Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars.
The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations.
These codes — called rolling codes or hopping code — should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars.
Car thieves can create duplicate, fully-working key fobs
Wimmenhove discovered the problem by sniffing the radio signals sent out by his own car’s key fob, which is nothing more than a short-range radio transmitter.
The electronics expert quickly realized that he could “clone” the key fob and create a fully-working, unauthorized duplicate.
“By receiving a single packet from
Read more at: https://www.bleepingcomputer.com/news/security/unpatched-exploit-lets-you-clone-key-fobs-and-open-subaru-cars/
Exploit leaks from the likes of the Shadow Brokers dominated the threat landscape in the second quarter, according to new stats from Kaspersky Lab.
The Russian AV firm detected over 342 million attacks in 191 countries in the period April-June this year, a fairly significant reduction from the 479m attacks seen in Q1.
However, over five million such threats spotted by the vendor came from leaked exploits; that is, malware designed to utilize software vulnerabilities to infect victim machines.
Such attacks are particularly dangerous as they typically don’t require user interaction to deliver malicious code.
The Kremlin-linked Shadow Brokers leak was particularly damaging, making public exploits thought to have been developed by the NSA.
These led to the notable WannaCry and NotPetya outbreaks which caused chaos and destruction across the globe, even at big-name organizations including international law firm DLA Piper, Danish shipper Maersk, German drug company Merck, and
Read more at: https://www.infosecurity-magazine.com/news/exploit-packages-five-million/
More than five million cyber attacks originated from a series of exploit archives dumped onto the internet between April and June this year, according to Kaspersky Lab.
Its software blocked more than five million attacks based on hacking group Shadow Brokers’ exploit dumps, but the rate of attacks using these tools is growing; more than 80% were detected during the last 30 days of the quarter.
Cyber attacks are growing in sophistication and diversity. Ensure your knowledge of ransomware is up-to-date with Kaspersky Lab’s free whitepaper on trends in attacks and security.
Read more at: http://www.itpro.co.uk/security/29234/shadow-broker-exploit-dumps-five-million-cyber-attacks
MUMBAI: IT security and software development firm eScan said demonetisation has opened up new gates for cyber criminals to exploit the unsuspecting and uneducated masses who are increasingly using mobile and unified payment options, highlighting the need for higher levels of data security.
eScan listed out the possible avenues of cyber crime in 2017 and said the sudden switch to digital payment platforms is seeing more than 85% not knowing how to safely use this new option, coupled with a lack of legal framework and speed of investigation.
“We believe it will be a herculean task to give 75% of Indians easy access to Internet. For the government’s vision of Digital India, it would be imperative that government bodies take IT security as one of the most urgent and immediate concerns. It will be addressed by setting up easy-tounderstand legal framework for users and
Read more at: http://economictimes.indiatimes.com/tech/internet/demonetisation-opens-up-new-gates-for-cyber-criminals-to-exploit-tech-ignorant-users/articleshow/56191795.cms