Trending

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k -
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Post a Comment

Can anyone track the exact location of your phone

By CyberMrfu3k -




It's 2020 and everyone has a tracking device in their pockets. People are being monitored in real time by the government, advertising companies and even fraudsters.
It sounds like science fiction but it's a reality.


www.blackhatsec-mrfu3k.online



The exact location of your phone can be monitored in a number of ways.

How Rogue Bounty Hunters can track your location


The latest controversy began with  Joseph Cox on Motherboard, who gave a hacker $ 300 and a phone number. He managed to find the exact, current location of the mobile phone that used this number.
Well, obviously the American companies (and not only) AT&T, Sprint and T-Mobile sell a lot of data to their customers, including the geographical locations related to their phone numbers, to many other companies.
This data can be used by a service to locate people. However, there is no supervision and fraudsters gain access to this data. "Data is being resold to the wrong people," a company told Motherboard.
What you can do about it : Hopefully the providers will stop selling your data to weird intermediaries.

How can the government monitor your location?

It is worth mentioning that the government also has access to your location data from your mobile phone company. They just need to issue a warrant and deliver it to the mobile service provider using the number they want to locate. The mobile phone provider will of course give your location to the government, but also provide real-time updates.
What you can do about it  : Nothing, unless you want to stop taking the phone with you.

How can advertisers monitor you?

It's not just your cell phone. Even if your mobile phone provider took care of your data, it would be very easy for them to locate you thanks to the location access you have given to certain applications that are installed on your smartphone.
The applications for the weather are very "martyrdom". In order for a weather app to work, you need to give it access to your location.
The same application can also sell your data to the highest bidder.
These apps are just one example as there are many that require access to your site. Rogue Bounty hunters are likely to have location data from such applications and not from mobile phone companies.

What can you do about it? : Avoid giving your site access to third-party applications. Stop using third-party weather apps and use your phone's built-in weather app.

How your family can track your location

Your phone can identify its location and share it with others in the background, even if your screen is off. You do not need to open an application for this.
You can see if you're using a service like Apple's Find My Friends, which is included on the iPhone. Find My Friends can be used to share your exact locations in real time with your family members or friends. If you give someone access, they can open the app and Apple's servers will ping your iPhone, pick up your location, and display it to the person concerned.
Android phones have something similar in a Google app called Trusted Contacts and, of course, there are many third-party apps that help you share your sites in real time with other people.
Of course, this is only done with your permission, but it shows us how widespread this technology is. After all, it's the same technology you can use to remotely track your lost iPhone or Android if you lose it.
What you can do about it : Be careful who you share your site with in real time. :D

Comments

Post a Comment

Popular posts from this blog

Ninjutsu OS- Windows based pentesting distribution

By -
Image
Ninjutsu Project Hey everyone. Hope you all are doing good. Today I came across a post in Linkedin by Hasan , a Red team Penetration tester. It's as follows I started exploring and came to know about this distribution. A Windows based pentesting distribution!!  Sound exciting right? Within few minutes i ended up downloading the OS (17gb -_- ) Don't forget to visit their official blog and support the developer if you like his work.
Read more

Fog Ransomware

By CyberMrfu3k -
Image
‛Fog’ Ransomware Rolls in to Target many Sectors. A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. A new ransomware operation has been performing old-fashioned ransomware attacks, locking up data in virtual environments to earn quick payouts. Attack Vectors • Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far, which Arctic Wolf has declined to name. • In one case, for example, Fog passed the hash to compromise administrator accounts in its target’s network. It then used the accounts to establish a remote desktop protocol (RDP) connection with Windows servers running the Hyper-V hypervisor and Veeam data protection software. • Other common Fog tactics, techniques, and procedures (TTPs) include credential stuffing, using native Windows and open-source tools l...
Read more

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

By CyberMrfu3k -
Image
Security researchers have unveiled new techniques that allow attackers to exfiltrate sensitive data from air-gapped computers, which are systems physically isolated from unsecured networks. Despite air gaps being a strong security measure, these attacks demonstrate that determined adversaries can still find ways to breach such systems. Dr. Mordechai Guri and his team at Ben-Gurion University in Israel have published multiple papers detailing various  covert channels  that can be used to leak data from air-gapped systems. Their latest  research focuses  on exploiting computer components’ electromagnetic, acoustic, thermal, and optical emanations to transmit data to nearby receivers. One attack, dubbed  RAMBO  (Radiation of Air-gapped Memory Bus for Offense), exploits electromagnetic emissions from a computer’s RAM to leak data. Malware can generate controlled radio signals that encode stolen information by manipulating memory access patterns. Using a softwar...
Read more