A security researcher discovered a misconfiguration in a Git web portal belonging to Daimler AG, the German automotive company behind the Mercedes-Benz brand. The researcher was able to access, download and leak over 580 Git repositories containing the source code for “smart car” components installed in Mercedes vans. The leaked projects also included Raspberry Pi images, server images, internal Daimler components for managing remote OLUs, internal documentation, code samples, and passwords and API tokens to Daimler’s systems.
ISB Editorial Staff
Verizon has today published its yearly report on business data breach investigations. Key stats included: 86 percent of data breaches for financial gain – up from 71 percent in 2019 Cloud-based data under attack – web application attacks double to 43 percent 67 percent of breaches caused by credential theft, errors and social attacks Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime On-going patching successful – fewer than 1 in 20 breaches exploit vulnerabilities Report analyzes 32,002 security incidents and 3,950 confirmed breaches from 81 global contributors from 81 countries https://twitter.com/cjbeckner/status/1262596977080090624
Elexon, an organisation that is central to the balancing and settlement of the UK electricity market, has been hit by a cyber-attack. Following security experts provide their insight below: https://twitter.com/aglongo/status/1262364070382010370
Researchers at Cequence Security today published new information about a recent surge in API attacks, a major source of vulnerability that Cequence believes businesses aren’t sufficiently protecting against. “Tales from the Front Line” offers an insider’s analysis of one customer’s data (anonymized) from specific API attacks over the last four weeks. CQ Prime researchers found: up to an 85% week over week increase in malicious traffic since the pandemic lockdown the Android Login API is a significant target attackers continuously vary the attack fingerprint to gain success – one campaign showed almost 1.5 million IP addresses using over 4 million different user agents attackers often…
Multiple supercomputers across Europe have been infected with cryptocurrency mining malware and have shut down to investigate the intrusions, according to ZDNet. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumoured to have also happened at a high-performance computing centre located in Spain. The first report of an attack came to light last Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported “security exploitation on the ARCHER login nodes,” shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions.
According to the Guardian members of the public have been alerted to a scam in which fraudsters use a bogus version of the UK contact-tracing app being trialed on the Isle of Wight. The Chartered Trading Standards Institute (CTSI) said it had evidence of a phishing scam that uses a text message to try to fool people into believing they have been in contact with someone who has tested positive for coronavirus. The bogus text messages the CTSI has seen appear to have been sent by an official source associated with the app, directing recipients to a website that asks for…
Following reports from Bleeping Computer, a 300, 000 active installation of dangerous bug has been found in Google’s official WordPress plugin. Attributed to the disclosure of the proxySetupURL within the HTML source code of admin pages, this enables hackers to have owner access to the site’s Google Search Console. Not only that, but “the verification request used to verify a site’s ownership was a registered admin action” fails to have any capability checks. Thus, such requests can come from any authenticated WordPress user.
In response to new research from ESET on the discovery of the Ramsay malware toolkit targeting air-gapped networks, Cybersecurity experts commented below.
Shadowy online marketplace, MagBo,is selling access to more than 43,000 hacked servers, some of which belong to local and state government, hospitals, and financial organizations. MagBo is a portal where hackers sell and buy hacked servers, is doing better than ever and has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018.
It has been reported that the UK “urgently needs” a transport cybersecurity program if it hopes to safely introduce connected and autonomous vehicles (CAVs) to the roads, according to the leaders of a pioneering project. The ResiCAV project investigated how CAVs and their associated infrastructure can develop “real-time responsiveness” to cybersecurity threats. Potential threats include cyber attacks against cars’ perception sensors, which could trick vehicles into ‘seeing’ something that is not there – or not seeing something that is. Hackers might also try to manipulate vehicles through data connections and ‘shared information protocols’, such as vehicle-to-vehicle, or vehicle-to-everything.