A researcher is advising drivers not to use a mobile app for General Motors Co's (GM.N) OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely.
"White-hat" hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to "locate, unlock and remote-start" vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.
Journalists and citizens living under repressive regimes alike depend on the encrypted Tor browser to surf the web anonymously. But in certain cases, an attacker can figure out which dark web site a user is trying to access by passively monitoring Tor traffic, and even reveal the identity of servers hosting sites on the Tor network.
Russian hackers have figured out a way to use Twitter to communicate with malware that’s infected target computers, allowing them to cover their tracks while making their way into confidential government computer systems.
The hackers upload special images to the social media site that stealthily transmit directions to installed malware that can then steal files or other unwanted actions, reported the Financial Times. The advantage of this approach is that targeted computer systems don’t register the intrusion. It looks like just another Tweet.
We reported on a newly discovered Android security vulnerability yesterday, hackers can gain access by simply sending a MMS message to the target’s device and it doesn’t even matter if that message is opened or not, Android’s default media handling system would automatically process the message and activate the code. Naturally this has raised security concerns and Google has now come out with a statement on the matter, it promises a fix for this flaw by next week.
L33tdawg: Dmitry Chastuhin from ERPScan will be at #HITBGSEC in Singapore where he'll show off an attack against SAP Afaria - One SMS to hack a company.
ERPScan researcher Alexey Tuyrin says hundreds of Oracle PeopleSoft users, including banks, are running publicly-exposed services that are open to a token-plundering vulnerability.