 A new security report has shown that threat actors can hack Honda vehicles remotely. Hackers can unlock the car by abusing re-sync sequences meant to keep the vehicle safe. More: - Modern cars use a system called rolling codes, which essentially allows the owner to utilize a new series of digital keys every time they open the car. Older cars used a specific set of sequences, making them easier to breach.
- Security researchers managed to breach Honda vehicles by using the key in a specific pattern so that the car would accept old synchronization sequences.
- The vulnerability is tracked as CVE-2021-46145, and researchers were able to reproduce the issue on the following models: Honda Civic 2012, Honda XR-V 2018, Honda CR-V 2020, Honda Accord 2020, Honda Odyssey 2020, Honda Inspire 2021, Honda Fit 2022, Honda Civic 2022, Honda VE-1 2022, and Honda Breeze 2022.
- The company has denied that the bug is active or that the videos shown by researchers are enough proof.
| |
 Hackers reportedly used fake job offers to steal $540M from Axie Infinity. The breach happened by scamming a Sky Mavis employee and having him click a malware-infected link. More: - Axie Infinity was hacked earlier in 2022, causing massive security concerns for its players as well as the industry in general.
- Ronin Bridge is the name of the protocols that are used in the blockchain that was hacked. It now seems that an employee of Sky Mavis, the studio that created the game, was sent a fake job offer. The offer appeared to contain a significant compensation package that tempted the employee to click a malware-infected link.
- The employee no longer works at the company, while the U.S. State Department has blamed the North-Korean hacker group Lazarus for the breach.
| |
 A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See how
| |
 Maastricht University has stated that it has managed to retrieve the ransom money that it gave to hackers. The Dutch university was hacked in 2019 and now has six figures' worth of Bitcoin. More: - A threat actor known as TA505 or SectorJ04 managed to breach the university's security system through phishing emails.
- The hackers managed to get access throughout the entire system and threatened to delete staff data, research data, student information, salaries, etc.
- Maastricht University decided to pay 30BTC as ransom, which was worth over $40,000 at the time. The cryptocurrency wallet, however, was tracked and was seized two years later. The wallet is now worth more than 10 times the amount paid, reaching over $500,000.
- The school has decided to create a fund for students in need by using the Bitcoin fund, which is being held in a bank.
| |
 Rogers Communications has stated that the Canada-wide outage that happened last week was caused by a maintenance update. The malfunction caused the company's routers to shut down. More: - The outage in the Canadian company caused the internet to shut down, as well as causing credit card transactions and 911 calls to malfunction.
- Reports showed that network usage in the country was 25% less than usual due to the malfunction.
- Rogers' customers are now being sent phishing messages promising benefits for those who were affected by this outage. The company has called on its customers to be careful when clicking on links as the hacking campaign may steal their personal information such as their name, last name, number, credit card information, etc.
Zoom Out: - The company has been a victim of hacking campaigns before. Hackers have used similar campaigns where they promised free credits to users.
| |
 A message from PIESTRO Final Month To Make Pizza History With This Startup 997 AD was the first mention of the word pizza. A thousand years later, it’s still evolving. Now, you can join a new era of pizza and invest in Piestro. They’re building an army of robotic pizzerias that can dish an artisanal pie in 3 minutes. These fully automated kiosks have every advantage over the traditional restaurant: - Boosting profit margins by up to 3X
- Slicing labor to nearly zero
- Expanding to malls, offices, airports, etc.
No wonder Piestro has $580 million in pre-orders from global pizza brands like 800 Degrees Pizza and Carbone Restaurant Group already. The last day to invest in Piestro is July 28th. Become a shareholder in the next evolution of pizza before they’re serving pies in your neighborhood. Invest Now
| |
 GitHub Actions and Azure virtual machines are being used by threat actors to mine cryptocurrency. Both platforms have been targeted before. More: - GitHub is a platform widely used by developers to test their code and product pipeline. Managing to breach GitHub's systems means that any company involved is at critical risk of being hacked.
- There are at least 1,000 repositories on Github that are using code that leverages virtual machines in order to mine cryptocurrency. The virtual machines being used are both Azure and Linux.
- While no major consequences have been noticed so far, having threat actors openly use repositories to store malicious code is always a sign of caution.
- Azure has also been targeted before. One of the most memorable bugs in recent memory is CVE 2022 30190, also tracked as Follina. The flaw was used to breach private and public organizations around the world. This bug was patched only a few weeks ago by Microsoft, having been active for months before.
| |
Quick Hits: - Elon Musk gave a shout-out to Boxabl, calling it a "cool product." Invest in Boxabl today with over 15,000+ investors!
- The FBI has launched a cybersecurity campaign through which it seeks to raise awareness regarding security hygiene and protocols.
- Puerto Rico has announced that it will invest $7.6M to improve its cybersecurity capabilities. The move comes as the territory was breached multiple times by hackers this year, losing over $10M in scams.
- Aerojet Rocketdyne has decided to pay $9M due to a settlement it reached with the government. The propulsion technology company was accused of failing to represent the details of its products in an honest way.
- The global Virtual Private Network market is set to reach $1.7B in 2022, proving that internet users are increasingly more concerned with data privacy and security.
- Use at-home lab testing to find the hormonal cause of low sex drive, slow metabolism, fatigue, brain fog, and stress. Apply code INSIDE for 20% off this week only.*
*This is a sponsored post.
| |
Upcoming events at Inside: - July 12 - July 14 - TechChicago Week (Register Here)
- July 18 - July 23 - Black Tech Week (Register Here)
- August 15 - August 21 - LA Tech Week 2022 (Register Here)
- September 14 - September 15 - Digital Assets Summit 2022 | Blockworks (Register Here)
- September 20 - September 21 - Blockchain Expo 2022 | Europe (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 14 - November 15 - AIBC Summit in Europe | Malta (Register Here)
- November 16 - The Chirp Developer Conference (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| |
