Security News

Japanese car maker Honda has been hit by ransomware that disrupted its production of vehicles and also affected internal communications, according to reports. Some Honda factories around the world were forced to suspend production, though output from Turkey, India, USA and Brazil locations remain on hold at the time of writing.

An online voting system approved in three US states is vulnerable to manipulation by hackers and may not protect ballot secrecy, according to an analysis by security researchers. The report comes with election officials scrambling following the outbreak of the coronavirus pandemic to enable remote voting in the November election to limit risks from crowded polling stations.

Members of Cisco's Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user's system and possibly achieve arbitrary code execution. CVE-2020-6109 is related to the way Zoom processes GIF image files.

A team of researchers in Carnegie Mellon University's CyLab have developed a prototype IoT security and privacy "Nutrition label" that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.

For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 macros, observing the fast pace at which malware authors change them to stay ahead of security tools. A central part of many organizations' productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities.

"Don't spread disinformation and right now, all signs point to just that - the alleged Minneapolis Police Department 'breach' is fake," he wrote, in an analysis posted on Monday, adding that the data is likely not from the MPD at all, but rather a collection of widely available credentials from earlier breaches, and possibly some made-up combinations, that have been assembled into a new database for the purpose of perpetrating this hoax. Passwords like the all-lowercase "Linkedin"; "Le"; PIN-like passwords like "1603"; and the notoriously insecure "Password," "Qwerty" and "123456" are all represented.

An attacker exploiting the vulnerability could have taken over user accounts on the affected third-party applications, regardless of whether the victim was using a valid Apple ID or not, security researcher Bhavuk Jain explains. In the second step, the user is provided with the option to share the Apple Email ID with the third-party app.

Researchers at cybersecurity company Check Point said on Thursday that they have found the real identity of VandaTheGod, a Brazilian hacker involved in both hacktivist operations and financially-motivated cybercrimes. Check Point told SecurityWeek that it informed law enforcement about its findings in October 2019, but the hacker continued to be active up until May 2020.

In a report shared with The Hacker News, researchers from Check Point said they were able to map VandaTheGod's activity over the years, and eventually zero down the attacker's real identity to a Brazilian individual from the city of Uberlândia. "Many of the messages left on the defaced websites implied that the attacks were motivated by anti-government sentiment, and were carried out to combat social injustices that the hacker believed were a direct result of government corruption," the researchers said.

In a report shared with The Hacker News, researchers from Check Point said they were able to map VandaTheGod's activity over the years, and eventually zero down the attacker's real identity to a Brazilian individual from the city of Uberlândia. "Many of the messages left on the defaced websites implied that the attacks were motivated by anti-government sentiment, and were carried out to combat social injustices that the hacker believed were a direct result of government corruption," the researchers said.