.svg)
Electric vehicle (EV) owners should be aware of an emerging cyber threat called 'quishing', which targets public charging stations. This form of phishing involves the use of fraudulent QR codes to mislead users into visiting malicious websites. Cybercriminals place counterfeit QR code stickers over legitimate ones at EV charging points, potentially leading to significant financial loss or the installation of malware on mobile devices.
QR codes are increasingly used for convenience in processing payments and sharing information, but their widespread acceptance has made them an attractive target for cybercrime. When EV owners scan one of these fake codes, they are redirected to a malicious website that mimics a real payment portal. Unsuspecting users may then enter sensitive information, such as credit card details, which the scammers collect for illicit purposes.
How Quishing Works
The vulnerability arises from the high level of trust users place in QR codes, which are often scanned without a second thought. Criminals exploit this by replacing the legitimate codes on charging stations with malicious ones. Users who fall victim to this scam may not only suffer financial losses but could also inadvertently download harmful software onto their devices. This malware could compromise personal data and provide hackers with access to other accounts.
At present, quishing attacks primarily target mobile devices. However, experts warn that as vehicles become more interconnected with digital networks, future attacks may also target the vehicles themselves.
Protection Measures
To safeguard against quishing attacks, EV owners are advised to:
Charging station operators are also taking proactive steps to enhance security, such as implementing tamper-evident QR code stickers and conducting frequent inspections. As the electric vehicle market expands, it is essential to remain vigilant against evolving cyber threats and to ensure robust security measures are in place.
Cisco Systems has issued a critical security advisory addressing a vulnerability in the Cisco Meraki Systems Manager (SM) Agent for Windows. This flaw, identified as CVE-2024-20430, allows authenticated local attackers to execute arbitrary code with elevated privileges. With a Common Vulnerability Scoring System (CVSS) score of 7.3, it is categorised as high severity and presents a significant risk to affected systems.
Vulnerability Details: CVE-2024-20430
The vulnerability arises from incorrect handling of directory search paths at runtime, which permits a low-privilege attacker to exploit the system by placing malicious configuration and Dynamic-Link Library (DLL) files. When the Cisco Meraki SM Agent is launched at startup, these files are executed, potentially granting the attacker SYSTEM-level privileges.
There are no workarounds available for this vulnerability, and users are strongly encouraged to apply the relevant software updates to mitigate the risk. Cisco Meraki has released updates that address the issue, and users should upgrade to Cisco Meraki SM Agent for Windows Release 4.2.0 or later.
This vulnerability exclusively affects the Cisco Meraki SM Agent for Windows. Cisco has confirmed that the SM Agent for Mac is not affected. Users should refer to the Fixed Software section of Cisco’s advisory for details on vulnerable software versions.
Cisco Meraki has provided free software updates to resolve this vulnerability. These updates are available through the Meraki Dashboard, and users must have a valid license to access them. Systems that have Agent Version Control set to the latest version will automatically upgrade to a fixed release.
Cisco also advises customers to routinely consult the Cisco Security Advisories page to stay informed about potential vulnerabilities and to ensure that systems are updated promptly. Following proper firmware practices will ensure compatibility with new releases and maintain system security.
Transport for London (TfL) is currently responding to a cyber incident that has persisted for three days. The organisation has refrained from providing specific details about the breach or its wider implications but has reassured the public that there is no evidence of compromised customer data or disruption to its services.
However, sources suggest that the breach may be linked to TfL’s Cisco VPN, though this remains unconfirmed by the organisation. The incident was identified when suspicious activity was detected during routine network monitoring, prompting TfL to limit both inbound and outbound internet access as a containment measure.
Reports indicate that TfL may have restricted internet access for employees who are working remotely as part of its incident response. The disruption has affected several TfL services, including the contactless and Oyster account login page, which is currently offline for "maintenance." Additionally, other functions such as APIs used for live updates on services like Citymapper are also unavailable.
Some have speculated that the breach may have exploited vulnerabilities in Cisco or Netscaler appliances, though TfL has declined to comment on these claims while the investigation is ongoing. The incident response measures, which include abruptly cutting off access, are often indicative of a reaction to a ransomware attack or a potential data exfiltration attempt.
As required by law, TfL has notified the Information Commissioner’s Office (ICO) about the breach. An ICO spokesperson confirmed that TfL had reported the incident and that the regulator is currently assessing the information provided. Under the General Data Protection Regulation (GDPR), organisations must notify the ICO within 72 hours of discovering a data breach, depending on the severity and impact of the incident.
Contact Periculo for expert cyber security solutions tailored to the digital health industry.
.png)