Security News

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards. Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform. VMware issues critical fixes, CISA orders federal agencies to act immediatelyVMware has released patches for a privately reported critical vulnerability in VMware's Workspace ONE Access, VMware Identity Manager, vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products, and is urging administrators to patch or mitigate immediately, because "The ramifications of this vulnerability are serious."

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. "An attacker can falsely indicate the proximity of Bluetooth LE devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said.

A Bluetooth Low Energy vulnerability discovered by NCC Group researchers may be used by attackers to unlock Teslas, residential smart locks, building access systems, mobile phones, laptops, and many other devices. "Many products implement Bluetooth Low Energy-based proximity authentication, where the product unlocks or remains unlocked when a trusted BLE device is determined to be nearby," they explained, and added that the possibility of relay attacks against BLE proximity authentication has been known for years, but existing tools came with detectable levels of latency and were not capable of relaying connections employing link layer encryption.

San Francisco police have been using driverless cars for surveillance to assist in law enforcement investigations. A handful of tech giants have pledged more than $30 million to implement a plan to improve open-source and software supply chain security.

Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President. Speaking to The Register at the Black Hat Asia conference in Singapore on Friday, Inglis said that when a faulty component in a car needs to be replaced, the manufacturer who chose that component takes responsibility for securing safe parts and arranging their installation.

This will only get more prevalent: “The SFPD claims it has already obtained evidence from autonomous vehicle cameras.”

Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branches. Sixt is a German-based vehicle rental, car sharing, and ride-hailing service provider operating about two thousand locations in over 105 countries.

Chances are we'll continue to hear reports of software breakdowns in vehicle systems, and as vehicles increasingly rely on code, risks of vulnerabilities affecting security and safety grow exponentially. Preventing this type of issue in the development stage requires software engineers to follow secure coding standards that define how to write code in order to avoid security vulnerabilities in device software.

Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. Honda owners may be able to take some action to protect themselves against this attack.