EUVD-2017-18594

Malware in sbrugna...

EUVD-2017-4234

Malware in sbrugna...

EUVD-2017-4236

Malware in sbrugna...

A week in security (August 19 – August 25)

Last week on Malwarebytes Labs: Millennials’ sense of privacy uniquely tested in romantic relationships Hacked GPS tracker reveals location data of customers "We will hold them accountable": General Motors sued for selling customer driving data to third parties Why you need to know about ransomwa...

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...

Texas Sues GM for Collecting Driving Data without Consent

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN: In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to "collect, record, analyze, and transmit highly detailed driving data...

Long Article on GM Spying on Its Cars’ Drivers

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them--and then sold that data to insurance companies...

CVE-2023-39076

Injecting random data into the USB memory area on a General Motors GM Chevrolet Equinox 2021 Software. 2021.03.26 build version vehicle causes a Denial of Service DoS in the in-car infotainment system...

CVE-2023-39076

Injecting random data into the USB memory area on a General Motors GM Chevrolet Equinox 2021 Software. 2021.03.26 build version vehicle causes a Denial of Service DoS in the in-car infotainment system...

CVE-2023-39076

CVE-2023-39076 affects General Motors/GM Chevrolet Equinox 2021 software (build 2021.03.26). The vulnerability arises from injecting random data into the USB memory area, causing a Denial of Service (DoS) in the in-car infotainment system. The available documents do not provide explicit exploit c...

CVE-2023-39076

Injecting random data into the USB memory area on a General Motors GM Chevrolet Equinox 2021 Software. 2021.03.26 build version vehicle causes a Denial of Service DoS in the in-car infotainment system...

CVE-2023-28885

The MyLink infotainment system build 2021.3.26 in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service temporary failure of Media Player functionality via a crafted MP3 file...

CVE-2023-28885

The MyLink infotainment system build 2021.3.26 in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service temporary failure of Media Player functionality via a crafted MP3 file...

CVE-2023-28885

CVE-2023-28885 affects the MyLink infotainment system in GM Chevrolet Equinox 2021 (build 2021.3.26). The vulnerability allows a crafted MP3 file to trigger a denial of service, causing a temporary failure of Media Player functionality. The issue is driven by the MP3 input handling in the affecte...

Exploits and TrickBot disrupt manufacturing operations

September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021...

General Motors suffers credential stuffing attack

American car manufacturer General Motors GM says it experienced a credential stuffing attack last month. During the attack customer information and reward points were stolen. The subject of the attack was an online platform, run by GM, to help owners of Chevrolet, Buick, GMC, and Cadillac vehicle...

Lazarus Targets Job-Seeking Engineers with Malicious Documents

The notorious Lazarus advanced persistent threat APT group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for...

RSAC 2020: GM's Transportation Future Hinges on Cybersecurity

SAN FRANCISCO — General Motors is working on self-driving cars, cars that monitor heart rates and other vital functions, zero-emission vehicles and more – all underpinned by exceedingly complex coding and relying on ubiquitous connectivity. But there’s a problem. The cyber-talent gap is hitting t...

General Motors collected location & radio listening habits data of 90,000 drivers

By Waqas The listening habits of around 90,000 drivers of General Motors in Chicago and Los Angeles were monitored by the company for three months in 2017 under its radio-tracking program. The Detroit Free Press reported later released a report that General Motors was involved in targeted...

General Motors and Shanghai OnStar iOS Client Man-in-the-Middle Attack Vulnerability

General Motors GM and Shanghai OnStar SOS iOS Client is an iOS-based application for making SOS distress calls for drivers in the event of a motor vehicle collision. A security vulnerability exists in the GM and SOS iOS Client version 7.1. The vulnerability can be exploited by an attacker to...