Trending

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k -
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Post a Comment

Strand Hogg 2.0 Vulnerability

By CyberMrfu3k -
Researchers at Promon, a cybersecurity firm better known for its in-app security protection, had earlier discovered a vulnerability in the Android operating system named “Strand Hogg”. This vulnerability enabled cyber criminals to hijack legitimate apps and perform malicious operations. But having learned from its shortfalls, the Strand Hogg 2.0 vulnerability now enables cyber criminals to hijack nearly any app running on Android 9.0 devices and below.

Strand Hogg 2.0 Vulnerability

The Promon researchers found a new elevation of privilege vulnerability classified as “critical severity” (CVE-2020-0096) by Google. One of the reasons for its severity being termed as “critical” is because it allows cyber criminals to gain access to almost all apps. The earlier version of Strand Hogg exploited the Android control setting ‘Task Affinity’, which hijacked Android’s multitasking feature and, as a result, left behind traceable markers. However, this was worked around in Strand Hogg 2.0 as it does not exploit the Android control setting ‘Task Affinity’ and thus difficult to detect.

https://www.blackhatsec-mrfu3k.online/2020/06/strand-hogg-20-vulnerability.html
StrandHogg 2.0 vulnerability
The Strand Hogg 2.0 vulnerability allows potential cyber criminals to take app controls and:
  • Listen and record user and phone call conversations through the microphone
  • Unknowingly take camera controls and click photos
  • Read and send SMSs
  • Exfiltrate users’ login credentials used in different mobile apps and accounts
  • Access and exfiltrate data files and photos from the device
  • Track device location and gain GPS information
  • Access the contacts list on the device
  • Access phone logs
Strand Hogg 2.0 vulnerability is a severe threat as it could be exploited without gaining root access, however, it has not yet been exploited in the wild. Meanwhile, Android has already rolled out security patches for its Android ecosystem partners in April 2020 and was expected to apply the same to the current Android versions 8.0, 8.1, and 9.0 soon after.

  Keep Learning :D Subscribe to Blackhatsec-mrfu3k

Comments

Post a Comment

Popular posts from this blog

Ninjutsu OS- Windows based pentesting distribution

By -
Image
Ninjutsu Project Hey everyone. Hope you all are doing good. Today I came across a post in Linkedin by Hasan , a Red team Penetration tester. It's as follows I started exploring and came to know about this distribution. A Windows based pentesting distribution!!  Sound exciting right? Within few minutes i ended up downloading the OS (17gb -_- ) Don't forget to visit their official blog and support the developer if you like his work.
Read more

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k -
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Read more

Fog Ransomware

By CyberMrfu3k -
Image
‛Fog’ Ransomware Rolls in to Target many Sectors. A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. A new ransomware operation has been performing old-fashioned ransomware attacks, locking up data in virtual environments to earn quick payouts. Attack Vectors • Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far, which Arctic Wolf has declined to name. • In one case, for example, Fog passed the hash to compromise administrator accounts in its target’s network. It then used the accounts to establish a remote desktop protocol (RDP) connection with Windows servers running the Hyper-V hypervisor and Veeam data protection software. • Other common Fog tactics, techniques, and procedures (TTPs) include credential stuffing, using native Windows and open-source tools l...
Read more