Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal
As with virtually any electronic device, vehicle infotainment systems, colloquially known as head units, can be engineered to steal user data. Dan Mazzella, security research engineer and malware researcher at Cisco Talos successfully exploited his own vehicle‘s head unit to demonstrate that the attack is possible. “I was able to very easily just dump process memory and access exact GPS coordinates for my head unit: exactly where my house was, where the GPS latitude longitude coordinates were. That’s a major privacy concern,” Mazzella explained to Cybernews at the Black Hat USA 2024 conference.
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices
Cybersecurity researchers have discovered a new “0.0.0.0 Day” impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability “exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices,” Oligo Security researcher Avi Lumelsky said. The Israeli application security company said the implications of the vulnerability are far-reaching, and that it stems from the inconsistent implementation of security mechanisms and a lack of standardization across different browsers.
USPS Text Scammers Duped His Wife, So He Hacked Their Operation
The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she’d inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers.
ADT confirms data breach after customer info leaked on hacking forum
American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States. In a Thursday morning Form 8-K regulatory filing with the Securities and Exchange Commission (SEC), ADT says threat actors breached some of its databases and stole customer information.
Invisible laser beam detects what a MacBook user is typing
A whitehat hacker has demonstrated the use of an invisible laser beam to detect what a MacBook user is typing, from a distance, through a window, without being able to see the keyboard. The principle of using a laser beam to detect and decode soundwaves has long been demonstrated. You can, for example, shine a laser at a window, and decode the microscopic movements of the glass caused by people talking to reveal what they are saying. Samy Kamkar, who runs the YouTube channel Applied Hacking, wanted to see how far he could push this technique.