Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity vulnerability. Show all posts
cybersecurity vulnerability
Critical Exploits Critical Vulnerability CVE CVE exploits CVE vulnerability CVEs Cyber Security cybersecurity vulnerability

New runC Vulnerabilities Expose Docker and Kubernetes Environments to Potential Host Breakouts

 

Three newly uncovered vulnerabilities in the runC container runtime have raised significant concerns for organizations relying on Docker, Kubernetes, and other container-based systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were disclosed by SUSE engineer and Open Container Initiative board member Aleksa Sarai. Because runC serves as the core OCI reference implementation responsible for creating container processes, configuring namespaces, managing mounts, and orchestrating cgroups, weaknesses at this level have broad consequences for modern cloud and DevOps infrastructure. 

The issues stem from the way runC handles several low-level operations, which attackers could manipulate to escape the container boundary and obtain root-level write access on the underlying host system. All three vulnerabilities allow adversaries to redirect or tamper with mount operations or trigger writes to sensitive files, ultimately undoing the isolation that containers are designed to enforce. CVE-2025-31133 involves a flaw where runC attempts to “mask” system files by bind-mounting /dev/null. If an attacker replaces /dev/null with a symlink during initialization, runC can end up mounting an attacker-chosen location read-write inside the container, enabling potential writes to the /proc filesystem and allowing escape. 

CVE-2025-52565 presents a related problem involving races and symlink redirection. The bind mount intended for /dev/console can be manipulated so that runC unknowingly mounts an unintended target before full protections are in place. This again opens a window for writes to critical procfs entries, providing an attacker with a pathway out of the container. The third flaw, CVE-2025-52881, highlights how runC may be tricked into performing writes to /proc that get redirected to files controlled by the attacker. This behavior could bypass certain Linux Security Module relabel protections and turn routine runC operations into dangerous arbitrary writes, including to sensitive files such as /proc/sysrq-trigger. 

Two of the vulnerabilities—CVE-2025-31133 and CVE-2025-52881—affect all versions of runC, while CVE-2025-52565 impacts versions from 1.0.0-rc3 onward. Patches have been issued in runC versions 1.2.8, 1.3.3, 1.4.0-rc.3, and later. Security researchers at Sysdig noted that exploiting these flaws requires attackers to start containers with custom mount configurations, a condition that could be met via malicious Dockerfiles or harmful pre-built images. So far, there is no evidence of active exploitation, but the potential severity has prompted urgent guidance. Detection efforts should focus on monitoring suspicious symlink activity, according to Sysdig’s advisory. 

The runC team has also emphasized enabling user namespaces for all containers while avoiding mappings that equate the host’s root user with the container’s root. Doing so limits the scope of accessible files because user namespace restrictions prevent host-level file access. Security teams are further encouraged to adopt rootless containers where possible to minimize the blast radius of any successful attack. Even though traditional container isolation provides significant security benefits, these findings underscore the importance of layered defenses and continuous monitoring in containerized environments, especially as threat actors increasingly look for weaknesses at the infrastructure level.
Read more »
Modern Vehicles
autonomous vehicles car tracking Cyber Security cyberattacks on transportation cybersecurity vulnerability Hacker attack Modern Vehicles

Why Oslo’s Bus Security Tests Highlight the Hidden Risks of Connected Vehicles

 

Modern transportation looks very different from what it used to be, and the question of who controls a vehicle on the road no longer has a simple answer. Decades ago, the person behind the wheel was unquestionably the one in charge. But as cars, buses, and trucks increasingly rely on constant connectivity, automated functions, and remote software management, the definition of a “driver” has become more complicated. With vehicles now vulnerable to remote interference, the risks tied to this connectivity are prompting transportation agencies to take a closer look at what’s happening under the hood. 

This concern is central to a recent initiative by Ruter, the public transport agency responsible for Oslo and the surrounding Akershus region. Ruter conducted a detailed assessment of two electric bus models—one from Dutch manufacturer VDL and another from Chinese automaker Yutong—to evaluate the cybersecurity implications of integrating modern, connected vehicles into public transit networks. The goal was straightforward but crucial: determine whether any external entity could access bus controls or manipulate onboard camera systems. 

