More bad news for Volkswagen.
A team of researchers has found that Volkswagen stores secret keys in car components that leave almost all its vehicles since 1995 vulnerable to theft.
Source: A New Wireless Hack Can Unlock 100 Million Volkswagens
Another impressive likely-state-sponsored malware. Data exfiltration from air-gapped machines is the holy grail of the malware world. If they succeeded this will be huge.
The malware—known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes.
Source: Researchers crack open unusually advanced malware that hid for 5 years
It has long been known that telephony services like SMS are not secure. When your infrastructure provider is hostile it gets challenging to protect your users.
Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.
Source: Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers
Like I always say, all (non-trivial) software have bugs. It’s a matter of when and if they are discovered. If you’re lucky, the bugs may only result in financial loss. In more serious cases, safety and security can be compromised.
When the system was introduced in the mid-1990s, the program code filtered out any transactions that were given three-digit branch codes from 089 to 100 and used those prefixes for testing purposes.
But in 1998, the company started using alphanumeric branch codes as it expanded its business. Among them were the codes 10B, 10C and so on, which the system treated as being within the excluded range, and so their transactions were removed from any reports sent to the SEC.
Source: Programming bug costs Citigroup $7m after legit transactions mistaken for test data for 15 years
The irony is killing: a product that is supposed to protect your enterprise contains severe security problems making your enterprise hackable through a carefully crafted email – which doesn’t even need to be opened!
The rabbit hole can be really deep. The tl;dr version is this: this guy encountered an apparent bug in emacs in his work, but you will never guess what’s the cause of it.
Source: The Universe of Discourse : Don’t tug on that, you never know what it might be attached to
Great, now we’re on BBC for the wrong reasons. This goes totally against the Smart Nation, IoT and cloud movement. The scary prospect is that quasi-government agencies and even private organizations may take a cue from this and do the same.. Expect a strong pushback from the industry. OTOH, server vendors will be very happy 🙂
Singapore says it will restrict access to the internet for public servants from May next year because of information security concerns.
Source: No internet for Singapore public servants – BBC News
Yet another major fail from a hardware vendor. The tl;dr version is this: Asus laptop comes with a software called LiveUpdate that deliver updates from Asus. The problem is it does so insecurely and without proper validation. So that makes it possible for someone to perform MiTM and deliver fake updates.
Source: *indrora->mind — DeadUpdate; Or, How I learned to stop worrying and…
TeamViewer is a very popular tool for remote access due to its ease of use and firewall bypassing capability. It is widely used by IT support, sysadmins, appliance manufacturer, Pos system makers, individuals etc. If this hack is real it would have huge ramifications for users of this tool.
Remote-control tool wobbles offline, blames bad passwords for compromises
Source: TeamViewer denies hack after PCs hijacked, PayPal accounts drained
Update (2016-06-04): Also reported here.
Finally an affordable drone with decent specs and battery life? Will be waiting for review when it launches in July.
It’s a lot of drone for a (relatively) little price.
Source: Xiaomi’s Cheap New Drone Achieves Impulse-Buy Airspace | WIRED