AirTag “without the owner ever realizing it.” After that, hackers could remotely track the location of that device. […] Although AirTag was designed to change its Bluetooth address Read more about Apple’s Find My exploit lets hackers track any Bluetooth device[…]
Cryptocurrency exchange Bybit has experienced $1.46 billion worth of “suspicious outflows,” according to blockchain sleuth ZachXBT. The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The Read more about Bybit Loses $1.5B in Hack of single cold wallet[…]
Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately harvested from installed apps. A complaint [PDF], filed in federal court Read more about Gravy Analytics sued for data breach containing location data of millions of smartphones[…]
Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip Read more about Apple chips can be hacked to leak secrets from Gmail, iCloud, and more in a browser[…]
Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday. The journalists and other civil society members were being alerted of a possible breach of their devices, with Read more about WhatsApp says journalists and civil society members were targets of Israeli spyware[…]
Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients. CHC said in a Thursday filing with Maine’s attorney general that unknown Read more about US healthcare provider data breach impacts 1 million patients[…]
[…] We’re still nowhere near understanding just how bad the Chinese hack of our phone system was. The incident that was only discovered last fall involved the Chinese hacking group Salt Typhoon, which used the US’s CALEA phone wiretapping system as a backdoor to gain incredible, unprecedented access to much of the US’s phone system Read more about Trump Disbands Cybersecurity Board Investigating Worst Hack in US History: Massive Chinese Phone System Invasion[…]
About a year ago, security researcher Sam Curry bought his mother a Subaru, on the condition that, at some point in the near future, she let him hack it. It took Curry until last November, when he was home for Thanksgiving, to begin examining the 2023 Impreza’s internet-connected features and start looking for ways to Read more about Subaru Security Flaws Exposed Its System for Tracking, remote controlling Millions of Cars[…]
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available “invisible backdoor” designed to operate stealthily on a victim’s machine by monitoring network traffic for specific Read more about Magic packet Backdoor found on Juniper VPN routers[…]
A Volkswagen software subsidiary called Cariad experienced a massive data leak that left 800,000 EV owners exposed, according to reporting by the German publication Spiegel Netzwelt. The leak allowed personal information to be left online for months, including movement data and contact information. This included precise location data for 460,000 vehicles made by VW, Seat Read more about Volkswagen data leak exposed the precise locations of 800,000 EV owners[…]
Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now Read more about Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets[…]
Hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has Read more about Feds Warn SMS Authentication Is Unsafe[…]
The tool, named “EagleMsgSpy,” was discovered by researchers at U.S. cybersecurity firm Lookout. The company said at the Black Hat Europe conference on Wednesday that it had acquired several variants of the spyware, which it says has been operational since “at least 2017.” Kristina Balaam, a senior intelligence researcher at Lookout, told TechCrunch the spyware Read more about Researchers uncover Chinese spyware used to target Android devices[…]
The Biden administration on Friday hosted telco execs to chat about China’s recent attacks on the sector, amid revelations that US networks may need mass rebuilds to recover. Details of the extent of China’s attacks came from senator Mark R Warner, who on Thursday gave both The Washington Post and The New York Times insights Read more about China complete pwn of US all telco means a physical rebuild is necessary[…]
A critical zero-day vulnerability in Palo Alto Networks’ firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation. According to the equipment maker, the vulnerability requires no user interaction or privileges to exploit, and its attack complexity is deemed “low.” There’s no CVE number assigned to Read more about Mystery Palo Alto Networks 0-day RCE now actively exploited – shut off access to Management Interface NOW[…]