vulnerabilities

A brief history of software vulnerabilities in vehicles

Car Hacking News Timeline 2017-2019 [1] 2019: Hack of an OEM’s automotive cloud via third-party services and tier-1 supplier network 2019: Memory vulnerability at a cloud provider exposed data incl. passwords, API keys, and tokens 2019: A malware infection caused significant production disruption at a car parts manufacturer 2019: Vehicle data exposed during registration allowed for remote denial-of-service attacks on cars 2019: Malware infected the back end, making laptops installed in police cars unusable 2018: An ex-employee breached the company network and downloaded large volumes of personal information 2018: Cloud servers hacked and used for cryptomining 2018: Researchers exploited vulnerabilities of some infotainment systems and gained control of microphones, speakers, and navigation systems 2018: Security issues discovered in 13 car-sharing apps 2018: Researchers demonstrated >10 vulnerabilities in various car models, gaining local and remote access to infotainment, telematics, and CAN buses 2018: EV home chargers could be controlled by accessing the home Wi-Fi network 2017: Rental car companies exposed personal data 2017: Ransomware caused the stop of production across several plants Car Hacking News Timeline 2002-2015 [2] 2015: Researchers remotely sent commands to the CAN bus of a specific car that had an OBD2 dongle installed to control the car’s…


Security release 4.2.4 for WordPress is available – update now

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. Read more here: https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.   If you have your site already at WordPress 4.x and it is properly configured, you should only see this email in your inbox: Howdy! Your site at http://www.sorinmustaca.com has been updated automatically to WordPress 4.2.4. No further action is needed on your part. For more on version 4.2.4, see the About WordPress screen: http://www.sorinmustaca.com/wp-admin/about.php If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help. https://wordpress.org/support/ You also have some plugins or themes with updates available. Update them now: http://www.sorinmustaca.com/wp-admin/ The WordPress Team


No Image

Pwn2Own: Nothing is safe

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another 21 critical bugs in Firefox, Chrome, Safari, IE, Adobe Flash, Adobe reader, and last, but definitely not least, the Windows operating system. For those who don’t know the contest, the name “Pwn2Own” is derived from the fact that contestants must “pwn” or hack the device in order to “own” or win it. Chrome got both its stable and beta versions hacked in just two minutes. Google paid $75,000 for just one buffer overflow in Chrome which allows an attacker to bypass the sandbox. Apple’s Safari got also hit by using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. Internet Explorer 11 64-bit was taken out with a time-of-check to time-of-use (TOCTOU) vulnerability allowing for read/write privileges. The attacker evaded all the defensive mechanisms by using a sandbox escape through privileged JavaScript injection, all of which resulted in medium-integrity code execution. Mozilla Firefox was hit with an out-of-bounds read/write vulnerability leading to medium-integrity code execution. A team of researchers showed their skills against Flash by using a heap overflow remote code execution vulnerability and then leveraging…


No Image

iOS 8 brings a lot of security updates

You must have heard of the brand new version of iOS which was release yesterday: iOS v8. While the media is still considering and reconsidering their recommendations for each device on whether or not you should upgrade, here are my reasons to update my iPad 3rd generation. I don’t have an iPhone anymore, I am an Android user now with my great Galaxy Note 3. Apple published, as usual, the security release notes in their KB http://support.apple.com/kb/HT6441. The list of vulnerabilities fixed is too long to describe it here, but here is a summary: – a series of kernel flaws, – several WebKit bugs – vulnerabilities that allowed a user to install apps outside of the App Store Most critical: the way that the OS implemented 802.1x. For those who don’t know what that is, 802.1x is the protocol behind any wireless network. In some cases, the flaw could enable an attacker to steal a user’s WiFi credentials. Here is what Apple says: Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if…


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close