Security News > 2022 > November

Sirius XM's Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number. Yuga Labs' Sam Curry detailed the exploit in a series of tweets, and confirmed that the patch issued by SiriusXM fixed the security issue.

The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. "The computer servers of the Keralty Group companies have been the object of a cyberattack, which has generated technical failures in our systems," reads a translated statement from Keralty.

Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution. CVE-2022-45479 - PC Keyboard flow allowing a remote unauthenticated user to send instructions to the server to execute arbitrary code without requiring authorization or authentication.

San Francisco police can deploy so-called "Killer robots" following a Board of Supervisors' vote on Tuesday, clearing the cops to use robots equipped with explosives in extreme situations. The robots primarily will be used to neutralize and dispose of bombs, and provide video reconnaissance, according to San Francisco Supervisor Rafael Mandelman.

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities. The researchers say that the hackers delivered their commands to Dolphin by uploading them on Google Drive.

Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities.

While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service attacks. As revealed in a report published earlier this month, the KmsdBot malware behind this botnet was discovered by members of the Akamai Security Intelligence Response Team after it infected one of their honeypots.

The regulator noted, amongs other things, that despite claiming it was salting-and-then-hashing passwords using an accepted hashing algorithm, EDF still had more than 25,000 users' passwords "Secured" with a single MD5 hash as recently as July 2022. As you will have heard many times on Naked Security, storing the cryptographic hash of a password means that you can validate a password when it is presented simply by recomputing its hash and comparing that with the hash of the password that was originally chosen.

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today.