Mercedes, BMW, Rolls Royce, Ferrari, Porsche, Toyota, and nearly 15 other car manufacturers may have been hacked. The breach may have happened due to an API flaw. More: - The most severe API flaws were found in BMW and Mercedes-Benz, which were vulnerable to hacks through a flaw in the company's single-sign-on system.
- By using this flaw, researchers were able to access several of the company's GitHub pages, internal chat communications, XENTRY system log-ins that connect users with their cars, etc.
- Other companies, such as Ferrari, are particularly vulnerable due to the average net worth of their customers. A hacker could exploit security flaws to access, modify, or delete any Ferrari customer account, manage their vehicle profile, or set themselves as car owners.
- Porsche vehicles were found to be vulnerable to real-time GPS tracking. This flaw affects at least 15.5 million vehicles.
- Other security flaws could even allow hackers to unlock a car, start the engine, or disable the starter.
| |
The National Institute of Standards for Technology is preparing to conclude its cybersecurity guidance draft for U.S. satellite command operations. The draft comes at a time when the U.S. government is increasingly focusing more on both cybersecurity and space operations. More: - The guidance will focus on the ground segment of space operations due to the practicality of applying cybersecurity changes on ground-operated devices compared to those that are out of reach for most staff.
- This draft aims to help organizations identify threats, protect their digital infrastructure, detect stolen information, integrity, or availability, respond to incidents, and quickly recover from any type of cyberattack or error.
- The currently published version of the guidance is considered a final or pre-final version.
| |
 A message from ARRIVED Unbelievable: a must-see real estate investing hack. Arrived is an easy-to-use real estate investment platform offering SEC-qualified investments, and it’s backed by world-class investors like Jeff Bezos and Marc Benioff. In a few clicks, you can: - Browse properties (<1% make it through vetting): AirBnBs, long-term rentals, and more coming soon.
- Pick your favorites: invest anywhere between $100 to $50K per property.
- Boom: you're officially earning income and appreciation while Arrived manages your properties.
Both first-time investors and long-time real estate millionaires are flocking to Arrived, funding over 200 properties and $75M of property value since last year. Demand is high. What’s holding you back? Browse properties
| |
Android has patched 60 security flaws in its January update. The most severe flaw that was patched is a bug that could lead hackers to gain local escalation of privilege. More: - The January security patches were separated into several phases.
- In phase one, Google announced that it patched 11 elevation of privilege bugs, together with several DDoS flaws.
- During the second part of this month’s security update, Google fixed 41 vulnerabilities in Kernel and third-party components.
- Out of these flaws, four stood out as critical-severity flaws, all leading to remote code execution if not addressed correctly.
- In the third part of the security patches, Google patched flaws in
- Kernel LTS (1),
- Imagination Technologies components (1),
- MediaTek components (3),
- Unisoc components (13),
- Qualcomm components (2),
- and Qualcomm closed-source components (15).
- As part of the last phase, three high-severity flaws affecting Pixel mobile devices were also patched.
| |
Qualcomm and Lenovo have announced that they've patched a number of recently tracked security flaws. The flaws could result in data corruption, system crashes, and arbitrary code execution. More: - The companies have released five main security patches:
- CVE-2022-40516
- CVE-2022-40517
- CVE-2022-40520
- CVE-2022-40518, and
- CVE-2022-40519.
- CVE-2022-40516, CVE-2022-40517, and CVE-2022-40520 have a CVSS ranking of 8.4, while CVE-2022-40518 and CVE-2022-40519 are considered less risky, having a 6.8 CVSS ranking.
- These security flaws affect Lenovo ThinkPad X13 laptops. Users have been recommended to update the BIOS to version 1.47.
- In total, the two companies patches over 23 security flaws.
| |
 A message from BIGID Automatically find, classify, and protect the data that matters most to you – on-demand, and at scale. Reduce risk, protect your data, and jumpstart DSPM today. Sometimes, big things come in small packages. Try SmallID free for 14 days, with plans starting as low as $2,000 a month. With SmallID, you can: - Easily and automatically find your cloud data
- Flag, tag, and classify the data that matters most to you: including sensitive, customer, PCI, secrets, and more
- Discover secrets and passwords in dev environments, code repos, and everywhere in between
- Uncover dark data & improve your security posture
Start the new year off right: reduce the risk of data breaches, improve your security posture, and save time. Get started in minutes with an exclusive Inside.com free trial. “SmallID makes it easy to manage risk, understand our data assets, and protect our data - it does everything I need to support our security strategy as we grow.” - Walter Burge, Lumosity Claim your free trial
| |
The National Health Service was the most impersonated national agency by hackers in the U.K. in 2022. The statistic was published as part of an annual report by the National Cyber Security Centre. More: - The statistics were extracted from the Suspicious Email Reporting Service, a popular tool the agency provides to internet users in the U.K., where they can report any cybersecurity incidents they've had.
- The service, launched in 2019, has received 15.8 million reports and has resulted in 198,500 takedowns.
- Over 6 million reports were sent in 2022 alone.
- The NHS was followed by other agencies such as:
- TV Licensing,
- HM Revenue & Customs (HMRC),
- Gov.uk, Driver and Vehicle License Agency (DVLA),
- Ofgem (energy regulator).
| |
Quick Hits: - This year, try a resolution that sticks — going to therapy with BetterHelp. Save 25% off your first month.*
- NATO has signed $31M worth of contracts with IBM Belgium and King ICT Croatia to boost its cybersecurity infrastructure.
- A new hacking campaign is targeting cybersecurity professionals by pretending it can provide them with a popular hacking tool known as Flipper Zero for a convenient price. The scammers are asking for payment in cryptocurrency.
- A hospital in Romania has been breached by hackers. The unknown threat actor is asking for 3 Bitcoin as ransom in exchange for the decryption of the hospitals' servers.
- A U.S.-based individual who conspired to steal aviation trade secrets from GE and sell them to China has been sentenced to 24 months in prison. The Chinese national worked at a GE plant from 2008 to 2018.
*This is sponsored content.
| |
Upcoming events at Inside: - January 05 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 06 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 10 - Inside Startups Coffee Break (Register Here)
- January 17 - Inside Marketing Coffee Break (Register Here)
- January 18 - Inside Interview with Lacework - 4 Common Attack Paths in Cloud Security (Register Here)
- January 31 - Growth Summit 2023 (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
Automatically find, classify, and protect the cloud data that matters most to you with SmallID. | |
