Thieves can use CAN injection attacks to steal a variety of car models by hacking into their devices. A disturbing new attack method that allows thieves to steal cars of various models has been revealed by automotive cybersecurity experts Ian Tabor of the EDAG Group and Ken Tindell, CTO of Canis Automotive Labs. This attack…
Google’s Project Zero team recently revealed that multiple security flaws were found in Samsung’s Exynos chipsets. Project lead Tim Willis reported at least 18 zero-day vulnerabilities in the Exynos modems used in Samsung’s flagship Galaxy devices, some of which allow for ‘Internet-to-baseband remote code execution’ without any user interaction. Willis said that attackers with even…
The White House released its new budget plan for fiscal year 2024 on Thursday, which includes a proposed increase in cybersecurity funding. The budget plan contains several sections related to cybersecurity-related spending. For example, the administration has proposed an additional $145 million for the Cybersecurity and Infrastructure Security Agency (CISA), bringing its total budget to…
Cybersecurity firm Aqua Security warns that two recently patched vulnerabilities affecting Jenkins servers, tracked as CVE-2023-27898 and CVE-2023-27905, can be chained together to achieve remote code execution. The first vulnerability is a high-severity XSS bug that affects Jenkins versions 2.270 through 2.393 and long-term support (LTS) releases 2.277.1 through 2.375.3. The vulnerability exists because Jenkins…
