Security News

Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted. The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car's infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame.

The person claims a few of them walking together one night saw a cone on the hood of an AV, which appeared disabled. They weren't sure at the time which came first; perhaps someone had placed the cone on the AV's hood to signify it was disabled rather than the other way around.

The Russian state-sponsored hacking group 'APT29' has been using unconventional lures like car listings to entice diplomats in Ukraine to click on malicious links that deliver malware. APT29 is linked to the Russian government's Foreign Intelligence Service and has been responsible for numerous cyberespionage campaigns targeting high-interest individuals across the globe.

While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage.

Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough. "This represents a roughly 660 percent increase in thefts of Kia and Hyundai vehicles as compared to those same months in 2022, when there were only 148 such thefts," blasts the complaint [PDF] filed with the United States District Court, Southern District of New York.

For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. While there is no evidence that the data was misused, unauthorized users could have accessed the historical data and possibly the real-time location of 2.15 million Toyota cars.

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Microsoft announced today that Client Access Rules deprecation in Exchange Online will be delayed by one year until September 2024. Microsoft 365 administrators can utilize CARs comprising priority values, exceptions, actions, and conditions to filter client access to Exchange Online using various factors.

Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring. A Controller Area Network bus is present in nearly all modern cars, and is used by microcontrollers and other devices to talk to each other within the vehicle and carry out the work they are supposed to do.