Found 42 bookmarks
Custom sorting
Hacking Kia: Remotely Controlling Cars With Just a License Plate
Hacking Kia: Remotely Controlling Cars With Just a License Plate
On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription. Additionally, an attacker could silently obtain personal information, including the victim's name, phone number, email address, and physical address. This would allow the attacker to add themselves as an invisible second user on the victim's vehicle without their knowledge.
#samcurry#EN#2024#iot#Kia#vehicles#license#plate#Kia_connect#remote-control#car
·samcurry.net·
Hacking Kia: Remotely Controlling Cars With Just a License Plate
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024) I’m a big fan of trains, i like them, but never tough that someday i would take over train traction power substation located in Poland from my home in Costa Rica. I’m not a train expert/engineer and i had no idea how the train management works , I’m a cyber security professional doing research in the internet about OT Industrial equipment exposed potentially vulnerable or misconfigured. Everything explained here is just what i learned reading official documentation from the Elester-pkp website . https://elester-pkp.com.pl/
#bertinjoseb#medium#EN#2024#iot#Critical-infrastructure#Train#Poland#iot-safari#power-substation#lighting-systems
·medium.com·
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
  • Bitdefender researchers have identified a series of vulnerabilities in PV plant management platforms operated by Solarman and Deye. This platform is responsible for coordinating production operations of millions of solar installations worldwide generating a whopping output of approximately 195 GW of solar power (20% of the global solar production) If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts. * These vulnerabilities have been communicated to the affected vendors and fixed.
#bitdefender#EN#2024#Solar#Power#plant#management#IoT#Solarman#Deye
·bitdefender.com·
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The Pumpkin Eclipse
The Pumpkin Eclipse
Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).
#lumen#EN#2024#IoT#routers#destructive#SOHO#ISP#72-hour#Chalubo
·blog.lumen.com·
The Pumpkin Eclipse
QNAPping At The Wheel (CVE-2024-27130 and friends)
QNAPping At The Wheel (CVE-2024-27130 and friends)
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.
#watchtowr#EN#2024#CVE-2024-27130#QNAPping#QNAP#NAS#IoT#vulnerability
·labs.watchtowr.com·
QNAPping At The Wheel (CVE-2024-27130 and friends)
Eight Arms to Hold You: The Cuttlefish Malware
Eight Arms to Hold You: The Cuttlefish Malware
Executive Summary: The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN). A
#lumen#EN#2024#Cuttlefish#Malware#SOHO#routers#DNS-hijacking#sniffing#iot
·blog.lumen.com·
Eight Arms to Hold You: The Cuttlefish Malware
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens’ industrial products. In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400.
#securityweek#EN#2024#CVE-2024-3400#Palo#Alto#Networks#firewall#Siemens#IoT
·securityweek.com·
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Vulnerabilities Identified in LG WebOS
Vulnerabilities Identified in LG WebOS
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world’s best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
#bitdefender#EN#2024#LG#WebOS#TV#iot#vulnerability#CVE-2023-6317#CVE-2023-6318#CVE-2023-6319#CVE-2023-6320
·bitdefender.com·
Vulnerabilities Identified in LG WebOS
Vulnerabilities Identified in LG WebOS
Vulnerabilities Identified in LG WebOS
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world’s best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
#bitdefender#EN#2024#LG#WebOS#TV#iot#vulnerability#CVE-2023-6317#CVE-2023-6318#CVE-2023-6319#CVE-2023-6320
·bitdefender.com·
Vulnerabilities Identified in LG WebOS
The Darkside of TheMoon
The Darkside of TheMoon
Executive Summary The Black Lotus Labs team at Lumen Technologies has identified a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of “TheMoon” malware. TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and
#lumen#EN#2020#SOHO#TheMoon#campaign#EoL#routers#IoT#proxy
·blog.lumen.com·
The Darkside of TheMoon
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
#trendmicro#EN#2023#malware#cyber-crime#LemonGroup#Preinfected#Guerrilla#Android#mobile#mobile-device#IoT#AndroidOS_Guerilla
·trendmicro.com·
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices