Aggregator

The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...]

The most common ATO threat that individuals and businesses imagine affecting them is their accounts getting hijacked- e.g. a threat actor uses credential stuffing to login to your netflix account, and enjoys some free entertainment on your dime (or sells the account for a few dollars)…or in a more serious scenario, accesses an employee’s corporate […]

The post Disorder in the Court: Unintended Consequences of ATO appeared first on Security Boulevard.

Learn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it.

The post Why Shadow APIs provide a defenseless path for threat actors appeared first on Dana Epp's Blog.

Learn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it.

The post Why Shadow APIs provide a defenseless path for threat actors appeared first on Dana Epp's Blog.

The post Why Shadow APIs provide a defenseless path for threat actors appeared first on Security Boulevard.

Microsoft unveiled Windows 365 Link, their first purpose-built Cloud PC device for instant, secure connection to Windows 365. Sign-in screen with USB security key option (Source: Microsoft) Windows 365 Link prioritizes security “We have heard concerns from IT pros about the vulnerability of endpoints that store local data, house applications, and allow users administrative privileges on devices,” said Microsoft. Windows 365 Link features a secure, locked-down OS with no local data, apps, or admin rights, … More →

The post Windows 365 Link Cloud PC: Connect securely to Windows 365 appeared first on Help Net Security.

For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, as well as USB media playback, wireless mirroring, and more.

This blog post presents internal photos of the DMX958XR boards and highlights each of the interesting components. A hidden debugging interface is also detailed which can be leveraged to obtain a root shell.

Internals

The DMX958XR is a compact unit that contains multiple interconnected boards. Fortunately, the most interesting board is at the top of the unit and can be easily accessed by removing a few screws and metal plates.

The topside of the main board contains a video processing IC, PMIC, NAND flash, and two DDR3 SDRAMs.

Figure 1 - Main board (top)

Carefully flipping the main board over reveals the SoC, radio module, eMMC, and more RAM. Be careful not to tear the ribbon cable that is attached to the underside of the board!

Figure 2 - Main board (underside)

In the center of Figure 2 is a Murata radio module that handles Wi-Fi and Bluetooth operations. Searching around for the exact model number that is etched onto the shielding does not return much information, but the FCC documents for the DMX958XR state that this is the Murata LBEE6ZZ1WD-334. This module has no public datasheet available and isn't listed on Murata's site.

To the right of the radio module is the Telechips TCC8974 SoC, which is marketed as an "IVI and Cluster solution" that supports running Android, Linux, and QNX. The TCC8974 uses a 32-bit ARM core and has multimedia hardware acceleration capabilities. Off to the right of the SoC is the supporting SDRAM and eMMC that the TCC8974 requires.

For completeness, annotated photos of the other boards are provided below. These boards serve varying purposes, such as GPS and audio.

Figure 3 - Board 1 (top). GPS, iDatalink, Sirius XM, microphone, dash cam

Figure 4 - Board 2 (top). AKM Digital Signal Processor (DSP)

Figure 5 - Board 2 (underside). Freescale MCU

Figure 6 - Board 3 (top). Camera, speakers, antenna, STM audio processor

Figure 7 - Board 3 (side). Unused 8-pin connector. Purpose unknown

Debug Connector

Eagle-eyed readers may have noticed a suspicious-looking edge connector shown in Figure 1 that is slightly off to the right of the NAND flash. This exposes a Linux login prompt over UART at 115200bps. Logging in with the correct credentials will spawn a root shell.

Figure 8 - Debug connector

Summary

Hopefully, this blog post provides enough information to kickstart vulnerability research against the DMX958XR. Keep an eye out for future posts that cover the threat landscape of the DMX958XR.

We are looking forward to Automotive Pwn2Own, again to be held in January 2025 at the Automotive World conference in Tokyo. We will see if IVI vendors have improved their product security. Do not wait until the last minute to ask questions or register! We hope to see you there.

You can find me on Twitter at @ByteInsight, and follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

You might have heard of ransomware before—maybe even seen stories of people or businesses getting locked out of their own files unless they pay up. Well, brace yourself because ransomware attacks kept their momentum going from Q2 to Q3/2024, doubling the attacks compared to the previous quarter. That’s right, they’ve become even more common.   

The post Ransomware is doubling down—What you need to know about the recent surge appeared first on Security Boulevard.

Picture this: you download a harmless-looking app, maybe a phone cleaner or a new browser, only to find your screen bombarded by ads. Irritating, to say the least. 

The post Adware on the rise—Why your phone isn’t as safe as you think appeared first on Security Boulevard.

Наша галактика отняла у соседа газовую оболочку, но не сломила его дух.

Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data

A Threat Actor is Selling a Malware Loader

The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals.

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
Imagine leaving your car key at a public place, only to drop your keys when exiting the vehicle. Someone picks them up and drives away. They speed through a school zone and are caught on camera. Later, the car is used in a robbery. Now, you’re not only missing your car but also wrongly implicated … Continued