BMWs at risk of hacking
BMW is in the process of issuing security patches to drivers of its 2017 i3, 2016 X1 and 525Li, and 2012 730Li. The patches will cover fourteen newly-discovered vulnerabilities, four of which can be triggered only through physical connection to the car computer systems, while another four require USB connection to the car. The remaining six vulnerabilities can be exploited remotely. A diligent cybercriminal can gain access to the cars’ infotainment systems, T-Box components, and UDS communication. In light of the findings, BMW has embraced the value of third-party cybersecurity research, and they are working on fixes.
Cybercriminals have caught on. Our mobile devices are where it’s at. Personal info, bank accounts, passwords, important contacts — all this data is on our phones. And data today is more valuable than gold, which makes smartphones the new motherload. Realizing “there’s gold in them thar cells!” the cyber-underground targeted devices more than ever over the past year.
Dangerous PDF exploit combines two vulnerabilities
Fortunately, patches exist for both vulnerabilities in question, but if an unpatched Windows system suffers infection from this PDF exploit, all bets are off.
Cryptojacking like an animal: the Drupal vulnerability
The San Diego Zoo is just one of almost 400 websites that has been compromised by a bug called Drupalgeddon 2.0. This vulnerability in the Drupal content management system was discovered and patch…
On May 12, 2017, WannaCry, the biggest ransomware attack in history, spread like wildfire around the world, indiscriminately affecting PCs belonging to consumers, businesses, hospitals, and government departments. Now, nearly one year later, the same m…
MA school district pays $10,000 ransom
On April 14, the Leominster school district in Massachusetts was hit with a ransomware attack that took the education sector’s computer system hostage, locking all administrators and teachers out of their email. Authorities believe the attack was intended only as a money-making scheme and not to mine sensitive data.
Amazon Web Services (AWS) hijacked for 2-hour heist
For two hours on Tuesday, the website MyEtherWallet.com, a cryptocurrency wallet where thousands of users store their Ethereum, was leeched of roughly $150,000. Cybercriminals hacked into the site by…
US & UK on alert for possible cyberattack
On Monday, the US Department of Homeland Security, the FBI, and the UK National Cyber Security Center issued a first-ever joint statement warning businesses and residents of both nations that a wide-scale …
This month’s “Patch Tuesday” is turbo-charged
Microsoft releases system updates on the second Tuesday of each month, and this month’s “Patch Tuesday” is a whopper. It covers nearly 70 security issues, 20 of which are rated “critical.”
Fashion faux pas: Data breach at Saks Fifth Avenue and Lord & Taylor
Toronto-based retail enterprise Hudson’s Bay — parent company to Saks Fifth Avenue, Saks OFF Fifth, and Lord & Taylor — disclosed on Sunday that no less than five million of their customers may have suffered credit card compromises in a data breach that occurred last May.