Security Leftovers

posted by Roy Schestowitz on May 20, 2023

• Kia/Hyundia Settle Class-Action Lawsuit Over Security Flaw in Vehicles

  Hyundai Motor America and Kia America will resolve class-action lawsuit prompted by a surge in vehicle thefts with a settlement agreement that could be valued at $200 million

• Kia and Hyundai settled a class-action lawsuit accusing their cars of being too easy to steal

  Kia and Hyundai have agreed to settle a class-action lawsuit accusing the automakers of failing to install basic anti-theft measures.

• When the Phisher Messes Up With Encoding, (Fri, May 19th)

• Online voting: Yes or no [Ed: Terrible idea as a lot of modern computing is back-doored by design]

  In the US, voting is seen as a civic duty. It’s voluntary, but it’s an act of patriotism and a democratic responsibility. But there are many barriers to voting—one might have to take off from work, find childcare, or travel long distances to cast a ballot.

• Could online voting become mainstream in the US? [Ed: Just pushing really bad ideas for companies that do not solve any real issue and create many new issues]

• US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website

  Wisconsin teen Joseph Garrison is charged with launching a credential stuffing attack that affected roughly 60,000 user accounts.

• Pimcore Platform Flaws Exposed Users to Code Execution

  Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks.

• Botched Asus Update Kicks Routers Offline Worldwide, Company Apologizes

  Asus' routers mysteriously went offline earlier this week, and Asus initially went radio-silent.

• Researchers Identify Second Developer of ‘Golden Chickens’ Malware

  Security researchers have identified the second developer of Golden Chickens, a malware suite used by financially-motivated hacking groups Cobalt Group and FIN6.

  >

• Japan’s Toyota discloses improper crash tests at Daihatsu subsidiary

  Toyota has found improper crash tests for a model and suspended shipments, in the latest in a series of embarrassing woes plaguing Japan’s top automaker. The latest problem, affects 56,111 Toyota Raize hybrid vehicles, produced by Daihatsu, a manufacturer specializing in small models, wholly owned by Toyota. It also affects 22,329 vehicles sold as the Daihatsu Rocky. The vehicles were all sold in Japan. Just a week ago, Toyota acknowledged there had been data breach at its online Connected service, spanning a decade, putting information on more than 2 million vehicles at risk for leaks. No breaches were reported.

• Japan's Toyota Discloses Improper Crash Tests at Daihatsu Subsidiary

  Toyota has found improper crash tests for a model and suspended shipments, in the latest in a series of embarrassing woes plaguing Japan’s top automaker

• Security Risks of New .zip and .mov Domains

  Researchers are worried about Google's .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability.

• All your building are belong to us

  TL;DR Building Management Systems (BMS) bring new risks to businesses that haven't had previous experience of  securing Operational Technology (OT) While there might not be direct financial gain from hacking [...]