CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Hacking Hondas

Security researchers found a security flaw called Rolling-PWN in many modern Honda models. This vulnerability causes replay attacks, where hackers can intercept the codes from the keyfob to the car, and allow many of these vehicles to be unlocked or started remotely. Various models made between 2020 and 2022 are affected, along with the older 2012 Honda Civic. Honda in response has confirmed that while the hack can work, the conditions need to be specific. The hacker would need to be very close to the vehicle and capture the transmission multiple times to unlock the vehicle, but they wouldn’t be able to drive it away.

Bandai Namco Hacked

The publisher behind the hit game Elden Ring confirmed that they suffered a cyberattack, where the internal systems of several group companies in Asian regions outside of Japan were exposed. This release came after the ALPHV ransomware group took credit for the attack, which hasn’t leaked the data as yet, which is said to contain customers’ personal information and corporate data.

Vulnerable WordPress Plugin

Threat actors are actively scanning WordPress sites for the vulnerable Kaswara Modern WPBakery Page Builder plugin. The vulnerability, tracked as CVE-2021-24284, allows files to be uploaded to sites without authentication, allowing them to be taken over by the attackers. Any admins with sites using the plugin should remove it immediately.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master)