Security Leftovers
-
Hacking A Hyundai Ioniq’s Infotainment System Again After Security Fixes
These days modern cars are nothing if not a grouping of networked software held together by bits of hardware. This is reflected not only in the rapidly increasing number of ECUs, but also infotainment systems and all-glass cockpits. For better or worse, this offers many exciting hacking possibilities, which [greenluigi1] was more than happy to explore with their new 2021 Hyundai Ioniq SEL last year. Naturally, Hyundai then proceeded to ‘fix’ these vulnerabilities, offering the exciting chance to test the Hyundai engineers’ homework, and proceed to bypass it again.
-
The State of Cloud-Native Security
Cloud native is becoming the defacto development method for new applications and workloads. Yet, the cloud-native trend also brings accelerated deployment timelines, which could leave security gaps in CI/CD. Studies also find a rise in time to remediate security incidents and uncertainty concerning cloud-native security tooling adoption. The cloud-native also
-
VMware Plugs Critical Flaws in Network Monitoring Product
VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks.
-
Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
Google’s June 2023 security update for Android patches more than 50 vulnerabilities, including an Arm Mali GPU flaw exploited by spyware vendors.
-
Security professional’s tweet forces big change to Google email authentication
“This issue stems from a third-party security vulnerability allowing bad actors to appear more trustworthy than they are,” a Google spokesperson told CyberScoop in an email Monday. “To keep users safe, we are requiring senders to use the more robust DomainKeys Identified Mail (DKIM) authentication standard to qualify for Brand Indicators for Message Identification (blue checkmark) status.” Advertisement
The DKIM requirement should be fully in place by the end of the week, the Google spokesperson said, marking a change from the previous policy that required either DKIM or a separate standard — the Sender Policy Framework — both of which are used by email providers, in part, to determine whether incoming email is likely to be spam and to theoretically authenticate that a sender is who they claim to be. The spokesperson added that Google appreciated Plummer’s work to bring the problem to their attention.