The VDL buses showed no major concerns because they lacked the capability for remote software updates, effectively limiting the pathways through which an attacker could interfere. The Yutong buses, however, presented a more complex picture. While one identified vulnerability tied to third-party software has since been fixed, Ruter’s investigation revealed a more troubling possibility: the buses could potentially be halted or disabled by the manufacturer through remote commands. Ruter is now implementing measures to slow or filter incoming signals so they can differentiate between legitimate updates and suspicious activity, reducing the chance of an unnoticed hijack attempt. 

Ruter’s interest in cybersecurity aligns with broader global concerns. The Associated Press noted that similar tests are being carried out by various organizations because the threat landscape continues to expand. High-profile demonstrations over the past decade have shown that connected vehicles are susceptible to remote interference. One of the most well-known examples was when WIRED journalist Andy Greenberg rode in a Jeep that hackers remotely manipulated, controlling everything from the brakes to the steering. More recent research, including reports from LiveScience, highlights attacks that can trick vehicles’ perception systems into detecting phantom obstacles. 

Remote software updates play an important role in keeping vehicles functional and reducing the need for physical recalls, but they also create new avenues for misuse. As vehicles become more digital than mechanical, transit agencies and governments must treat cybersecurity as a critical aspect of transportation safety. Oslo’s findings reinforce the reality that modern mobility is no longer just about engines and wheels—it’s about defending the invisible networks that keep those vehicles running.
Read more »
Hacking
car tracking Cyber Security cybersecurity vulnerability dealership portal exploit Hacking

White-Hat Hacker Exposes Car Dealership Portal Flaw That Allowed Vehicle Unlocking and Tracking

 

Imagine being able to track any car in real time, find out exactly where it’s parked, and then unlock it using just your phone. Not only that, but you could cancel car shipments or access sensitive customer data—all without ever setting foot inside a dealership. Sounds like a scene from a cyber-thriller, right? Except this actually happened, thanks to a security loophole in a major car manufacturer’s dealership portal.

Fortunately, the person who uncovered this alarming vulnerability wasn’t a criminal but cybersecurity researcher Eaton Zveare. According to TechCrunch, Zveare stumbled upon the issue during what he described as a “weekend project,” when he discovered “two simple API vulnerabilities” within the portal. Although he didn’t reveal the automaker’s name, he did confirm that it’s a “famous brand with several sub-brands.”

By exploiting the flaw, Zveare was able to grant himself administrator-level access—the highest permissions possible. That meant he could view sensitive buyer information such as names, addresses, financial details, and even VIN numbers of vehicles parked on the street. More alarmingly, he could track rental and courtesy cars in real time and remotely unlock vehicles linked to the system. He even had the ability to cancel car shipments to more than 1,000 dealerships across the U.S.

This kind of car hacking vulnerability isn’t new. In January, Subaru faced a similar exposure, raising further concerns about the growing risks of connected car technology.

As Zveare noted, the smarter and more connected vehicles become, the greater the potential for hackers to exploit weak links. Modern car apps already let owners locate, track, and unlock their vehicles remotely—but when that same access falls into the wrong hands, it poses a massive cybersecurity threat to the automotive industry.

This isn’t Zveare’s first big discovery. In 2023, he gained access to Toyota Mexico’s customer data and, shortly before that, infiltrated Toyota’s global supplier management network—a critical system for its supply chain. He later described that flaw as “one of the most severe vulnerabilities I have ever found.”

The silver lining? Zveare responsibly reports all vulnerabilities to companies before going public, giving them time to fix the issues. He first identified the dealership portal exploit in February, and the problem has since been resolved.

Still, his findings highlight a sobering reality: if one researcher can uncover these flaws, malicious hackers may already be exploiting others that remain undiscovered.

So, while you might think locking your car is enough, in the age of connected vehicles and remote access hacks, that may no longer be the case.
Read more »
software vulnerabilities
ATM Cyber Security Cybersecurity measures cybersecurity vulnerability Encryption Software Updates software vulnerabilities

The Expanding PKfail Vulnerability in Secure Boot and Its Alarming Impact

 

The PKfail vulnerability in Secure Boot has grown into a far-reaching security threat, affecting thousands of devices across multiple sectors. Originally believed to be a limited issue, it arises from manufacturers releasing hardware with known compromised software, allowing unauthorized software to bypass Secure Boot encryption. Even after the initial leak of the Secure Boot encryption code in 2022, manufacturers continued to distribute devices with compromised security, and some even included warnings like “DO NOT TRUST” in the firmware. 

