Toyota T-Connect Database Exposed

On October 7, 2022, Toyota Motor Corporation made an announcement that the personal information of approximately 296,000 consumers had been compromised.

The Toyota T-Connect system enables owners of Toyota automobiles to link their cell phones to their vehicles. By doing so, users can monitor the status of their engines, listen to music, navigate, and track fuel consumption.

Recently, Toyota discovered that a source code section was published on GitHub. Included in the source code were access keys to the T-Connect data server.

Anyone possessing these keys could gain access to the T-Connect data server. The data server stores customers’ email addresses when they register through the T-connect application. Due to this, unauthorized third parties could access the records of customers between December 2017 and September 2022.

The database keys were updated on September 17, 2022, to prevent any other unauthorized access.

The compromised information did not include the consumers’ personal information, such as their names, credit card numbers, or phone numbers.

In addition, Toyota issued an apology for any inconvenience caused by the improper handling of customer information and stated that a subcontractor was responsible for the mistake.

There are no indications that data has been misused. However, the Japanese automobile manufacturer cannot rule out the possibility of the information being accessed and stolen.

T-Connect users enrolled between July 2017 and September 2022 are cautioned to avoid accepting email attachments from unknown senders. Threat actors may attempt to commit phishing attacks by posing as Toyota officials.

Firefox 106 Update: What’s New and Improved

On October 18, 2022, Firefox 106 Stable and Firefox 102.4 ESR were released to the public.

New features

A new Colorways theme, Firefox view, PDF editing, text recognition, and extraction on macOS are all included in the most recent Firefox Stable release.

While Firefox 106 introduces several brand-new features, the version also resolves security concerns. Mozilla corrected six unique vulnerabilities in Firefox 106 and four vulnerabilities in Firefox 102.4 ESR.

Firefox view

One of the most notable new features is Firefox view. The accessibility of previously opened tabs in the web browser is improved with Firefox view. However, Firefox view also enables users to access tabs from desktop or Android Firefox browsers. This distinct feature will allow users to switch between devices, making it a more convenient browsing experience. Firefox View has three sections: Tab pickup, Recently closed, and Independent voices. However, if consumers are not interested in Firefox View, it is simple to disable it. Users can right-click the Firefox symbol in the browser’s upper left corner and select “Remove from Toolbar.”

Tab Pickup

A Firefox account is necessary to use the tab pickup function. Mozilla uses Firefox Sync to display recently visited pages on other devices within this section. The title, favicon, URL, time stamp, and name of the device the user used to view the tab are all displayed. Additionally, a context menu is visible by right-clicking on a tab. This capability also imports tabs from previous versions of Firefox on the same device. This unique feature allows users to pick up where they left off reading from their phone, tablet, or computer.

Recently Closed

The recently closed section displays the most recent tabs that have been closed in the current window. Details about the closed tab are shown here, such as its title, URL, favicon, and timestamp. Unfortunately, there is no ability to conceal specific closed tabs. However, the arrow button allows you to collapse the recently closed tabs section.

Users can also recover closed tabs by left-clicking. This functionality is helpful if users mistakenly close a tab. However, because recently closed tabs are not synced between devices, Firefox will only show the tabs that were closed in the current browser. Therefore, when users close a tab and exit the browser, the tab is not recoverable through the recently closed section.

Colorways

Firefox users can alter themes, set intensity, and apply themes with one click by enabling Colorways to provide a customizable browsing experience. There are eighteen new themes currently available through January 16, 2023.

PDF Viewer

Firefox’s built-in PDF viewer supports basic PDF editing with version 106 Stable. In addition, the integrated options allow users to write, draw, and add signatures to PDF documents opened in Firefox.

Features for macOS

Users of macOS 10.15 (Catalina) or later can benefit from text recognition and extraction. Unfortunately, the feature currently only supports English on macOS 10.15. However, macOS 11.0 (Big Sur) or later support a more comprehensive range of languages. Users can right-click the image and select “Copy Text from Image.”

Following the text recognition prompt, a modal box with a loading animation will analyze the text in the image and automatically copy the text. Additionally, VoiceOver is also compatible with text recognition.

Developers

In the 106 release, Mozilla made sure to include improvements for developers.

Developers can expect several new features, including improvements to the WebRTC platform and manifest key properties. In addition, the upgrade improves screen sharing on Windows and Linux Wayland, lowers CPU usage, and increases macOS screen capture FPS.

Update

Most versions of Firefox will update automatically. However, users can see what version of Firefox they are using by going to the menu and selecting Help > About Firefox and manually upgrade. As of right now, the release date for Firefox 107 Stable is November 11, 2022.

Overall, Firefox 106 adds a slew of new features and enhancements for all users. Whether you’re a casual user or a developer, this update has something for everyone. Check out all of the new features that Firefox has to offer.

