hacking

https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/

Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.

Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks.

…

The attacker needs physical access to the target device to launch a BrutePrint attack

https://www.theguardian.com/society/2023/may/27/nhs-data-breach-trusts-shared-patient-details-with-facebook-meta-without-consent

Observer investigation reveals Meta Pixel tool passed on private details of web browsing on medical sites

https://www.theguardian.com/technology/2023/may/26/tesla-data-leak-customers-employees-safety-complaints

Tesla has failed to adequately protect data from customers, employees and business partners and has received thousands of customer complaints regarding the carmaker’s driver assistance system, Germany’s Handelsblatt has reported, citing 100 gigabytes of confidential data leaked by a whistleblower.

The Handelsblatt report said customer data could be found “in abundance” in a data set labelled “Tesla Files”.

https://therecord.media/illumina-dna-sequencing-devices-vulnerability-fda-cisa

Several U.S. agencies warned this week about a vulnerability affecting software in devices used for DNA research that would allow hackers access to sensitive patient information.

The Food and Drug Administration (FDA) and the company behind the devices — Illumina — said they have not received any reports indicating the vulnerability has been exploited.

Illumina is one of the world’s biggest manufacturers of medical devices that handle bioanalysis and DNA sequencing.

https://news.yahoo.com/hyundai-kia-thefts-keep-rising-144034139.html

Nearly three months ago, Hyundai and Kia unveiled software that was designed to thwart an epidemic of thefts of their vehicles, caused by a security flaw that was exposed on TikTok and other social media sites.

So far, it hasn’t solved the problem. Across the country, thieves are still driving off with the vehicles at an alarming rate.

…

The companies’ affected cars, many of them lower-cost models from the 2011 to early 2022 model years, were not equipped with a theft immobilizer. Such a device contains a computer chip in the key that must be recognized by another chip in the steering column before the engines will start.

Though most automakers have had the chips for years, Hyundai and Kia have lagged behind the industry as a whole in installing them on many models, thereby allowing thieves to exploit the security gap.

https://gizmodo.com/nso-group-exploited-new-zero-click-vulnerabilities-in-i-1850347936

Citizen Lab identified three new exploits that targeted iOS users worldwide in 2022. Apple’s Lockdown Mode reportedly worked as promised.

https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414

Hackers who broke into the Minneapolis Public Schools earlier this year have circulated an enormous cache of files that appear to include highly sensitive documents on schoolchildren and teachers, including allegations of teacher abuse and students’ psychological reports.

https://jalopnik.com/car-thieves-hack-can-bus-headlight-wire-bluetooth-1850307214

Hackers can inject malicious code into a car’s electronic network via headlight or taillight wires, fooling the car into thinking the key is present.

https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/

Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.

Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed.

https://www.bleepingcomputer.com/news/security/google-finds-18-zero-day-vulnerabilities-in-samsung-exynos-chipsets/

experienced attackers could easily create an exploit capable of remotely compromising vulnerable devices without triggering the targets’ attention.