The original discovery indicated that devices from top manufacturers such as Dell, Acer, and Intel were compromised. However, recent investigations have expanded the list to include other major brands like Fujitsu, Supermicro, and niche producers like Beelink and Minisforum. Alarmingly, the list of impacted devices has grown to nearly four times its original size, now encompassing around a thousand models of laptops, desktops, and other x86-based hardware. What’s more concerning is that the PKfail vulnerability isn’t limited to standard consumer devices. It extends to enterprise servers, point-of-sale systems, gaming consoles, ATMs, and even medical and voting machines. 

These revelations indicate that the Secure Boot vulnerability has a much wider reach, exposing critical infrastructure to potential attacks. According to Binarly’s detection tool, this breach affects numerous industries, making it a significant cybersecurity risk. The challenge of exploiting Secure Boot remotely is substantial, often requiring advanced skills and resources, making it a tool primarily used by hackers targeting high-profile individuals or organizations. It’s particularly relevant for high-net-worth individuals, government agencies, and large corporations that are more likely to be the targets of such sophisticated attacks. 

State-sponsored hackers, in particular, could leverage this vulnerability to gain unauthorized access to confidential data or to disrupt critical operations. Addressing the PKfail vulnerability requires immediate action, both from manufacturers and end-users. Device manufacturers must issue firmware updates and improve their security practices to ensure their hardware is protected against such threats. Meanwhile, organizations and individual users should regularly check for software updates, apply patches, and implement stringent cybersecurity measures to minimize the risk of exploitation. 

The PKfail incident underscores the critical importance of cybersecurity vigilance and reinforces the need for robust protection measures. As cyber threats continue to evolve, organizations and individuals alike must stay informed and prepared to defend against vulnerabilities like PKfail.
Read more »
Unsaflok flaw
Cyber Security cybersecurity vulnerability Hacking Risk Hotel door security hotel room access Unsaflok flaw

This Security Flaw Enables Hackers to Unlock Millions of Hotel Doors

 

Researchers have unveiled vulnerabilities impacting approximately 3 million Saflok electronic RFID locks found in 13,000 hotels and homes globally, which could potentially enable unauthorized access to any door in a hotel by creating fake keycards.

Discovered by a team of researchers including Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, shell, and Will Caruana in September 2022, these security flaws, dubbed "Unsaflok," were brought to light during a private hacking event in Las Vegas. At the event, various teams competed to identify vulnerabilities within a hotel room and its associated devices. The researchers focused on scrutinizing the Saflok electronic lock system and uncovered flaws that could compromise the security of any door in the hotel.

After notifying the manufacturer, Dormakaba, of their findings in November 2022, the researchers allowed time for the vendor to address the issues and inform affected hotels without publicizing the matter.

Despite no confirmed instances of exploitation in the wild, the researchers caution that these vulnerabilities have existed for over 36 years, raising concerns about potential misuse. The researchers publicly disclosed the Unsaflok vulnerabilities, alerting the public to their impact on nearly 3 million doors utilizing the Saflok system.

The Unsaflok vulnerabilities involve a series of exploits that, when combined, allow an attacker to unlock any door using a pair of counterfeit keycards. This attackThe Unsaflok vulnerabilities involve a series of exploits that, when combined, allow an attacker to unlock any door using a pair of counterfeit keycards. This attack method requires the attacker to obtain method requires the attacker to obtain one legitimate keycard from the property, which can include their own room keycard. 

By reverse-engineering Dormakaba's front desk software and lock programming device, the researchers were able to spoof a master key capable of opening any room. Creating forged keycards involves cracking Dormakaba's key derivation function and utilizing readily available tools such as Proxmark3, Flipper Zero, or an NFC-enabled Android smartphone.

Affected Saflok models include Saflok MT, Quantum Series, RT Series, Saffire Series, and Confidant Series managed by System 6000 or Ambiance software. These models are deployed in 13,000 properties across 131 countries, with Dormakaba actively working on mitigations. However, the process is complex and time-consuming, with only 64% of locks upgraded as of March 2024.

While Dormakaba issued a statement acknowledging the vulnerability and their efforts to address it, the researchers stress the importance of heightened awareness among hotel staff and guests. Measures such as auditing entry/exit logs and using the NFC Taginfo app to check keycard types can help detect potential vulnerabilities. The full details of the Unsaflok attack will be shared once the remediation efforts reach satisfactory levels.
Read more »
Subscribe to: Comments (Atom)