 

Personal Information Compromised in City of Tucson Data Breach

 In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month.

As detailed in the notification addressed to those impacted by the data breach, an attacker infiltrated the city’s network and exfiltrated a large number of sensitive files.

Between May 17 and May 31, the threat actors obtained access to the network and stole essential documents containing the personal information of over 123,000 people.

The data breach notification states, “On May 29, 2022, the City learned of suspicious behavior using a user’s network account credentials.” Additionally, “On August 4, 2022, the City discovered that certain files may have been copied and removed from its network.”

The city disclosed in a separate notice, “On September 12, this review concluded, and the review determined that the information at issue included certain personal information.”

The city began contacting potentially affected individuals on September 23, informing them that the attackers may have gained access to their names and Social Security numbers, among the sensitive personal information exposed during the incident.

The notification letters issued to the affected individuals also stated that, at the moment, there’s no proof of personal data being used for fraudulent activities.

Affected individuals are encouraged to monitor their credit reports for any unusual activities that may point to identity theft or fraud using their personal information.

For those affected, the city is giving free credit monitoring and identity protection services from Experian for an entire year, as well as advice on how to avoid being a victim of identity theft.

The city is committed to protecting residents’ personal information as it continues to review its existing policies and procedures regarding cybersecurity and evaluate additional measures and safeguards to protect against this type of event.

Akamai Finds 13 Million Malicious Domains Each Month

According to a new Akamai analysis, the company’s experts classified about 79 million domains as dangerous in the first half of 2022; based on a NOD (newly observed domain) dataset, this is about 13 million malicious domains per month, representing 20.1% of all the successfully resolved NODs.

According to Akamai, a NOD is any domain queried for the first time in the last 60 days. And by “malicious,” it means a domain name that leads to a site meant to phish, spread malware or do some other kind of damage online.

Akamai said, “[The NOD dataset] is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale.” The company observes about 12 million new NODs daily, of which slightly more than 2 million are successfully resolved.

The organization uses relatively simple procedures to determine whether a domain is harmful or not. With the assistance of the larger cybersecurity community, Akamai compiled a 30-year predictive list of known domain generation algorithms (DGAs) that may be used to detect domains registered with DGAs.

Since DGA domains may be created in quantity for even temporary campaigns, hackers frequently use them to distribute malware and host phishing pages. Think of DGAs as places on the internet where malware and other things can meet up and use them.

According to the company, most of Akamai’s malicious domain detections come from the “more than 190 NOD-specific detection criteria” it employs for NOD-based detection. They also mentioned that among the 79 million malicious NODs it discovered in the first half of the year, there were only 0.00042 percent false positives.

There are other options than Akamai’s NOD detection, such as Cisco’s “newly seen domain” detection system, which scans DNS data and alerts users to potentially dangerous websites.

Although it’s unclear how those services stack up against Akamai’s, their end objectives seem to be comparable and indicate that NODs are a well-known security issue that other businesses are seeking to address.

Lyft and Argo Bring Autonomous Vehicle Rides to Austin

Lyft is now launching autonomous robotaxi trips in Austin, Texas. Argo AI will power Ford’s autonomous driving vehicles.

According to a blog post by the company, Austin users can choose a driverless commute directly from the Lyft app for the same price as a regular Lyft ride. Customers can start the ride, unlock the doors, and get in touch with customer service via the app. At first, that might seem strange, especially considering that two people in the driver’s and passenger’s seats will monitor the journey for safety.

After Miami and Las Vegas, Austin is the third city where Lyft offers autonomous rides. In December 2021, the company started providing rides in Miami. As part of a partnership between the three businesses announced in July 2021, these rides also utilize Argo AI technology on Ford automobiles.

The announcement by Lyft and Argo of a launch in Austin was anticipated; the two companies, along with Ford, had previously announced a plan to introduce at least 1,000 autonomous vehicles on Lyft’s network over the course of five years, beginning in Austin and Miami. However, the launch moved faster since leading rival Cruise announced intentions to introduce its autonomous transportation service in Austin before the year.

Lyft and Argo have generally avoided Cruise’s home city of San Francisco, where rivals like Waymo and Zoox have concentrated their resources, and Cruise debuted a fully autonomous commercial ride-hailing service this summer. Instead, the businesses have focussed on other American cities with less rivalry.

In Las Vegas, Lyft and Motional also unveiled a fleet of fully electric robotaxis. In addition, Argo is conducting live tests in seven locations worldwide, including Hamburg, Germany, Washington, D.C., Pittsburgh, Detroit, and Palo Alto.

During the launch, two people in the driver’s and passenger’s seats will monitor the journey for safety on behalf of the company.

According to Lyft, removing the driver would depend on safety performance statistics, an appropriate amount of public approval, and regulations.