The reality of hacking threats in connected car systems

With the integration of sophisticated technologies like over-the-air updates and increased data connectivity, cars are no longer just modes of transportation but also hubs of personal and operational data. This shift brings forth unique cybersecurity c… Continue reading The reality of hacking threats in connected car systems

Automotive cybersecurity: A decade of progress and challenges

As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consul… Continue reading Automotive cybersecurity: A decade of progress and challenges

Exploiting Embedded Linux Devices Through the JTAG Interface

With the explosion of internet-of-things (IoT) and connected, industrial IoT (IIoT), and connected, smart home devices, it is getting harder and harder to find things that don’t have some sort of embedded operating system and connectivity today. While … Continue reading Exploiting Embedded Linux Devices Through the JTAG Interface

Gaining Root Access on Sierra Wireless AirLink Devices

Wi-Fi connectivity is increasingly pervasive. Many organizations have embraced Wi-Fi as a primary means of connecting to network applications and resources. It is significantly cheaper and more convenient than having to run ethernet cable throughout th… Continue reading Gaining Root Access on Sierra Wireless AirLink Devices

PPP Daemon flaw opens Linux distros, networking devices to takeover attacks

A vulnerability (CVE-2020-8597) in the Point-to-Point Protocol Daemon (pppd) software, which comes installed on many Linux-based and Unix-like operating systems and networking devices, can be exploited by unauthenticated attackers to achieve code execu… Continue reading PPP Daemon flaw opens Linux distros, networking devices to takeover attacks

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks. Continue reading LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

How to detect and prevent issues with vulnerable LoRaWAN networks

IOActive researchers found that the LoRaWAN protocol – which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare – has a host of cyber security… Continue reading How to detect and prevent issues with vulnerable LoRaWAN networks

Why one researcher mimicked Russian hackers in breaking into a European utility

Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses. “We’ve embodied them with all of these god-like abilities,” Larsen said of Sandworm, the group said to be responsible for the attacks and which many believe to work on behalf of Russia’s military intelligence agency. The group turned the lights […]

The post Why one researcher mimicked Russian hackers in breaking into a European utility appeared first on CyberScoop.

Continue reading Why one researcher mimicked Russian hackers in breaking into a European utility

GitHub Security Lab aims to make open source software more secure

GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in … Continue reading GitHub Security Lab aims to make open source software more secure

City of Johannesburg, on Second Hit, Refuses to Pay Ransom

A Shadow Kill Hackers attack that compromised the city’s network and shut down key services was the second ransom-related attack on the city in months. Continue reading City of Johannesburg, on Second Hit, Refuses to Pay Ransom