Trending

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k -
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Post a Comment

British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

By CyberMrfu3k -
https://www.blackhatsec-mrfu3k.online/

British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers.

In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their credit card details stolen, though no passport details were accessed.

The airline did not disclose precisely how the breach happened, when it happened, when the company discovered it, how the sophisticated attackers unauthorizedly managed to gain access to the private information of its customers, and for how long they had that access to the airline's systems.

However, EasyJet assured its users that the company had closed off the unauthorized access following the discovery and that it found "no evidence that any personal information of any nature has been misused" by the attackers.

"As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue," the company said in a statement published today.

EasyJet has also notified the Information Commissioner's Office (ICO), Britain's data protection agency, and continues to investigate the breach incident to determine its extent and further enhance its security environment.

"We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers' personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated," says EasyJet Chief Executive Officer Johan Lundgren.

"Since we became aware of the incident, it has become clear that owing to COVID-19, there is heightened concern about personal data being used for online scams. Every business must continue to stay agile to stay ahead of the threat."

As a precautionary measure recommended by the ICO, the airline has started contacting all customers whose travel and credit card details were accessed in the breach to advise them to be "extra vigilant, particularly if they receive unsolicited communications."

Affected customers will be notified by May 26.

Last year, the ICO fined British Airways with a record of £183 million for failing to protect the personal information of around half a million of its customers during a 2018 security breach incident involving a Magecart-style card-skimming attack on its website.

Affected customers should be suspicious of phishing emails, which are usually the next step of cybercriminals to trick users into giving away further details of their accounts like passwords and banking information.

Affected customers exposing their credit card details are advised to block the affected cards and request a new one from their respective financial institution, and always keep a close eye on your bank and payment card statements for any unusual activity and report to the bank if you find any.

Comments

Post a Comment

Popular posts from this blog

Ninjutsu OS- Windows based pentesting distribution

By -
Image
Ninjutsu Project Hey everyone. Hope you all are doing good. Today I came across a post in Linkedin by Hasan , a Red team Penetration tester. It's as follows I started exploring and came to know about this distribution. A Windows based pentesting distribution!!  Sound exciting right? Within few minutes i ended up downloading the OS (17gb -_- ) Don't forget to visit their official blog and support the developer if you like his work.
Read more

Fog Ransomware

By CyberMrfu3k -
Image
‛Fog’ Ransomware Rolls in to Target many Sectors. A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. A new ransomware operation has been performing old-fashioned ransomware attacks, locking up data in virtual environments to earn quick payouts. Attack Vectors • Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far, which Arctic Wolf has declined to name. • In one case, for example, Fog passed the hash to compromise administrator accounts in its target’s network. It then used the accounts to establish a remote desktop protocol (RDP) connection with Windows servers running the Hyper-V hypervisor and Veeam data protection software. • Other common Fog tactics, techniques, and procedures (TTPs) include credential stuffing, using native Windows and open-source tools l...
Read more

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

By CyberMrfu3k -
Image
Security researchers have unveiled new techniques that allow attackers to exfiltrate sensitive data from air-gapped computers, which are systems physically isolated from unsecured networks. Despite air gaps being a strong security measure, these attacks demonstrate that determined adversaries can still find ways to breach such systems. Dr. Mordechai Guri and his team at Ben-Gurion University in Israel have published multiple papers detailing various  covert channels  that can be used to leak data from air-gapped systems. Their latest  research focuses  on exploiting computer components’ electromagnetic, acoustic, thermal, and optical emanations to transmit data to nearby receivers. One attack, dubbed  RAMBO  (Radiation of Air-gapped Memory Bus for Offense), exploits electromagnetic emissions from a computer’s RAM to leak data. Malware can generate controlled radio signals that encode stolen information by manipulating memory access patterns. Using a softwar...
Read more