A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
New Mirai-like Malware ‘Ares’ Attacks Android Set-top Boxes (Zdnet)
Ares searches for Android devices with open ADB ports and then infects the device, causing it to then seek out new vulnerable Android devices. Ares can also target devices running Telnet services, Linux-based servers, and smart devices. The initial main targets included HiSilicon, Cubetek, and QezyMedia. Read the full technical report here.
Flaw in Open-Source Hardware Virtualization Package QEMU Allows Virtual Machine Escapes and Arbitrary Code Attacks (TechRepublic)
The vulnerability (CVE-2019-14378) allows attackers to break out of their guest OS and attack the host OS that QEMU runs on.
Day One Attacks on Enterprise Networks: Hackers Have Pulse Secure, Fortinet VPNs, and Webmin Servers in their Crosshairs (ZDNet)
Vulnerabilities found in these devices were made public earlier this month by researchers – and the attacks didn’t take long to follow. These are considered some of the worst attacks over the past year, due to the highly sensitive nature of the systems they target.
Gone in 30 Seconds: Hackers Steal a Tesla from Owner’s Driveway Using a Keyless Hack (DailyMail)
Footage of hack caught by doorbell camera shows thieves using wires to pick up signal from the car’s electronic key and relay it to the vehicle, which is tricked into thinking the key is in close proximity.
Buffer overflow (CVE-2019-12527) in Squid Web Proxy Could Allow Hackers to Carry Out Remote Code Execution Attacks (SCMedia)
By sending a crafted HTTP request to the targeted server, an attacker can run malicious code remotely with the privileges of the server process while an unsuccessful attack will cause a Denial of Service condition.
Read the full analysis here.
