AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/4/2024

The MadRadar Hack Can Cause Autonomous Cars to Malfunction and Hallucinate

Self-driving cars come closer to being a reality every day. Many vehicles already have autonomous features, but several challenges remain. Cybersecurity shortcomings are among the most concerning, and a recent experiment dubbed “MadRadar” heightens these worries. Researchers at Duke University demonstrated MadRadar in January 2024 before detailing it at the Network and Distributed System Security Symposium in February. The attack targets driverless vehicles’ radar, making them detect incoming obstacles that aren’t actually there.

 

Verkada to pay $2.95M for security failures leading to breaches

The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras. Many of the cameras were located in sensitive environments, such as women’s health clinics, psychiatric hospitals, prisons, and schools. FTC alleges that Verkada not only failed to implement basic security measures to protect the cameras from unauthorized access but also misrepresented the products’ security to customers with unbased promises and reviews submitted by investors.

 

Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers who had already stolen someone’s bank account credentials could enter the target’s phone number and name, and the service would initiate an automated phone call to the target that warned them about unauthorized activity on their account.

 

Transport for London discloses ongoing “cyber security incident”

Transport for London (TfL), the city’s transport authority, is investigating an ongoing cyberattack that has yet to impact its services. The agency also added that there was no evidence that customer information was compromised during the incident. “We are currently dealing with an ongoing cyber security incident,” TfL’s Customer Information Team warned customers over email earlier and in a statement published online today.

 

Business services giant CBIZ discloses customer data breach

CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. The company informs that a threat actor exploited a vulnerability in one of its web pages and was able to steal customer data between June 2 and June 21. CBIZ is a management consulting company that provides financial and benefits and insurance services to various organizations and individual customers.

Related Posts