Security News

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data."Hyundai Motor Europe is experiencing IT issues, which the company is working to resolve as quickly as possible," Hyundai told BleepingComputer at the time.

The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. Hackers are increasingly targeting and compromising verified government and business X accounts with 'gold' and 'grey' checkmarks to add legitimacy to their malicious tweets pushing cryptocurrency scams, phishing sites, and sites dropping crypto drainers.

Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough. "This represents a roughly 660 percent increase in thefts of Kia and Hyundai vehicles as compared to those same months in 2022, when there were only 148 such thefts," blasts the complaint [PDF] filed with the United States District Court, Southern District of New York.

Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy.

Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them."In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels," reads Hyundai's announcement.

Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug.

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "Smart vehicle" platform used in cars from other makers that allowed them to "Remotely unlock, start, locate, flash, and honk" them.

A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. "Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]".

A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. Turns out the encryption key in that script is the first AES 128-bit CBC example key listed in a NIST document.

Carmakers Kia and Hyundai, both owned by the South Korea-based Hyundai Motor Group, said they had found no evidence that the outages they suffered in the past week in the United States were the result of a ransomware attack. "Kia Motors America, Inc. has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner's portal are now operational," Kia told SecurityWeek in a statement on Thursday.