Cyber Bites

Academics from the University of Oxford and Armasuisse S+T have identified a novel attack technique targeting the widely-used Combined Charging System (CCS). They say the method could potentially disrupt the ability to charge electric vehicles at scale. The "Brokenwire" attack method meddles with the control communications between the vehicle and charger, wirelessly aborting charging from as far as 47m away. Researchers explained: "While it may only be an inconvenience for individuals, interrupting the charging process...

Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID numbers, phone numbers and home and email addresses. Fortunately, it does not seem as if financial information was stolen. Iberdola...

Trezor, who manufacture hardware devices designed to store digital currency, has warned its customers not to reply to official-looking emails after identifying a convincing phishing campaign. Several customers complained to Trezor's twitter account over the weekend to complain about a scam email claiming that a data breach had hit over 100,000 customers. The email reportedly told customers that a "malicious actor" had successfully compromised Trezor Suite servers and accessed their wallets. In the email, scammers...

New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees. The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA. An insider threat is defined by Imperva as originating from “inappropriate use of legitimate authorised user accounts” by either their...

Jeremy Fleming, the head of GCHQ, has praised the new government counter-disinformation cell focused on Kremlin propaganda. Fleming spoke at the Australian National University in Canberra yesterday, arguing that President Putin had massively miscalculated his invasion Ukraine. He revealed that Russian soldiers are “refusing to carry out orders, sabotaging their own equipment and even accidentally shooting down their own aircraft." Fleming has also argued that Ukraine's social-savvy President Zelensky has inspired information campaigns worldwide with...

Hackers breached the IT systems of  Illuminate Education in January, gaining access to the personal data of around 820,000 current and former New York City public school students. Illuminate Education is a taxpayer funded software based in California. It is best known for creating the widely-used IO classroom,Skedula and PupilPath platforms, current used by New York City's Department of Education to log attendance and grades. The Department announced the hack on Friday, revealing that information dating back...

A new critical remote code execution bug, dubbed "SpringShell" by some in the community, has been identified by security researchers. The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer. Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to perform logging, and anyone using software built on Spring, which is a large population of enterprise Java software.” “It stems...

Researchers at Lacework have revealed that the Log4Shell vulnerability was exploited as an initial attack vector in 31% of cases monitored by the company over the past six months. The software vendor’s latest Lacework Cloud Threat Report highlights typical risks in today's digital landscape. The findings confirm what security experts suspected, that the Log4j bug was used extensively by threat actors since its emergence in December last year. “Over time, we watched scanning activity evolve into more...

The National Cyber Security Centre (NCSC) of the UK has urged organisations to reconsider the risks associated with "Russian-controlled" parts of their supply chains. Ian Levy, technical director of the NCSC argued that "Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. We also have hacktivists on each side, further complicating matters, so the overall...

Sky Mavis' Ronin Network, which supports its Axie Infinity game, has suffered the largest cryptocurrency theft in history. The organisation announced yesterday that the Ronin network had been hacked to the tune of 173,000 Ethereum, or roughly $594 million, and $25 million in US dollars. Comparitech has ranked the incident as the largest crypto-heist of all time.