Hackers Breach Oracle and DDoS Attack Aussie Census Bureau; Researchers Find Bug in Keyless Cars

From NextGov:

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Russian Cybercrime Group Linked to Breach of Oracle Credit Card Sales System

A Russian cybercrime group may have breached Oracle’s point-of-sale system, putting at risk a considerable amount of credit card numbers.

Initially, Oracle thought the breach was limited to a few computers and servers in its retail business but found that 700 systems were infected with malicious code, according to KrebsOnSecurity. The breach included Oracle’s MICROS division, which supports more than 330,000 cash registers globally.

The scope of the damage isn’t clear. The breach may have allowed the group to upload malware on to point-of-sales systems, according to Wired.

Oracle said it had “detected and addressed malicious code in certain legacy MICROS systems” and clarified its corporate networks and other cloud offering were not affected. All of Oracle’s MICROS customers will have to change their passwords.

100M Volkswagens Can Be Hacked Wirelessly

Keyless cars manufactured by the Volkswagen group since 1995 may be unlocked wirelessly, according to new research.

“We show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys,” wrote a research team of University of Birmingham and Kasper & Oswald computer scientists. The team presented its findings at the USENIX Security Symposium in Austin, Texas, last week.

Using $40 worth of easily available radio hardware, the team intercepted the signals the driver’s key fob sends to the vehicle. Every time a driver uses a fob, the signal includes a unique vehicle specific number. By combining that vehicle-specific number with one of the four “master” crytographic keys they identified, researchers were able to unlock various makes and models.

The researchers didn’t disclose their exact technique, but did inform the VW Group, which acknowledged the vulnerabilities, …

Continue Reading