Security researchers report they uncovered a design flaw that let them hijack a Tesla using a Flipper Zero, a controversial $169 hacking tool. Partners Tommy Mysk and Talal Haj Bakry of Mysk Inc. said the attack is as simple as swiping a Tesla owner’s login information, opening the Tesla app, and driving away. The victim Read more about Want to Steal a Tesla? set up a guest wifi with a fake site, steal the password and make your own key[…]

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger Read more about Chinese and US researchers show new side channel can reproduce fingerprints by listening to swiping sounds on screen[…]

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week. Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to Read more about 1/2 of all French citizens data stolen in healthcare billing breach[…]

An underground website called OnlyFake is claiming to use “neural networks” to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds. Read more about Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs[…]

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) were called in to investigate an intrusion at an MOD network Read more about Netherlands reveals Chinese attack on defence servers using CoatHanger malware on Fortinet Devices – a real pain to remove[…]

Web security company Cloudflare on Thursday revealed that a threat actor used stolen credentials to gain access to some of its internal systems. The incident was discovered on November 23, nine days after the threat actor, believed to be state-sponsored, used credentials compromised in the October 2023 Okta hack to access Cloudflare’s internal wiki and Read more about Cloudflare Hacked[…]

[…] The ESP32 Marauder is a suite of WiFi/Bluetooth offensive and defensive tools created for the ESP32 and was originally inspired by Spacehuhn’s esp8266_deauther project. The tool itself serves as a portable device used to test and analyze WiFi and Bluetooth devices. […] Do It Yourself If you would like to create your own ESP32 Read more about Marauder DIY WiFi and Hacking tool[…]

Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware. Credential stuffing lists are collections of login name Read more about Have I Been Pwned adds 71 million emails from Naz.API stolen account list[…]

VF Corporation, parent company of clothes and footwear brands including Vans and North Face, says 35.5 million customers were impacted in some way when criminals broke into their systems in December. The announcement was made in a Thursday 8-K/A filing with the Securities and Exchange Commission (SEC), and we’re only left to speculate about what Read more about Thieves steal 35.5M customers’ data from Vans, Dickies, Timberlands parent comp’s sales systems[…]

After intruders broke into Seattle’s Fred Hutchinson Cancer Center’s IT network in November and stole medical records – everything from Social Security numbers to diagnoses and lab results – miscreants threatened to turn on the patients themselves directly. The idea being, it seems, that those patients and the media coverage from any swatting will put Read more about Swatting a cancer hospital’s patients after hack is now a thing[…]