Security News
Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.
Microsoft announced today that Client Access Rules deprecation in Exchange Online will be delayed by one year until September 2024. Microsoft 365 administrators can utilize CARs comprising priority values, exceptions, actions, and conditions to filter client access to Exchange Online using various factors.
Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring. A Controller Area Network bus is present in nearly all modern cars, and is used by microcontrollers and other devices to talk to each other within the vehicle and carry out the work they are supposed to do.
Italian automaker Ferrari has warned its well-heeled customers that their personal data may be at risk. "We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," opens a letter sent to Ferrari owners, including one Reg reader who was kind enough to share it.
Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them."In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels," reads Hyundai's announcement.
Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug.
A former employee of RAC, one of Britain's major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic accident information on his personal device that was passed onto claims companies. He admitted two counts of data theft last month, the UK data watchdog said.
California's street-legal ink license plates only received a nod from the US government in October, but reverse engineers have already discovered vulnerabilities in the system allowing them to track each plate, reprogram them or even delete them at a whim. In a blog post by security researcher Sam Curry, he describes a project targeting digital license plate maker Reviver put together with some friends, among several other automotive security experiments.
Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al detailed security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks.
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number, researcher Sam Curry said in a Twitter thread last week. SiriusXM's Connected Vehicles Services are said to be used by more than 10 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.