▲ Picture source Pexels

According to Contec’s official website, these solar panels have been installed in about 30,000 locations. The panels are part of Contec’s SolarView system, which actively monitors solar farms, so each solar panel is a veritable IoT device.

The vulnerability discovered this time and more than 20 others form a variant of the Mirai botnet described by Palo Alto Networks. First discovered in 2016, the Mirai botnet has ample potential for damage due to the rise of IoT devices, and it still shows no signs of slowing down.

It is found that in addition to Contec, other IoT devices with vulnerabilities also involved many well-known manufacturers such as TP-Link, Netgear, MediaTek, Tenda, etc., from routers to CCTV cameras, to solar energy Battery boards and various IoT devices have potential safety hazards.

Palo Alto Networks also stated that due to the low frequency of firmware updates of IoT devices and the low willingness of users to actively update, many devices may still be running old firmware many years ago, which will further increase the risk of IoT devices encountering cyber attacks .

The post Solar panels also have security flaws that could be used by hackers in cyberattacks appeared first on TechGoing.

The report that the number of malicious emails was 52.3 million, down 7% sequentially and 13% year-over-year.

In the report, Vade said a new phishing campaign was detected in March of this year that combined multiple sophisticated techniques to steal victims’ cryptocurrency wallets.

The campaign uses Google Translate to bypass detection by email security tools, uses JavaScript and CSS to obfuscate phishing pages, and uses the Interplanetary File System (IPFS) decentralized network to host phishing kits.

The post 562.4 million phishing emails were reported in 1Q 2023, a 102% increase from the previous quarter appeared first on TechGoing.

They call this vulnerability Rolling-PWN.

The basic concept of Rolling-PWN is similar to the attacks we’ve seen before against Volkswagen and Tesla and other devices where someone uses a radio device to record a legitimate radio signal from a key fob and then transmits it to the car. This is called a replay attack, and if you think it should be possible to defend against this attack with some sort of cryptography then you are right. In theory, many modern cars use a rolling key system, which basically means that each signal only works once; when the button is pressed to unlock the car, the car is unlocked and that exact signal should not be unlocked again.

But as Jalopnik points out, not every recent Honda car has this level of protection. The researchers also found vulnerabilities, and surprisingly, recent Honda cars (especially 2016 through 2020 Civics) instead use an unencrypted signal that doesn’t change. Even those cars with the rolling code system – including the 2020 CR-V, Accord, and Odyssey – could be vulnerable to the recently discovered attack. stumpf even used the vulnerability to fool a 2021 Accord, whose remotely turned on the car’s engine and unlocked it.

Honda told The Drive, however, that the security systems it installs in its key fobs and cars do not allow the vulnerabilities described in the report to be implemented. In other words, the company says such an attack couldn’t happen – but apparently, it somehow exists.

According to the Rolling-PWN website, this attack worked because it was able to resynchronize the car’s code counter, meaning it would accept the old code – basically because the system was built with some tolerance so its security system could be defeated. The site also claims that it affects all existing Honda cars currently on the market, though it says they’ve actually only tested it on a handful of models.

And more worryingly, the site suggests that other brands of cars are also affected, but is vague on the details.

The post Security Researchers Find Vulnerability That Could Expose Honda Models to Cyberattacks for the Past Decade appeared first on TechGoing.