October 23, Softpedia – (International) CCTV cameras hijacked to form worldwide DDoS botnet. Security researchers from Incapsula discovered that hackers had used brute-force attacks to compromise over 900 closed circuit television (CCTV) cameras running the BusyBox operating system (OS) and install malware derived from ELF_BASHLITE to launch distributed denial-of-service (DDoS) attacks using Hypertext Transfer Protocol (HTTP) GET request floods. One device was recorded sending over 20,000 HTTP requests per second. Source
October 23, Threatpost – (International) Joomla update patches critical SQL injection vulnerability. Joomla developers released an update to its content management system (CMS) addressing a Structured Query Language (SQL) injection vulnerability which could allow an attacker to gain access to data in a website’s backend, due to code in a Hypertext Preprocessor (PHP) file in Joomla’s Administrator folder. The update also addressed two sets of inadequate access control list (ACL) checks that could have allowed potential read access to restricted data. Source
October 23, Softpedia – (International) Internet-connected cars can be tracked by anyone, not just governments. A researcher from Security Innovation and the University of Twente discovered that smart cars using V2X technology could have their locations tracked using $550 Wi-Fi sniffers that have digital signatures unique to each vehicle. The National Highway Traffic Safety Administration and European authorities proposed that V2X transmitters utilize pseudonyms for vehicles to enhance security. Source