Atlassian reveals critical flaws in most of their products

Posted on July 21, 2022 by Robin Edgar

Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security. The company’s July security advisories detail “Servlet Filter dispatcher vulnerabilities.” One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a Read more about Atlassian reveals critical flaws in most of their products[…]

Google forced to allow some Android apps to use third-party payments in the EU

Posted on July 21, 2022 by Robin Edgar

Android developers who distribute apps on the Google Play store can now use third-party payment systems in many European countries. The measure applies to the European Economic Area (EEA), which comprises European Union states as well as Iceland, Liechtenstein and Norway. However, the policy will not apply to gaming apps, which still need to use Read more about Google forced to allow some Android apps to use third-party payments in the EU[…]

Rhythm in plant cells

Posted on July 21, 2022 by Robin Edgar

Researchers are studying the electrical rhythms in plant cells. Source: Rhythm in plant cells | FlowingData

Russia fines Google $374M over Ukraine invasion portrayal

Posted on July 21, 2022 by Robin Edgar

A Russian court fined Google $374 million on Monday for its failure to remove prohibited content, according to the country’s internet watchdog Roskomnadzor. The Tagansky District Court of Moscow took exception to YouTube content it claimed contained “fakes about the course of a special military operation in Ukraine” and discredited Russia’s armed forces. The court Read more about Russia fines Google $374M over Ukraine invasion portrayal[…]

UK court okays $1.1b Play Store lawsuit against Google

Posted on July 21, 2022 by Robin Edgar

A London court on Tuesday authorized a lawsuit that seeks to have Google pay £920 million ($1.1 billion) for overcharging customers for app store purchases. Filed as a class action on behalf of 19.5 million UK citizens, the suit alleges Google charged commission fees up to 30 percent on app sales. Consumer rights advocate Liz Read more about UK court okays $1.1b Play Store lawsuit against Google[…]

how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts

Posted on July 20, 2022 by Robin Edgar

The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-Vehicle Infotainment (IVI) system. As I mentioned before it Read more about how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts[…]

Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday

Posted on July 19, 2022 by Robin Edgar

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the Read more about Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday[…]

Records reveal the scale of Homeland Security’s phone location data purchases

Posted on July 19, 2022 by Robin Edgar

Investigators raised alarm bells when they learned Homeland Security bureaus were buying phone location data to effectively bypass the Fourth Amendment requirement for a search warrant, and now it’s clearer just how extensive those purchases were. TechCrunch notes the American Civil Liberties Union has obtained records linking Customs and Border Protection, Immigration and Customs Enforcement Read more about Records reveal the scale of Homeland Security’s phone location data purchases[…]

Apple Pay illegally profited by walling off contactless payments, lawsuits in EU, US allege

Posted on July 19, 2022 by Robin Edgar

A proposed class-action lawsuit filed on behalf of payment card issuers accuses Apple of illegally profiting from Apple Pay and breaking antitrust laws. Iowa’s Affinity Credit Union is listed as the plaintiff in the complaint, filed today in the US District Court for the Northern District of California. The lawsuit alleges that by restricting contactless Read more about Apple Pay illegally profited by walling off contactless payments, lawsuits in EU, US allege[…]

“Parallel Reality” Display Shows Different Info to Different People at Same Time

Posted on July 19, 2022 by Robin Edgar

Imagine if you, me and a dozen other people were standing in a room staring at the same screen—but the screen showed something different to each of us, simultaneously. A California-based tech company called Misapplied Sciences has made this possible. They’ve developed a “parallel reality” display “enabled by a new pixel that has unprecedented capabilities,” Read more about “Parallel Reality” Display Shows Different Info to Different People at Same Time[…]

Ubisoft Teaches Customers They Don’t Own All That DLC They ‘Bought’

Posted on July 15, 2022 by Robin Edgar

While we were just discussing how everyone occasionally gets reminded that for many digital goods these days you simply don’t actually own what you’ve bought, all thanks to Sony disappearing a bunch of purchased movies and shows from its PlayStation platform, this conversation has been going on for a long, long time. Whereas the expectation Read more about Ubisoft Teaches Customers They Don’t Own All That DLC They ‘Bought’[…]

Apple AirTags Hacked And Cloned With Voltage Glitching

Posted on July 15, 2022 by Robin Edgar

[…] researchers have shown that it’s possible to clone these devices, as reported by Hackster.io. The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this Read more about Apple AirTags Hacked And Cloned With Voltage Glitching[…]

Lenovo fixes trio of UEFI vulnerabilities – fortunately not for Thinkpads though

Posted on July 15, 2022 by Robin Edgar

[…] “The vulnerabilities,” explained the ESET Research team, “can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features.” “It’s a typical UEFI ‘double GetVariable’ vulnerability,” the team added, before giving a hat tip Read more about Lenovo fixes trio of UEFI vulnerabilities – fortunately not for Thinkpads though[…]

Nokia Launches 8″ T10 Tablet

Posted on July 15, 2022 by Robin Edgar

Nokia T10 tablet has been officially launched by the company via a press release. It is the second tablet by Nokia’s new home, HMD Global, on the market. The device is being touted as a sturdy and portable Android slate with multiple years of software upgrades. The Nokia T10 has arrived as a mid-range Android Read more about Nokia Launches 8″ T10 Tablet[…]

Hasbro will 3D-print your face onto its iconic action figures

Posted on July 14, 2022 by Robin Edgar

Have you ever wanted to see your own face on the body of a Power Ranger or a Ghostbuster? Thanks to an ingenious partnership between Hasbro and 3D-printing specialists Formlabs, now you can. The Hasbro Selfie Series will let would-be heroes take a scan of their face with their phone and have a custom-made, look-a-like Read more about Hasbro will 3D-print your face onto its iconic action figures[…]

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

Posted on July 14, 2022 by Robin Edgar

[…] CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server’s Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren’t relying on your xorg-server running as root. Fixes for these XKB vulnerabilities have been patched in X.Org Server Git Read more about X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities[…]

Supremes ‘doxxed’ after overturning Roe v Wade

Posted on July 14, 2022 by Robin Edgar

The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill. As expected, the fallout from the controversial ruling, which reversed the court’s 1973 decision that federally protected Read more about Supremes ‘doxxed’ after overturning Roe v Wade[…]

Amazon Ring Tells Sen. Markey It Won’t Enhance Doorbell Privacy, will listen in to long range conversations

Posted on July 14, 2022 by Robin Edgar

Ring is rejecting the request of a U.S. senator to introduce privacy-enhancing changes to its flagship doorbell video camera after product testing showed the device capable of recording conversations well beyond the doorsteps of its many millions of customers. Security and privacy experts expressed alarm at the quality of the distant recordings, raising concerns about Read more about Amazon Ring Tells Sen. Markey It Won’t Enhance Doorbell Privacy, will listen in to long range conversations[…]

Google files a lawsuit that could kick Tinder out of the Play Store because Match refuses to pay illegally forced fees

Posted on July 14, 2022 by Robin Edgar

Google has counter-sued Match seeking monetary damages and a judgement that would let it kick Tinder and the group’s other dating apps out of the Play Store, Bloomberg has reported. Earlier this year, Match sued Google alleging antitrust violations over a decision requiring all Android developers to process “digital goods and services” payments through the Read more about Google files a lawsuit that could kick Tinder out of the Play Store because Match refuses to pay illegally forced fees[…]

A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia

Posted on July 14, 2022 by Robin Edgar

Posing as a scholar, a Chinese woman spent years writing alternative accounts of medieval Russian history on Chinese Wikipedia, conjuring imaginary states, battles, and aristocrats in one of the largest hoaxes on the open-source platform. The scam was exposed last month by Chinese novelist Yifan, who was researching for a book when he came upon Read more about A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia[…]

Joshua Schulte: Former CIA hacker convicted of Vault 7 data leak

Posted on July 14, 2022 by Robin Edgar

[…] Joshua Schulte was convicted of sending the CIA’s “Vault 7” cyber-warfare tools to the whistle-blowing platform. He had denied the allegations. The 2017 leak of some 8,761 documents revealed how intelligence officers hacked smartphones overseas and turned them into listening devices. Prosecutors said the leak was one of the most “brazen” in US history. Read more about Joshua Schulte: Former CIA hacker convicted of Vault 7 data leak[…]

Amazon’s Ring gave a record amount of doorbell footage to the US government in 2021

Posted on July 14, 2022 by Robin Edgar

Ring, the maker of internet-connected video doorbells and security cameras, said in its latest transparency report that it turned over a record amount of doorbell footage and other information to U.S. authorities last year. The Amazon-owned company said in two biannual reports covering 2021 that it received 3,147 legal demands, an increase of about 65% Read more about Amazon’s Ring gave a record amount of doorbell footage to the US government in 2021[…]

BMW Heated Seats Subscription Is Real And It Costs $18 Per Month. Also heated steering wheel, paid separately. In a car you own and paid for the heated seats and wheel.

Posted on July 13, 2022 by Robin Edgar

[…] On its ConnectedDrive Store in South Korea, BMW owners can pay a monthly fee to have a creature comfort such as heated seats. It costs ₩24,000 or approximately $18 at current exchange rates. Alternatively, you can get a one-year plan for $176 or a three-year subscription for $283. The BMW ConnectedDrive Store is a Read more about BMW Heated Seats Subscription Is Real And It Costs $18 Per Month. Also heated steering wheel, paid separately. In a car you own and paid for the heated seats and wheel.[…]

You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store

Posted on July 12, 2022 by Robin Edgar

We have done many, many posts explaining how, unfortunately, it seems the idea of a person owning the things they’ve bought has become rather passe. While in the age of antiquity, which existed entire tens of years ago, you used to be able to own things, these days you merely license them under Ts and Read more about You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store[…]

Leaked Uber files reveal extensive use of ‘kill switch’, Lobbying partners including Macron, tax haven use, etc

Posted on July 12, 2022 by Robin Edgar

A data leak from ride-sharing app Uber revealed activities allegedly geared to avoid regulation and law enforcement – including a “kill switch” that would remotely cut computer access to servers at its headquarters in San Francisco in case of a raid – according to weekend media. The leak was provided to The Guardian and shared Read more about Leaked Uber files reveal extensive use of ‘kill switch’, Lobbying partners including Macron, tax haven use, etc[…]